Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
o3pLoLD7cc

Overview

General Information

Sample Name:o3pLoLD7cc (renamed file extension from none to exe)
Analysis ID:680344
MD5:0d8224c48ed19b05a91a413c69e7b4d3
SHA1:a885be432257d23d63d0ba448ec0cb6950e37370
SHA256:4bd0c1c5a6eb5e3bb2e84db799270248f5467dfb3e6e3b1d8db14887eeecae5e
Tags:32exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Modifies the prolog of user mode functions (user mode inline hooks)
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • o3pLoLD7cc.exe (PID: 980 cmdline: "C:\Users\user\Desktop\o3pLoLD7cc.exe" MD5: 0D8224C48ED19B05A91A413C69E7B4D3)
    • o3pLoLD7cc.exe (PID: 4592 cmdline: C:\Users\user\Desktop\o3pLoLD7cc.exe MD5: 0D8224C48ED19B05A91A413C69E7B4D3)
    • o3pLoLD7cc.exe (PID: 5140 cmdline: C:\Users\user\Desktop\o3pLoLD7cc.exe MD5: 0D8224C48ED19B05A91A413C69E7B4D3)
      • explorer.exe (PID: 3968 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • autoconv.exe (PID: 5184 cmdline: C:\Windows\SysWOW64\autoconv.exe MD5: 4506BE56787EDCD771A351C10B5AE3B7)
        • svchost.exe (PID: 4772 cmdline: C:\Windows\SysWOW64\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)
          • cmd.exe (PID: 5528 cmdline: /c del "C:\Users\user\Desktop\o3pLoLD7cc.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 4784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.barbaramac.com/b30i/"], "decoy": ["rivacustomhomes.com", "foodanddessertblog.com", "ae-pos-package.com", "shantalamarr.com", "bangrey.xyz", "yourjbsaagent.com", "rumoastresamericas.com", "vetlomec.xyz", "israenergy.com", "ibuyjj.xyz", "redlinemuch.net", "plan-hub.site", "kosako.tech", "surowystorms.xyz", "eic.services", "amazoncooperative0.com", "4008630451.com", "fanfanlive.com", "clekgur.com", "3spowersolution.com", "szdispenser.com", "1stchoicemovers.uk", "centexfallenheroes.com", "rlmitte.info", "desertscarabe.xyz", "esco.website", "libertycontractingny.com", "bpcpas.online", "my-ar.style", "aster.tirol", "qingmu555.top", "arihulkkonen.info", "waterworksfields.co.uk", "zrvxr.com", "vfkmachine.com", "sekkocreativ.com", "goldnft.online", "thetrafficlist.com", "finpool.plus", "not-quite-alice.uk", "utblockchain.com", "comp-u-type.com", "inovasaudavel.website", "tlliangjia.com", "escolabr.website", "degenpotatoz.xyz", "miklicrp.city", "cryptocentury.xyz", "freshoutoffucks.net", "freemonoid.tech", "enchant-repining.net", "pvgcorp.com", "theskylights.co.uk", "637z.com", "ibuying.xyz", "nattu.info", "mdhzr.com", "rongan77.top", "xn--educacinenlinea-1rb.com", "abbeywoodlodge.com", "proyectosesbozo.online", "victormartin.xyz", "tind4r.com", "reshu-ekzamen.online"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x5251:$a1: 3C 30 50 4F 53 54 74 09 40
    • 0x1bbb0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x99bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x148a7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x958a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1a917:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1b91a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x17839:$sqlite3step: 68 34 1C 7B E1
    • 0x1794c:$sqlite3step: 68 34 1C 7B E1
    • 0x17868:$sqlite3text: 68 38 2A 90 C5
    • 0x1798d:$sqlite3text: 68 38 2A 90 C5
    • 0x1787b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x179a3:$sqlite3blob: 68 53 D8 7F 8C
    00000016.00000002.507829731.0000000000900000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      Click to see the 29 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      5.0.o3pLoLD7cc.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        5.0.o3pLoLD7cc.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x5451:$a1: 3C 30 50 4F 53 54 74 09 40
        • 0x1bdb0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x9bbf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x14aa7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        5.0.o3pLoLD7cc.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x148a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x149a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x978a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1360c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa483:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1ab17:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1bb1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        5.0.o3pLoLD7cc.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x17a39:$sqlite3step: 68 34 1C 7B E1
        • 0x17b4c:$sqlite3step: 68 34 1C 7B E1
        • 0x17a68:$sqlite3text: 68 38 2A 90 C5
        • 0x17b8d:$sqlite3text: 68 38 2A 90 C5
        • 0x17a7b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17ba3:$sqlite3blob: 68 53 D8 7F 8C
        0.2.o3pLoLD7cc.exe.424f558.9.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          Click to see the 3 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: o3pLoLD7cc.exeVirustotal: Detection: 42%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 5.0.o3pLoLD7cc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.o3pLoLD7cc.exe.424f558.9.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.507829731.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.508959934.0000000002960000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.506902043.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.352084997.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.331404311.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.281181873.000000000424F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Machine Learning detection for sample
          Source: o3pLoLD7cc.exeJoe Sandbox ML: detected
          Source: 5.0.o3pLoLD7cc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.barbaramac.com/b30i/"], "decoy": ["rivacustomhomes.com", "foodanddessertblog.com", "ae-pos-package.com", "shantalamarr.com", "bangrey.xyz", "yourjbsaagent.com", "rumoastresamericas.com", "vetlomec.xyz", "israenergy.com", "ibuyjj.xyz", "redlinemuch.net", "plan-hub.site", "kosako.tech", "surowystorms.xyz", "eic.services", "amazoncooperative0.com", "4008630451.com", "fanfanlive.com", "clekgur.com", "3spowersolution.com", "szdispenser.com", "1stchoicemovers.uk", "centexfallenheroes.com", "rlmitte.info", "desertscarabe.xyz", "esco.website", "libertycontractingny.com", "bpcpas.online", "my-ar.style", "aster.tirol", "qingmu555.top", "arihulkkonen.info", "waterworksfields.co.uk", "zrvxr.com", "vfkmachine.com", "sekkocreativ.com", "goldnft.online", "thetrafficlist.com", "finpool.plus", "not-quite-alice.uk", "utblockchain.com", "comp-u-type.com", "inovasaudavel.website", "tlliangjia.com", "escolabr.website", "degenpotatoz.xyz", "miklicrp.city", "cryptocentury.xyz", "freshoutoffucks.net", "freemonoid.tech", "enchant-repining.net", "pvgcorp.com", "theskylights.co.uk", "637z.com", "ibuying.xyz", "nattu.info", "mdhzr.com", "rongan77.top", "xn--educacinenlinea-1rb.com", "abbeywoodlodge.com", "proyectosesbozo.online", "victormartin.xyz", "tind4r.com", "reshu-ekzamen.online"]}
          Source: o3pLoLD7cc.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: o3pLoLD7cc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: o3pLoLD7cc.exe, 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000005.00000003.278160527.0000000000DD7000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000005.00000003.271094206.0000000000C3C000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.369274175.0000000002E00000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.515761549.000000000311F000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.366219204.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.513005579.0000000003000000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: o3pLoLD7cc.exe, o3pLoLD7cc.exe, 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000005.00000003.278160527.0000000000DD7000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000005.00000003.271094206.0000000000C3C000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.369274175.0000000002E00000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.515761549.000000000311F000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.366219204.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.513005579.0000000003000000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: svchost.pdb source: o3pLoLD7cc.exe, 00000005.00000002.366600044.0000000000B38000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: o3pLoLD7cc.exe, 00000005.00000002.366600044.0000000000B38000.00000004.00000020.00020000.00000000.sdmp

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.nattu.info
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.barbaramac.com/b30i/
          Source: unknownDNS traffic detected: query: www.nattu.info replaycode: Server failure (2)
          Source: o3pLoLD7cc.exe, 00000000.00000003.244630124.0000000006116000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://en.w
          Source: o3pLoLD7cc.exe, 00000000.00000003.243927587.0000000006133000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://en.wikipediaWt
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: o3pLoLD7cc.exe, 00000000.00000003.251143255.0000000006117000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.273323526.0000000006110000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.251497013.0000000006118000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.255020479.000000000611A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: o3pLoLD7cc.exe, 00000000.00000003.251143255.0000000006117000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.251497013.0000000006118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com=
          Source: o3pLoLD7cc.exe, 00000000.00000003.251143255.0000000006117000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.251497013.0000000006118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comO
          Source: o3pLoLD7cc.exe, 00000000.00000003.251143255.0000000006117000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.251497013.0000000006118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comalsX
          Source: o3pLoLD7cc.exe, 00000000.00000003.255020479.000000000611A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.come.com
          Source: o3pLoLD7cc.exe, 00000000.00000003.251143255.0000000006117000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.251497013.0000000006118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comiced
          Source: o3pLoLD7cc.exe, 00000000.00000003.251143255.0000000006117000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.251497013.0000000006118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comk
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: o3pLoLD7cc.exe, 00000000.00000003.246064355.0000000006117000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245933926.0000000006117000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: o3pLoLD7cc.exe, 00000000.00000003.246064355.0000000006117000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn2
          Source: o3pLoLD7cc.exe, 00000000.00000003.246064355.0000000006117000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnJ
          Source: o3pLoLD7cc.exe, 00000000.00000003.245933926.0000000006117000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnmpat2
          Source: o3pLoLD7cc.exe, 00000000.00000003.246064355.0000000006117000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnr-c
          Source: o3pLoLD7cc.exe, 00000000.00000003.252641899.0000000006148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.255020479.000000000611A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: o3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: o3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/#
          Source: o3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//
          Source: o3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/F
          Source: o3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/O
          Source: o3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/X
          Source: o3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0/5
          Source: o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
          Source: o3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/t
          Source: o3pLoLD7cc.exe, 00000000.00000003.245548384.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245979119.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247559088.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246374848.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246781545.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245108616.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245067478.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247694806.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247023658.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246565619.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245466325.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245843164.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246820959.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247666309.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247445746.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247116878.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244398485.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244484316.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247194983.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244640688.000000000612B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: o3pLoLD7cc.exe, 00000000.00000003.245548384.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245979119.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247559088.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246374848.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246781545.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245108616.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244369021.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245067478.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247694806.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247023658.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246565619.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245466325.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245843164.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246820959.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247666309.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247445746.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247116878.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244398485.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244484316.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247194983.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244285528.000000000612B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com2
          Source: o3pLoLD7cc.exe, 00000000.00000003.245548384.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245979119.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247559088.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246374848.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246781545.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245108616.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245067478.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247694806.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247023658.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246565619.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245466325.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245843164.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246820959.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247666309.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247445746.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247116878.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244398485.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244484316.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247194983.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244640688.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247373240.000000000612B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.come
          Source: o3pLoLD7cc.exe, 00000000.00000003.245548384.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245979119.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247559088.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246374848.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246781545.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245108616.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244369021.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245067478.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247694806.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247023658.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246565619.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245466325.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245843164.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246820959.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247666309.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247445746.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247116878.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244398485.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244484316.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247194983.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244285528.000000000612B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comt
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: unknownDNS traffic detected: queries for: www.nattu.info
          Source: o3pLoLD7cc.exe, 00000000.00000002.277166040.00000000015EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 5.0.o3pLoLD7cc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.o3pLoLD7cc.exe.424f558.9.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.507829731.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.508959934.0000000002960000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.506902043.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.352084997.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.331404311.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.281181873.000000000424F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 5.0.o3pLoLD7cc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 5.0.o3pLoLD7cc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.0.o3pLoLD7cc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.o3pLoLD7cc.exe.424f558.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0.2.o3pLoLD7cc.exe.424f558.9.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.o3pLoLD7cc.exe.424f558.9.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000016.00000002.507829731.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000016.00000002.507829731.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000016.00000002.507829731.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000016.00000002.508959934.0000000002960000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000016.00000002.508959934.0000000002960000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000016.00000002.508959934.0000000002960000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000016.00000002.506902043.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000016.00000002.506902043.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000016.00000002.506902043.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000000.352084997.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000006.00000000.352084997.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000000.352084997.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000000.331404311.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000006.00000000.331404311.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000000.331404311.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.281181873.000000000424F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.281181873.000000000424F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.281181873.000000000424F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: o3pLoLD7cc.exe PID: 980, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: o3pLoLD7cc.exe PID: 5140, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: svchost.exe PID: 4772, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: o3pLoLD7cc.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 5.0.o3pLoLD7cc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 5.0.o3pLoLD7cc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.0.o3pLoLD7cc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.o3pLoLD7cc.exe.424f558.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0.2.o3pLoLD7cc.exe.424f558.9.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.o3pLoLD7cc.exe.424f558.9.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000016.00000002.507829731.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000016.00000002.507829731.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000016.00000002.507829731.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000016.00000002.508959934.0000000002960000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000016.00000002.508959934.0000000002960000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000016.00000002.508959934.0000000002960000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000016.00000002.506902043.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000016.00000002.506902043.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000016.00000002.506902043.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000000.352084997.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000006.00000000.352084997.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000000.352084997.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000000.331404311.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000006.00000000.331404311.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000000.331404311.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.281181873.000000000424F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.281181873.000000000424F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.281181873.000000000424F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: o3pLoLD7cc.exe PID: 980, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: o3pLoLD7cc.exe PID: 5140, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: svchost.exe PID: 4772, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 0_2_0197CD040_2_0197CD04
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 0_2_0197F0D00_2_0197F0D0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 0_2_0197F0C00_2_0197F0C0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 0_2_07AB5A400_2_07AB5A40
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 0_2_07AB56080_2_07AB5608
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 0_2_07AB56180_2_07AB5618
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 0_2_07AB6FEA0_2_07AB6FEA
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 0_2_07AB6FF00_2_07AB6FF0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 0_2_07AB5A300_2_07AB5A30
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC20A05_2_00FC20A0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FAB0905_2_00FAB090
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA8305_2_00FBA830
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010510025_2_01051002
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0106E8245_2_0106E824
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB99BF5_2_00FB99BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010620A85_2_010620A8
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB41205_2_00FB4120
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010628EC5_2_010628EC
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9F9005_2_00F9F900
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01062B285_2_01062B28
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0103CB4F5_2_0103CB4F
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB2365_2_00FBB236
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0105DBD25_2_0105DBD2
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010503DA5_2_010503DA
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010423E35_2_010423E3
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCABD85_2_00FCABD8
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0104FA2B5_2_0104FA2B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCEBB05_2_00FCEBB0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBEB9A5_2_00FBEB9A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC138B5_2_00FC138B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010622AE5_2_010622AE
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBAB405_2_00FBAB40
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054AEF5_2_01054AEF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA3095_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01062D075_2_01062D07
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01061D555_2_01061D55
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01052D825_2_01052D82
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB4775_2_00FBB477
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010625DD5_2_010625DD
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA841F5_2_00FA841F
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FAD5E05_2_00FAD5E0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0105D4665_2_0105D466
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC25815_2_00FC2581
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010544965_2_01054496
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F90D205_2_00F90D20
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0106DFCE5_2_0106DFCE
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB6E305_2_00FB6E30
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01061FF15_2_01061FF1
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB56005_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0105D6165_2_0105D616
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01041EB65_2_01041EB6
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01062EF75_2_01062EF7
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: String function: 00F9B150 appears 145 times
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD98F0 NtReadVirtualMemory,LdrInitializeThunk,5_2_00FD98F0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9860 NtQuerySystemInformation,LdrInitializeThunk,5_2_00FD9860
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9840 NtDelayExecution,LdrInitializeThunk,5_2_00FD9840
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD99A0 NtCreateSection,LdrInitializeThunk,5_2_00FD99A0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9910 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_00FD9910
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9A50 NtCreateFile,LdrInitializeThunk,5_2_00FD9A50
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9A20 NtResumeThread,LdrInitializeThunk,5_2_00FD9A20
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9A00 NtProtectVirtualMemory,LdrInitializeThunk,5_2_00FD9A00
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD95D0 NtClose,LdrInitializeThunk,5_2_00FD95D0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9540 NtReadFile,LdrInitializeThunk,5_2_00FD9540
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD96E0 NtFreeVirtualMemory,LdrInitializeThunk,5_2_00FD96E0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9660 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_00FD9660
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD97A0 NtUnmapViewOfSection,LdrInitializeThunk,5_2_00FD97A0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9780 NtMapViewOfSection,LdrInitializeThunk,5_2_00FD9780
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9710 NtQueryInformationToken,LdrInitializeThunk,5_2_00FD9710
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD98A0 NtWriteVirtualMemory,5_2_00FD98A0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FDB040 NtSuspendThread,5_2_00FDB040
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9820 NtEnumerateKey,5_2_00FD9820
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD99D0 NtCreateProcessEx,5_2_00FD99D0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9950 NtQueueApcThread,5_2_00FD9950
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9A80 NtOpenDirectoryObject,5_2_00FD9A80
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9A10 NtQuerySection,5_2_00FD9A10
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FDA3B0 NtGetContextThread,5_2_00FDA3B0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9B00 NtSetValueKey,5_2_00FD9B00
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD95F0 NtQueryInformationFile,5_2_00FD95F0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9560 NtWriteFile,5_2_00FD9560
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FDAD30 NtSetContextThread,5_2_00FDAD30
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9520 NtWaitForSingleObject,5_2_00FD9520
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD96D0 NtCreateKey,5_2_00FD96D0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9670 NtQueryInformationProcess,5_2_00FD9670
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9650 NtQueryValueKey,5_2_00FD9650
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9610 NtEnumerateValueKey,5_2_00FD9610
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9FE0 NtCreateMutant,5_2_00FD9FE0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FDA770 NtOpenThread,5_2_00FDA770
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9770 NtSetInformationFile,5_2_00FD9770
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9760 NtOpenProcess,5_2_00FD9760
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD9730 NtQueryVirtualMemory,5_2_00FD9730
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FDA710 NtOpenProcessToken,5_2_00FDA710
          Source: o3pLoLD7cc.exe, 00000000.00000003.257714692.0000000001677000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKeysNormalize.dll4 vs o3pLoLD7cc.exe
          Source: o3pLoLD7cc.exe, 00000000.00000002.277166040.00000000015EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs o3pLoLD7cc.exe
          Source: o3pLoLD7cc.exe, 00000000.00000002.286653487.00000000078E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWebName.dll4 vs o3pLoLD7cc.exe
          Source: o3pLoLD7cc.exe, 00000000.00000002.278817916.00000000031C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWebName.dll4 vs o3pLoLD7cc.exe
          Source: o3pLoLD7cc.exe, 00000000.00000002.281181873.000000000424F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDoncepre.dll@ vs o3pLoLD7cc.exe
          Source: o3pLoLD7cc.exe, 00000000.00000000.240927992.0000000000ED8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamecDisplayClass.exeB vs o3pLoLD7cc.exe
          Source: o3pLoLD7cc.exe, 00000000.00000002.286982354.0000000007A30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDoncepre.dll@ vs o3pLoLD7cc.exe
          Source: o3pLoLD7cc.exe, 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs o3pLoLD7cc.exe
          Source: o3pLoLD7cc.exe, 00000005.00000002.366738355.0000000000B55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exej% vs o3pLoLD7cc.exe
          Source: o3pLoLD7cc.exe, 00000005.00000002.366600044.0000000000B38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exej% vs o3pLoLD7cc.exe
          Source: o3pLoLD7cc.exe, 00000005.00000003.279075399.0000000000EF6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs o3pLoLD7cc.exe
          Source: o3pLoLD7cc.exe, 00000005.00000003.276271356.0000000000D52000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs o3pLoLD7cc.exe
          Source: o3pLoLD7cc.exeBinary or memory string: OriginalFilenamecDisplayClass.exeB vs o3pLoLD7cc.exe
          Source: o3pLoLD7cc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: o3pLoLD7cc.exeVirustotal: Detection: 42%
          Source: o3pLoLD7cc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\o3pLoLD7cc.exe "C:\Users\user\Desktop\o3pLoLD7cc.exe"
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess created: C:\Users\user\Desktop\o3pLoLD7cc.exe C:\Users\user\Desktop\o3pLoLD7cc.exe
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess created: C:\Users\user\Desktop\o3pLoLD7cc.exe C:\Users\user\Desktop\o3pLoLD7cc.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe C:\Windows\SysWOW64\autoconv.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\o3pLoLD7cc.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess created: C:\Users\user\Desktop\o3pLoLD7cc.exe C:\Users\user\Desktop\o3pLoLD7cc.exeJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess created: C:\Users\user\Desktop\o3pLoLD7cc.exe C:\Users\user\Desktop\o3pLoLD7cc.exeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\o3pLoLD7cc.exe"Jump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\o3pLoLD7cc.exe.logJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@10/1@1/0
          Source: o3pLoLD7cc.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4784:120:WilError_01
          Source: o3pLoLD7cc.exe, ProcExpGUI/Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
          Source: 0.0.o3pLoLD7cc.exe.e10000.0.unpack, ProcExpGUI/Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: o3pLoLD7cc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: o3pLoLD7cc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: o3pLoLD7cc.exe, 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000005.00000003.278160527.0000000000DD7000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000005.00000003.271094206.0000000000C3C000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.369274175.0000000002E00000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.515761549.000000000311F000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.366219204.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.513005579.0000000003000000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: o3pLoLD7cc.exe, o3pLoLD7cc.exe, 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000005.00000003.278160527.0000000000DD7000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000005.00000003.271094206.0000000000C3C000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.369274175.0000000002E00000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.515761549.000000000311F000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.366219204.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.513005579.0000000003000000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: svchost.pdb source: o3pLoLD7cc.exe, 00000005.00000002.366600044.0000000000B38000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: o3pLoLD7cc.exe, 00000005.00000002.366600044.0000000000B38000.00000004.00000020.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: o3pLoLD7cc.exe, ProcExpGUI/Form1.cs.Net Code: WaitHandle System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 0.0.o3pLoLD7cc.exe.e10000.0.unpack, ProcExpGUI/Form1.cs.Net Code: WaitHandle System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FED0D1 push ecx; ret 5_2_00FED0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 7.7803803280527

          Hooking and other Techniques for Hiding and Protection

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8A 0xAE 0xEC
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: 00000000.00000002.280526739.00000000033FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.278817916.00000000031C3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: o3pLoLD7cc.exe PID: 980, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: o3pLoLD7cc.exe, 00000000.00000002.280526739.00000000033FA000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000002.278817916.00000000031C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
          Source: o3pLoLD7cc.exe, 00000000.00000002.280526739.00000000033FA000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000002.278817916.00000000031C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeRDTSC instruction interceptor: First address: 0000000000409B6E second address: 0000000000409B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\svchost.exeRDTSC instruction interceptor: First address: 00000000004A9904 second address: 00000000004A990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\svchost.exeRDTSC instruction interceptor: First address: 00000000004A9B6E second address: 00000000004A9B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exe TID: 5760Thread sleep time: -45877s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exe TID: 5788Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\svchost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC6A60 rdtscp 5_2_00FC6A60
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeAPI coverage: 3.3 %
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeThread delayed: delay time: 45877Jump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000006.00000000.327549908.00000000080ED000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000006.00000000.299296624.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}*^d
          Source: explorer.exe, 00000006.00000000.299296624.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}m&ven_n
          Source: o3pLoLD7cc.exe, 00000000.00000002.278817916.00000000031C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000006.00000000.317136850.0000000000680000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&280b647&
          Source: explorer.exe, 00000006.00000000.317172679.000000000069D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: o3pLoLD7cc.exe, 00000000.00000002.278817916.00000000031C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
          Source: explorer.exe, 00000006.00000000.299296624.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000006.00000000.345513596.00000000062C4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000006.00000000.319065006.0000000004287000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0
          Source: explorer.exe, 00000006.00000000.328116937.000000000820E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000006.00000000.299296624.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}}^
          Source: o3pLoLD7cc.exe, 00000000.00000002.278817916.00000000031C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
          Source: explorer.exe, 00000006.00000000.327549908.00000000080ED000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000006.00000000.299296624.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00l
          Source: o3pLoLD7cc.exe, 00000000.00000002.278817916.00000000031C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC6A60 rdtscp 5_2_00FC6A60
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F958EC mov eax, dword ptr fs:[00000030h]5_2_00F958EC
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F940E1 mov eax, dword ptr fs:[00000030h]5_2_00F940E1
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F940E1 mov eax, dword ptr fs:[00000030h]5_2_00F940E1
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F940E1 mov eax, dword ptr fs:[00000030h]5_2_00F940E1
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB8E4 mov eax, dword ptr fs:[00000030h]5_2_00FBB8E4
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB8E4 mov eax, dword ptr fs:[00000030h]5_2_00FBB8E4
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCF0BF mov ecx, dword ptr fs:[00000030h]5_2_00FCF0BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCF0BF mov eax, dword ptr fs:[00000030h]5_2_00FCF0BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCF0BF mov eax, dword ptr fs:[00000030h]5_2_00FCF0BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD90AF mov eax, dword ptr fs:[00000030h]5_2_00FD90AF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC20A0 mov eax, dword ptr fs:[00000030h]5_2_00FC20A0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC20A0 mov eax, dword ptr fs:[00000030h]5_2_00FC20A0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC20A0 mov eax, dword ptr fs:[00000030h]5_2_00FC20A0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC20A0 mov eax, dword ptr fs:[00000030h]5_2_00FC20A0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC20A0 mov eax, dword ptr fs:[00000030h]5_2_00FC20A0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC20A0 mov eax, dword ptr fs:[00000030h]5_2_00FC20A0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F99080 mov eax, dword ptr fs:[00000030h]5_2_00F99080
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010549A4 mov eax, dword ptr fs:[00000030h]5_2_010549A4
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010549A4 mov eax, dword ptr fs:[00000030h]5_2_010549A4
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010549A4 mov eax, dword ptr fs:[00000030h]5_2_010549A4
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010549A4 mov eax, dword ptr fs:[00000030h]5_2_010549A4
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010169A6 mov eax, dword ptr fs:[00000030h]5_2_010169A6
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB0050 mov eax, dword ptr fs:[00000030h]5_2_00FB0050
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB0050 mov eax, dword ptr fs:[00000030h]5_2_00FB0050
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010151BE mov eax, dword ptr fs:[00000030h]5_2_010151BE
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010151BE mov eax, dword ptr fs:[00000030h]5_2_010151BE
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010151BE mov eax, dword ptr fs:[00000030h]5_2_010151BE
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010151BE mov eax, dword ptr fs:[00000030h]5_2_010151BE
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA830 mov eax, dword ptr fs:[00000030h]5_2_00FBA830
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA830 mov eax, dword ptr fs:[00000030h]5_2_00FBA830
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA830 mov eax, dword ptr fs:[00000030h]5_2_00FBA830
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA830 mov eax, dword ptr fs:[00000030h]5_2_00FBA830
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FAB02A mov eax, dword ptr fs:[00000030h]5_2_00FAB02A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FAB02A mov eax, dword ptr fs:[00000030h]5_2_00FAB02A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FAB02A mov eax, dword ptr fs:[00000030h]5_2_00FAB02A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FAB02A mov eax, dword ptr fs:[00000030h]5_2_00FAB02A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC002D mov eax, dword ptr fs:[00000030h]5_2_00FC002D
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC002D mov eax, dword ptr fs:[00000030h]5_2_00FC002D
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC002D mov eax, dword ptr fs:[00000030h]5_2_00FC002D
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC002D mov eax, dword ptr fs:[00000030h]5_2_00FC002D
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC002D mov eax, dword ptr fs:[00000030h]5_2_00FC002D
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010241E8 mov eax, dword ptr fs:[00000030h]5_2_010241E8
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01064015 mov eax, dword ptr fs:[00000030h]5_2_01064015
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01064015 mov eax, dword ptr fs:[00000030h]5_2_01064015
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01017016 mov eax, dword ptr fs:[00000030h]5_2_01017016
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01017016 mov eax, dword ptr fs:[00000030h]5_2_01017016
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01017016 mov eax, dword ptr fs:[00000030h]5_2_01017016
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9B1E1 mov eax, dword ptr fs:[00000030h]5_2_00F9B1E1
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9B1E1 mov eax, dword ptr fs:[00000030h]5_2_00F9B1E1
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9B1E1 mov eax, dword ptr fs:[00000030h]5_2_00F9B1E1
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB99BF mov ecx, dword ptr fs:[00000030h]5_2_00FB99BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB99BF mov ecx, dword ptr fs:[00000030h]5_2_00FB99BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB99BF mov eax, dword ptr fs:[00000030h]5_2_00FB99BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB99BF mov ecx, dword ptr fs:[00000030h]5_2_00FB99BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB99BF mov ecx, dword ptr fs:[00000030h]5_2_00FB99BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB99BF mov eax, dword ptr fs:[00000030h]5_2_00FB99BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB99BF mov ecx, dword ptr fs:[00000030h]5_2_00FB99BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB99BF mov ecx, dword ptr fs:[00000030h]5_2_00FB99BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB99BF mov eax, dword ptr fs:[00000030h]5_2_00FB99BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB99BF mov ecx, dword ptr fs:[00000030h]5_2_00FB99BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB99BF mov ecx, dword ptr fs:[00000030h]5_2_00FB99BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB99BF mov eax, dword ptr fs:[00000030h]5_2_00FB99BF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC61A0 mov eax, dword ptr fs:[00000030h]5_2_00FC61A0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC61A0 mov eax, dword ptr fs:[00000030h]5_2_00FC61A0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC2990 mov eax, dword ptr fs:[00000030h]5_2_00FC2990
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC4190 mov eax, dword ptr fs:[00000030h]5_2_00FC4190
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01061074 mov eax, dword ptr fs:[00000030h]5_2_01061074
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01052073 mov eax, dword ptr fs:[00000030h]5_2_01052073
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBC182 mov eax, dword ptr fs:[00000030h]5_2_00FBC182
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCA185 mov eax, dword ptr fs:[00000030h]5_2_00FCA185
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01013884 mov eax, dword ptr fs:[00000030h]5_2_01013884
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01013884 mov eax, dword ptr fs:[00000030h]5_2_01013884
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9B171 mov eax, dword ptr fs:[00000030h]5_2_00F9B171
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9B171 mov eax, dword ptr fs:[00000030h]5_2_00F9B171
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9C962 mov eax, dword ptr fs:[00000030h]5_2_00F9C962
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB944 mov eax, dword ptr fs:[00000030h]5_2_00FBB944
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB944 mov eax, dword ptr fs:[00000030h]5_2_00FBB944
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC513A mov eax, dword ptr fs:[00000030h]5_2_00FC513A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC513A mov eax, dword ptr fs:[00000030h]5_2_00FC513A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0102B8D0 mov eax, dword ptr fs:[00000030h]5_2_0102B8D0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0102B8D0 mov ecx, dword ptr fs:[00000030h]5_2_0102B8D0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0102B8D0 mov eax, dword ptr fs:[00000030h]5_2_0102B8D0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0102B8D0 mov eax, dword ptr fs:[00000030h]5_2_0102B8D0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0102B8D0 mov eax, dword ptr fs:[00000030h]5_2_0102B8D0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0102B8D0 mov eax, dword ptr fs:[00000030h]5_2_0102B8D0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB4120 mov eax, dword ptr fs:[00000030h]5_2_00FB4120
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB4120 mov eax, dword ptr fs:[00000030h]5_2_00FB4120
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB4120 mov eax, dword ptr fs:[00000030h]5_2_00FB4120
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB4120 mov eax, dword ptr fs:[00000030h]5_2_00FB4120
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB4120 mov ecx, dword ptr fs:[00000030h]5_2_00FB4120
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F99100 mov eax, dword ptr fs:[00000030h]5_2_00F99100
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F99100 mov eax, dword ptr fs:[00000030h]5_2_00F99100
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F99100 mov eax, dword ptr fs:[00000030h]5_2_00F99100
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC2AE4 mov eax, dword ptr fs:[00000030h]5_2_00FC2AE4
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0105131B mov eax, dword ptr fs:[00000030h]5_2_0105131B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC2ACB mov eax, dword ptr fs:[00000030h]5_2_00FC2ACB
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FAAAB0 mov eax, dword ptr fs:[00000030h]5_2_00FAAAB0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FAAAB0 mov eax, dword ptr fs:[00000030h]5_2_00FAAAB0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCFAB0 mov eax, dword ptr fs:[00000030h]5_2_00FCFAB0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F952A5 mov eax, dword ptr fs:[00000030h]5_2_00F952A5
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F952A5 mov eax, dword ptr fs:[00000030h]5_2_00F952A5
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F952A5 mov eax, dword ptr fs:[00000030h]5_2_00F952A5
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F952A5 mov eax, dword ptr fs:[00000030h]5_2_00F952A5
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F952A5 mov eax, dword ptr fs:[00000030h]5_2_00F952A5
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01068B58 mov eax, dword ptr fs:[00000030h]5_2_01068B58
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCD294 mov eax, dword ptr fs:[00000030h]5_2_00FCD294
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCD294 mov eax, dword ptr fs:[00000030h]5_2_00FCD294
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0104D380 mov ecx, dword ptr fs:[00000030h]5_2_0104D380
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD927A mov eax, dword ptr fs:[00000030h]5_2_00FD927A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0105138A mov eax, dword ptr fs:[00000030h]5_2_0105138A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01065BA5 mov eax, dword ptr fs:[00000030h]5_2_01065BA5
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F99240 mov eax, dword ptr fs:[00000030h]5_2_00F99240
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F99240 mov eax, dword ptr fs:[00000030h]5_2_00F99240
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F99240 mov eax, dword ptr fs:[00000030h]5_2_00F99240
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F99240 mov eax, dword ptr fs:[00000030h]5_2_00F99240
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010153CA mov eax, dword ptr fs:[00000030h]5_2_010153CA
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010153CA mov eax, dword ptr fs:[00000030h]5_2_010153CA
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB236 mov eax, dword ptr fs:[00000030h]5_2_00FBB236
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB236 mov eax, dword ptr fs:[00000030h]5_2_00FBB236
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB236 mov eax, dword ptr fs:[00000030h]5_2_00FBB236
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB236 mov eax, dword ptr fs:[00000030h]5_2_00FBB236
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB236 mov eax, dword ptr fs:[00000030h]5_2_00FBB236
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB236 mov eax, dword ptr fs:[00000030h]5_2_00FBB236
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD4A2C mov eax, dword ptr fs:[00000030h]5_2_00FD4A2C
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD4A2C mov eax, dword ptr fs:[00000030h]5_2_00FD4A2C
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA229 mov eax, dword ptr fs:[00000030h]5_2_00FBA229
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA229 mov eax, dword ptr fs:[00000030h]5_2_00FBA229
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA229 mov eax, dword ptr fs:[00000030h]5_2_00FBA229
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA229 mov eax, dword ptr fs:[00000030h]5_2_00FBA229
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA229 mov eax, dword ptr fs:[00000030h]5_2_00FBA229
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA229 mov eax, dword ptr fs:[00000030h]5_2_00FBA229
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA229 mov eax, dword ptr fs:[00000030h]5_2_00FBA229
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA229 mov eax, dword ptr fs:[00000030h]5_2_00FBA229
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA229 mov eax, dword ptr fs:[00000030h]5_2_00FBA229
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB3A1C mov eax, dword ptr fs:[00000030h]5_2_00FB3A1C
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010423E3 mov ecx, dword ptr fs:[00000030h]5_2_010423E3
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010423E3 mov ecx, dword ptr fs:[00000030h]5_2_010423E3
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010423E3 mov eax, dword ptr fs:[00000030h]5_2_010423E3
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F95210 mov eax, dword ptr fs:[00000030h]5_2_00F95210
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F95210 mov ecx, dword ptr fs:[00000030h]5_2_00F95210
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F95210 mov eax, dword ptr fs:[00000030h]5_2_00F95210
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F95210 mov eax, dword ptr fs:[00000030h]5_2_00F95210
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9AA16 mov eax, dword ptr fs:[00000030h]5_2_00F9AA16
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9AA16 mov eax, dword ptr fs:[00000030h]5_2_00F9AA16
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA8A0A mov eax, dword ptr fs:[00000030h]5_2_00FA8A0A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBDBE9 mov eax, dword ptr fs:[00000030h]5_2_00FBDBE9
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0105AA16 mov eax, dword ptr fs:[00000030h]5_2_0105AA16
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0105AA16 mov eax, dword ptr fs:[00000030h]5_2_0105AA16
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC03E2 mov eax, dword ptr fs:[00000030h]5_2_00FC03E2
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC03E2 mov eax, dword ptr fs:[00000030h]5_2_00FC03E2
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC03E2 mov eax, dword ptr fs:[00000030h]5_2_00FC03E2
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC03E2 mov eax, dword ptr fs:[00000030h]5_2_00FC03E2
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC03E2 mov eax, dword ptr fs:[00000030h]5_2_00FC03E2
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC03E2 mov eax, dword ptr fs:[00000030h]5_2_00FC03E2
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC53C5 mov eax, dword ptr fs:[00000030h]5_2_00FC53C5
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0105EA55 mov eax, dword ptr fs:[00000030h]5_2_0105EA55
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC4BAD mov eax, dword ptr fs:[00000030h]5_2_00FC4BAD
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC4BAD mov eax, dword ptr fs:[00000030h]5_2_00FC4BAD
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC4BAD mov eax, dword ptr fs:[00000030h]5_2_00FC4BAD
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01024257 mov eax, dword ptr fs:[00000030h]5_2_01024257
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBEB9A mov eax, dword ptr fs:[00000030h]5_2_00FBEB9A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBEB9A mov eax, dword ptr fs:[00000030h]5_2_00FBEB9A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0104B260 mov eax, dword ptr fs:[00000030h]5_2_0104B260
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0104B260 mov eax, dword ptr fs:[00000030h]5_2_0104B260
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01068A62 mov eax, dword ptr fs:[00000030h]5_2_01068A62
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC2397 mov eax, dword ptr fs:[00000030h]5_2_00FC2397
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCB390 mov eax, dword ptr fs:[00000030h]5_2_00FCB390
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA1B8F mov eax, dword ptr fs:[00000030h]5_2_00FA1B8F
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA1B8F mov eax, dword ptr fs:[00000030h]5_2_00FA1B8F
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC138B mov eax, dword ptr fs:[00000030h]5_2_00FC138B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC138B mov eax, dword ptr fs:[00000030h]5_2_00FC138B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC138B mov eax, dword ptr fs:[00000030h]5_2_00FC138B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC3B7A mov eax, dword ptr fs:[00000030h]5_2_00FC3B7A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC3B7A mov eax, dword ptr fs:[00000030h]5_2_00FC3B7A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9DB60 mov ecx, dword ptr fs:[00000030h]5_2_00F9DB60
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9F358 mov eax, dword ptr fs:[00000030h]5_2_00F9F358
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9DB40 mov eax, dword ptr fs:[00000030h]5_2_00F9DB40
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054AEF mov eax, dword ptr fs:[00000030h]5_2_01054AEF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054AEF mov eax, dword ptr fs:[00000030h]5_2_01054AEF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054AEF mov eax, dword ptr fs:[00000030h]5_2_01054AEF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054AEF mov eax, dword ptr fs:[00000030h]5_2_01054AEF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054AEF mov eax, dword ptr fs:[00000030h]5_2_01054AEF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054AEF mov eax, dword ptr fs:[00000030h]5_2_01054AEF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054AEF mov eax, dword ptr fs:[00000030h]5_2_01054AEF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054AEF mov eax, dword ptr fs:[00000030h]5_2_01054AEF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054AEF mov eax, dword ptr fs:[00000030h]5_2_01054AEF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054AEF mov eax, dword ptr fs:[00000030h]5_2_01054AEF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054AEF mov eax, dword ptr fs:[00000030h]5_2_01054AEF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054AEF mov eax, dword ptr fs:[00000030h]5_2_01054AEF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054AEF mov eax, dword ptr fs:[00000030h]5_2_01054AEF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054AEF mov eax, dword ptr fs:[00000030h]5_2_01054AEF
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBA309 mov eax, dword ptr fs:[00000030h]5_2_00FBA309
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01068D34 mov eax, dword ptr fs:[00000030h]5_2_01068D34
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0101A537 mov eax, dword ptr fs:[00000030h]5_2_0101A537
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0105E539 mov eax, dword ptr fs:[00000030h]5_2_0105E539
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01013540 mov eax, dword ptr fs:[00000030h]5_2_01013540
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01043D40 mov eax, dword ptr fs:[00000030h]5_2_01043D40
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA849B mov eax, dword ptr fs:[00000030h]5_2_00FA849B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCAC7B mov eax, dword ptr fs:[00000030h]5_2_00FCAC7B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCAC7B mov eax, dword ptr fs:[00000030h]5_2_00FCAC7B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCAC7B mov eax, dword ptr fs:[00000030h]5_2_00FCAC7B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCAC7B mov eax, dword ptr fs:[00000030h]5_2_00FCAC7B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCAC7B mov eax, dword ptr fs:[00000030h]5_2_00FCAC7B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCAC7B mov eax, dword ptr fs:[00000030h]5_2_00FCAC7B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCAC7B mov eax, dword ptr fs:[00000030h]5_2_00FCAC7B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCAC7B mov eax, dword ptr fs:[00000030h]5_2_00FCAC7B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCAC7B mov eax, dword ptr fs:[00000030h]5_2_00FCAC7B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCAC7B mov eax, dword ptr fs:[00000030h]5_2_00FCAC7B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCAC7B mov eax, dword ptr fs:[00000030h]5_2_00FCAC7B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01052D82 mov eax, dword ptr fs:[00000030h]5_2_01052D82
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01052D82 mov eax, dword ptr fs:[00000030h]5_2_01052D82
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01052D82 mov eax, dword ptr fs:[00000030h]5_2_01052D82
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01052D82 mov eax, dword ptr fs:[00000030h]5_2_01052D82
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01052D82 mov eax, dword ptr fs:[00000030h]5_2_01052D82
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01052D82 mov eax, dword ptr fs:[00000030h]5_2_01052D82
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01052D82 mov eax, dword ptr fs:[00000030h]5_2_01052D82
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB477 mov eax, dword ptr fs:[00000030h]5_2_00FBB477
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB477 mov eax, dword ptr fs:[00000030h]5_2_00FBB477
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB477 mov eax, dword ptr fs:[00000030h]5_2_00FBB477
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB477 mov eax, dword ptr fs:[00000030h]5_2_00FBB477
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB477 mov eax, dword ptr fs:[00000030h]5_2_00FBB477
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB477 mov eax, dword ptr fs:[00000030h]5_2_00FBB477
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB477 mov eax, dword ptr fs:[00000030h]5_2_00FBB477
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB477 mov eax, dword ptr fs:[00000030h]5_2_00FBB477
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB477 mov eax, dword ptr fs:[00000030h]5_2_00FBB477
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB477 mov eax, dword ptr fs:[00000030h]5_2_00FBB477
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB477 mov eax, dword ptr fs:[00000030h]5_2_00FBB477
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB477 mov eax, dword ptr fs:[00000030h]5_2_00FBB477
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB746D mov eax, dword ptr fs:[00000030h]5_2_00FB746D
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010605AC mov eax, dword ptr fs:[00000030h]5_2_010605AC
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010605AC mov eax, dword ptr fs:[00000030h]5_2_010605AC
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCA44B mov eax, dword ptr fs:[00000030h]5_2_00FCA44B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC3C3E mov eax, dword ptr fs:[00000030h]5_2_00FC3C3E
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC3C3E mov eax, dword ptr fs:[00000030h]5_2_00FC3C3E
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC3C3E mov eax, dword ptr fs:[00000030h]5_2_00FC3C3E
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01016DC9 mov eax, dword ptr fs:[00000030h]5_2_01016DC9
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01016DC9 mov eax, dword ptr fs:[00000030h]5_2_01016DC9
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01016DC9 mov eax, dword ptr fs:[00000030h]5_2_01016DC9
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01016DC9 mov ecx, dword ptr fs:[00000030h]5_2_01016DC9
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01016DC9 mov eax, dword ptr fs:[00000030h]5_2_01016DC9
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01016DC9 mov eax, dword ptr fs:[00000030h]5_2_01016DC9
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCBC2C mov eax, dword ptr fs:[00000030h]5_2_00FCBC2C
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0105FDE2 mov eax, dword ptr fs:[00000030h]5_2_0105FDE2
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0105FDE2 mov eax, dword ptr fs:[00000030h]5_2_0105FDE2
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0105FDE2 mov eax, dword ptr fs:[00000030h]5_2_0105FDE2
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0105FDE2 mov eax, dword ptr fs:[00000030h]5_2_0105FDE2
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01048DF1 mov eax, dword ptr fs:[00000030h]5_2_01048DF1
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051C06 mov eax, dword ptr fs:[00000030h]5_2_01051C06
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051C06 mov eax, dword ptr fs:[00000030h]5_2_01051C06
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051C06 mov eax, dword ptr fs:[00000030h]5_2_01051C06
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051C06 mov eax, dword ptr fs:[00000030h]5_2_01051C06
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051C06 mov eax, dword ptr fs:[00000030h]5_2_01051C06
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051C06 mov eax, dword ptr fs:[00000030h]5_2_01051C06
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051C06 mov eax, dword ptr fs:[00000030h]5_2_01051C06
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051C06 mov eax, dword ptr fs:[00000030h]5_2_01051C06
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051C06 mov eax, dword ptr fs:[00000030h]5_2_01051C06
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051C06 mov eax, dword ptr fs:[00000030h]5_2_01051C06
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051C06 mov eax, dword ptr fs:[00000030h]5_2_01051C06
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051C06 mov eax, dword ptr fs:[00000030h]5_2_01051C06
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051C06 mov eax, dword ptr fs:[00000030h]5_2_01051C06
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051C06 mov eax, dword ptr fs:[00000030h]5_2_01051C06
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0106740D mov eax, dword ptr fs:[00000030h]5_2_0106740D
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0106740D mov eax, dword ptr fs:[00000030h]5_2_0106740D
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0106740D mov eax, dword ptr fs:[00000030h]5_2_0106740D
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01016C0A mov eax, dword ptr fs:[00000030h]5_2_01016C0A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01016C0A mov eax, dword ptr fs:[00000030h]5_2_01016C0A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01016C0A mov eax, dword ptr fs:[00000030h]5_2_01016C0A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01016C0A mov eax, dword ptr fs:[00000030h]5_2_01016C0A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FAD5E0 mov eax, dword ptr fs:[00000030h]5_2_00FAD5E0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FAD5E0 mov eax, dword ptr fs:[00000030h]5_2_00FAD5E0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC1DB5 mov eax, dword ptr fs:[00000030h]5_2_00FC1DB5
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC1DB5 mov eax, dword ptr fs:[00000030h]5_2_00FC1DB5
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC1DB5 mov eax, dword ptr fs:[00000030h]5_2_00FC1DB5
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0102C450 mov eax, dword ptr fs:[00000030h]5_2_0102C450
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0102C450 mov eax, dword ptr fs:[00000030h]5_2_0102C450
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC35A1 mov eax, dword ptr fs:[00000030h]5_2_00FC35A1
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCFD9B mov eax, dword ptr fs:[00000030h]5_2_00FCFD9B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCFD9B mov eax, dword ptr fs:[00000030h]5_2_00FCFD9B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F92D8A mov eax, dword ptr fs:[00000030h]5_2_00F92D8A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F92D8A mov eax, dword ptr fs:[00000030h]5_2_00F92D8A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F92D8A mov eax, dword ptr fs:[00000030h]5_2_00F92D8A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F92D8A mov eax, dword ptr fs:[00000030h]5_2_00F92D8A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F92D8A mov eax, dword ptr fs:[00000030h]5_2_00F92D8A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC2581 mov eax, dword ptr fs:[00000030h]5_2_00FC2581
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC2581 mov eax, dword ptr fs:[00000030h]5_2_00FC2581
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC2581 mov eax, dword ptr fs:[00000030h]5_2_00FC2581
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC2581 mov eax, dword ptr fs:[00000030h]5_2_00FC2581
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBC577 mov eax, dword ptr fs:[00000030h]5_2_00FBC577
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBC577 mov eax, dword ptr fs:[00000030h]5_2_00FBC577
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB8D76 mov eax, dword ptr fs:[00000030h]5_2_00FB8D76
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB8D76 mov eax, dword ptr fs:[00000030h]5_2_00FB8D76
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB8D76 mov eax, dword ptr fs:[00000030h]5_2_00FB8D76
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB8D76 mov eax, dword ptr fs:[00000030h]5_2_00FB8D76
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB8D76 mov eax, dword ptr fs:[00000030h]5_2_00FB8D76
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054496 mov eax, dword ptr fs:[00000030h]5_2_01054496
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054496 mov eax, dword ptr fs:[00000030h]5_2_01054496
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054496 mov eax, dword ptr fs:[00000030h]5_2_01054496
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054496 mov eax, dword ptr fs:[00000030h]5_2_01054496
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054496 mov eax, dword ptr fs:[00000030h]5_2_01054496
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054496 mov eax, dword ptr fs:[00000030h]5_2_01054496
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054496 mov eax, dword ptr fs:[00000030h]5_2_01054496
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054496 mov eax, dword ptr fs:[00000030h]5_2_01054496
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054496 mov eax, dword ptr fs:[00000030h]5_2_01054496
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054496 mov eax, dword ptr fs:[00000030h]5_2_01054496
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054496 mov eax, dword ptr fs:[00000030h]5_2_01054496
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054496 mov eax, dword ptr fs:[00000030h]5_2_01054496
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01054496 mov eax, dword ptr fs:[00000030h]5_2_01054496
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB7D50 mov eax, dword ptr fs:[00000030h]5_2_00FB7D50
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD3D43 mov eax, dword ptr fs:[00000030h]5_2_00FD3D43
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC4D3B mov eax, dword ptr fs:[00000030h]5_2_00FC4D3B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC4D3B mov eax, dword ptr fs:[00000030h]5_2_00FC4D3B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC4D3B mov eax, dword ptr fs:[00000030h]5_2_00FC4D3B
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9AD30 mov eax, dword ptr fs:[00000030h]5_2_00F9AD30
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA3D34 mov eax, dword ptr fs:[00000030h]5_2_00FA3D34
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA3D34 mov eax, dword ptr fs:[00000030h]5_2_00FA3D34
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA3D34 mov eax, dword ptr fs:[00000030h]5_2_00FA3D34
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA3D34 mov eax, dword ptr fs:[00000030h]5_2_00FA3D34
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA3D34 mov eax, dword ptr fs:[00000030h]5_2_00FA3D34
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA3D34 mov eax, dword ptr fs:[00000030h]5_2_00FA3D34
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA3D34 mov eax, dword ptr fs:[00000030h]5_2_00FA3D34
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA3D34 mov eax, dword ptr fs:[00000030h]5_2_00FA3D34
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA3D34 mov eax, dword ptr fs:[00000030h]5_2_00FA3D34
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA3D34 mov eax, dword ptr fs:[00000030h]5_2_00FA3D34
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA3D34 mov eax, dword ptr fs:[00000030h]5_2_00FA3D34
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA3D34 mov eax, dword ptr fs:[00000030h]5_2_00FA3D34
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA3D34 mov eax, dword ptr fs:[00000030h]5_2_00FA3D34
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01068CD6 mov eax, dword ptr fs:[00000030h]5_2_01068CD6
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCF527 mov eax, dword ptr fs:[00000030h]5_2_00FCF527
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCF527 mov eax, dword ptr fs:[00000030h]5_2_00FCF527
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCF527 mov eax, dword ptr fs:[00000030h]5_2_00FCF527
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01016CF0 mov eax, dword ptr fs:[00000030h]5_2_01016CF0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01016CF0 mov eax, dword ptr fs:[00000030h]5_2_01016CF0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01016CF0 mov eax, dword ptr fs:[00000030h]5_2_01016CF0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010514FB mov eax, dword ptr fs:[00000030h]5_2_010514FB
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0106070D mov eax, dword ptr fs:[00000030h]5_2_0106070D
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0106070D mov eax, dword ptr fs:[00000030h]5_2_0106070D
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0102FF10 mov eax, dword ptr fs:[00000030h]5_2_0102FF10
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0102FF10 mov eax, dword ptr fs:[00000030h]5_2_0102FF10
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA76E2 mov eax, dword ptr fs:[00000030h]5_2_00FA76E2
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC16E0 mov ecx, dword ptr fs:[00000030h]5_2_00FC16E0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC36CC mov eax, dword ptr fs:[00000030h]5_2_00FC36CC
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD8EC7 mov eax, dword ptr fs:[00000030h]5_2_00FD8EC7
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051751 mov eax, dword ptr fs:[00000030h]5_2_01051751
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01068F6A mov eax, dword ptr fs:[00000030h]5_2_01068F6A
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBAE73 mov eax, dword ptr fs:[00000030h]5_2_00FBAE73
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBAE73 mov eax, dword ptr fs:[00000030h]5_2_00FBAE73
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBAE73 mov eax, dword ptr fs:[00000030h]5_2_00FBAE73
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBAE73 mov eax, dword ptr fs:[00000030h]5_2_00FBAE73
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBAE73 mov eax, dword ptr fs:[00000030h]5_2_00FBAE73
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01017794 mov eax, dword ptr fs:[00000030h]5_2_01017794
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01017794 mov eax, dword ptr fs:[00000030h]5_2_01017794
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01017794 mov eax, dword ptr fs:[00000030h]5_2_01017794
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA766D mov eax, dword ptr fs:[00000030h]5_2_00FA766D
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA7E41 mov eax, dword ptr fs:[00000030h]5_2_00FA7E41
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA7E41 mov eax, dword ptr fs:[00000030h]5_2_00FA7E41
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA7E41 mov eax, dword ptr fs:[00000030h]5_2_00FA7E41
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA7E41 mov eax, dword ptr fs:[00000030h]5_2_00FA7E41
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA7E41 mov eax, dword ptr fs:[00000030h]5_2_00FA7E41
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA7E41 mov eax, dword ptr fs:[00000030h]5_2_00FA7E41
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9E620 mov eax, dword ptr fs:[00000030h]5_2_00F9E620
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCA61C mov eax, dword ptr fs:[00000030h]5_2_00FCA61C
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCA61C mov eax, dword ptr fs:[00000030h]5_2_00FCA61C
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9C600 mov eax, dword ptr fs:[00000030h]5_2_00F9C600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9C600 mov eax, dword ptr fs:[00000030h]5_2_00F9C600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F9C600 mov eax, dword ptr fs:[00000030h]5_2_00F9C600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov eax, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov eax, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov eax, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov eax, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov ecx, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov ecx, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov eax, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov ecx, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov ecx, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov eax, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov eax, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov eax, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov eax, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov eax, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov eax, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov eax, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov eax, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov eax, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FB5600 mov eax, dword ptr fs:[00000030h]5_2_00FB5600
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC8E00 mov eax, dword ptr fs:[00000030h]5_2_00FC8E00
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD37F5 mov eax, dword ptr fs:[00000030h]5_2_00FD37F5
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01051608 mov eax, dword ptr fs:[00000030h]5_2_01051608
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0104FE3F mov eax, dword ptr fs:[00000030h]5_2_0104FE3F
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0105AE44 mov eax, dword ptr fs:[00000030h]5_2_0105AE44
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0105AE44 mov eax, dword ptr fs:[00000030h]5_2_0105AE44
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FA8794 mov eax, dword ptr fs:[00000030h]5_2_00FA8794
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0102FE87 mov eax, dword ptr fs:[00000030h]5_2_0102FE87
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FAFF60 mov eax, dword ptr fs:[00000030h]5_2_00FAFF60
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01060EA5 mov eax, dword ptr fs:[00000030h]5_2_01060EA5
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01060EA5 mov eax, dword ptr fs:[00000030h]5_2_01060EA5
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01060EA5 mov eax, dword ptr fs:[00000030h]5_2_01060EA5
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_010146A7 mov eax, dword ptr fs:[00000030h]5_2_010146A7
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FAEF40 mov eax, dword ptr fs:[00000030h]5_2_00FAEF40
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_0104FEC0 mov eax, dword ptr fs:[00000030h]5_2_0104FEC0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB73D mov eax, dword ptr fs:[00000030h]5_2_00FBB73D
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBB73D mov eax, dword ptr fs:[00000030h]5_2_00FBB73D
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCE730 mov eax, dword ptr fs:[00000030h]5_2_00FCE730
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC3F33 mov eax, dword ptr fs:[00000030h]5_2_00FC3F33
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_01068ED6 mov eax, dword ptr fs:[00000030h]5_2_01068ED6
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F94F2E mov eax, dword ptr fs:[00000030h]5_2_00F94F2E
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00F94F2E mov eax, dword ptr fs:[00000030h]5_2_00F94F2E
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FC4710 mov eax, dword ptr fs:[00000030h]5_2_00FC4710
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FBF716 mov eax, dword ptr fs:[00000030h]5_2_00FBF716
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCA70E mov eax, dword ptr fs:[00000030h]5_2_00FCA70E
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FCA70E mov eax, dword ptr fs:[00000030h]5_2_00FCA70E
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeCode function: 5_2_00FD98F0 NtReadVirtualMemory,LdrInitializeThunk,5_2_00FD98F0
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.nattu.info
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeSection unmapped: C:\Windows\SysWOW64\svchost.exe base address: 950000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeSection loaded: unknown target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeSection loaded: unknown target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeMemory written: C:\Users\user\Desktop\o3pLoLD7cc.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeThread register set: target process: 3968Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeThread register set: target process: 3968Jump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess created: C:\Users\user\Desktop\o3pLoLD7cc.exe C:\Users\user\Desktop\o3pLoLD7cc.exeJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeProcess created: C:\Users\user\Desktop\o3pLoLD7cc.exe C:\Users\user\Desktop\o3pLoLD7cc.exeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\o3pLoLD7cc.exe"Jump to behavior
          Source: explorer.exe, 00000006.00000000.338265777.0000000000688000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.281420988.0000000000688000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.317151720.0000000000688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanEXE^
          Source: explorer.exe, 00000006.00000000.321446052.0000000005920000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.317580119.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.348041590.00000000080ED000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000006.00000000.317580119.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.394008415.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.282201994.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000006.00000000.317580119.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.394008415.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.282201994.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000006.00000000.338308814.000000000069D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.281471557.000000000069D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.393359143.000000000069D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd4
          Source: explorer.exe, 00000006.00000000.317580119.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.394008415.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.282201994.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: WProgram Manager
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Users\user\Desktop\o3pLoLD7cc.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\o3pLoLD7cc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 5.0.o3pLoLD7cc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.o3pLoLD7cc.exe.424f558.9.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.507829731.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.508959934.0000000002960000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.506902043.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.352084997.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.331404311.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.281181873.000000000424F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 5.0.o3pLoLD7cc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.o3pLoLD7cc.exe.424f558.9.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.507829731.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.508959934.0000000002960000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.506902043.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.352084997.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.331404311.000000000D756000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.281181873.000000000424F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		Path Interception612
          Process Injection          		1
          Rootkit          		1
          Credential API Hooking          		221
          Security Software Discovery          		Remote Services1
          Credential API Hooking          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Masquerading          		1
          Input Capture          		2
          Process Discovery          		Remote Desktop Protocol1
          Input Capture          		Exfiltration Over Bluetooth1
          Non-Application Layer Protocol          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
          Disable or Modify Tools          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares11
          Archive Collected Data          		Automated Exfiltration11
          Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)31
          Virtualization/Sandbox Evasion          		NTDS1
          Remote System Discovery          		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script612
          Process Injection          		LSA Secrets112
          System Information Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common11
          Deobfuscate/Decode Files or Information          		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items3
          Obfuscated Files or Information          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job13
          Software Packing          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 680344 Sample: o3pLoLD7cc Startdate: 08/08/2022 Architecture: WINDOWS Score: 100 36 Malicious sample detected (through community Yara rule) 2->36 38 Multi AV Scanner detection for submitted file 2->38 40 Yara detected AntiVM3 2->40 42 6 other signatures 2->42 10 o3pLoLD7cc.exe 3 2->10         started        process3 file4 32 C:\Users\user\AppData\...\o3pLoLD7cc.exe.log, ASCII 10->32 dropped 52 Tries to detect virtualization through RDTSC time measurements 10->52 54 Injects a PE file into a foreign processes 10->54 14 o3pLoLD7cc.exe 10->14         started        17 o3pLoLD7cc.exe 10->17         started        signatures5 process6 signatures7 56 Modifies the context of a thread in another process (thread injection) 14->56 58 Maps a DLL or memory area into another process 14->58 60 Sample uses process hollowing technique 14->60 62 Queues an APC in another process (thread injection) 14->62 19 explorer.exe 14->19 injected process8 dnsIp9 34 www.nattu.info 19->34 44 System process connects to network (likely due to code injection or exploit) 19->44 23 svchost.exe 19->23         started        26 autoconv.exe 19->26         started        signatures10 process11 signatures12 46 Modifies the context of a thread in another process (thread injection) 23->46 48 Maps a DLL or memory area into another process 23->48 50 Tries to detect virtualization through RDTSC time measurements 23->50 28 cmd.exe 1 23->28         started        process13 process14 30 conhost.exe 28->30         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          o3pLoLD7cc.exe42%VirustotalBrowse
          o3pLoLD7cc.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          5.0.o3pLoLD7cc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.sajatypeworks.com20%URL Reputationsafe
          http://www.founder.com.cn/cnJ0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.fontbureau.comalsX0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cnr-c0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp//0%URL Reputationsafe
          http://www.founder.com.cn/cnmpat20%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/#0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sajatypeworks.come0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.fontbureau.comiced0%Avira URL Cloudsafe
          http://www.fontbureau.com=0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/X0%URL Reputationsafe
          http://www.sajatypeworks.comt0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/O0%URL Reputationsafe
          www.barbaramac.com/b30i/0%Avira URL Cloudsafe
          http://www.fontbureau.comO0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/F0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
          http://www.fontbureau.come.com0%URL Reputationsafe
          http://en.w0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.fontbureau.comk0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/t0%URL Reputationsafe
          http://www.founder.com.cn/cn20%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/Y0/50%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.nattu.info
          		unknown
          		unknowntrue
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            www.barbaramac.com/b30i/true
            • Avira URL Cloud: safe
            		low

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.fontbureau.com/designersGo3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.sajatypeworks.com2o3pLoLD7cc.exe, 00000000.00000003.245548384.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245979119.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247559088.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246374848.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246781545.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245108616.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244369021.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245067478.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247694806.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247023658.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246565619.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245466325.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245843164.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246820959.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247666309.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247445746.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247116878.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244398485.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244484316.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247194983.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244285528.000000000612B000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.fontbureau.com/designers/?o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://www.founder.com.cn/cnJo3pLoLD7cc.exe, 00000000.00000003.246064355.0000000006117000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.founder.com.cn/cn/bTheo3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.fontbureau.com/designers?o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.fontbureau.comalsXo3pLoLD7cc.exe, 00000000.00000003.251143255.0000000006117000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.251497013.0000000006118000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.tiro.como3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designerso3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.goodfont.co.kro3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.sajatypeworks.como3pLoLD7cc.exe, 00000000.00000003.245548384.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245979119.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247559088.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246374848.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246781545.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245108616.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245067478.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247694806.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247023658.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246565619.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245466325.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245843164.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246820959.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247666309.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247445746.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247116878.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244398485.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244484316.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247194983.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244640688.000000000612B000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.typography.netDo3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cn/cTheo3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cnr-co3pLoLD7cc.exe, 00000000.00000003.246064355.0000000006117000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.galapagosdesign.com/staff/dennis.htmo3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.255020479.000000000611A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://fontfabrik.como3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.jiyu-kobo.co.jp//o3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://en.wikipediaWto3pLoLD7cc.exe, 00000000.00000003.243927587.0000000006133000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.founder.com.cn/cnmpat2o3pLoLD7cc.exe, 00000000.00000003.245933926.0000000006117000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.galapagosdesign.com/DPleaseo3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fonts.como3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.sandoll.co.kro3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.jiyu-kobo.co.jp/#o3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.urwpp.deDPleaseo3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.zhongyicts.com.cno3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.sajatypeworks.comeo3pLoLD7cc.exe, 00000000.00000003.245548384.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245979119.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247559088.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246374848.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246781545.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245108616.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245067478.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247694806.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247023658.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246565619.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245466325.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245843164.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246820959.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247666309.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247445746.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247116878.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244398485.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244484316.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247194983.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244640688.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247373240.000000000612B000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.sakkal.como3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.comicedo3pLoLD7cc.exe, 00000000.00000003.251143255.0000000006117000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.251497013.0000000006118000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.fontbureau.com=o3pLoLD7cc.exe, 00000000.00000003.251143255.0000000006117000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.251497013.0000000006118000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://www.apache.org/licenses/LICENSE-2.0o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.fontbureau.como3pLoLD7cc.exe, 00000000.00000003.251143255.0000000006117000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.273323526.0000000006110000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.251497013.0000000006118000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.255020479.000000000611A000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.galapagosdesign.com/o3pLoLD7cc.exe, 00000000.00000003.252641899.0000000006148000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/Xo3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.sajatypeworks.comto3pLoLD7cc.exe, 00000000.00000003.245548384.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245979119.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247559088.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246374848.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246781545.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245108616.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244369021.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245067478.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247694806.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247023658.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246565619.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245466325.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245843164.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.246820959.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247666309.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247445746.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247116878.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244398485.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244484316.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.247194983.000000000612B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.244285528.000000000612B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/Oo3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.comOo3pLoLD7cc.exe, 00000000.00000003.251143255.0000000006117000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.251497013.0000000006118000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/Fo3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/jp/o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.come.como3pLoLD7cc.exe, 00000000.00000003.255020479.000000000611A000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://en.wo3pLoLD7cc.exe, 00000000.00000003.244630124.0000000006116000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.carterandcone.comlo3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/cabarga.htmlNo3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.fontbureau.comko3pLoLD7cc.exe, 00000000.00000003.251143255.0000000006117000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.251497013.0000000006118000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.founder.com.cn/cno3pLoLD7cc.exe, 00000000.00000003.246064355.0000000006117000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.245933926.0000000006117000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/frere-jones.htmlo3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.jiyu-kobo.co.jp/to3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cn2o3pLoLD7cc.exe, 00000000.00000003.246064355.0000000006117000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/o3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers8o3pLoLD7cc.exe, 00000000.00000002.284965912.0000000007322000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.jiyu-kobo.co.jp/Y0/5o3pLoLD7cc.exe, 00000000.00000003.248134109.000000000611B000.00000004.00000800.00020000.00000000.sdmp, o3pLoLD7cc.exe, 00000000.00000003.248081608.000000000611B000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  No contacted IP infos

                                  General Information

                                  Joe Sandbox Version:35.0.0 Citrine
                                  Analysis ID:680344
                                  Start date and time: 08/08/202212:40:092022-08-08 12:40:09 +02:00
                                  Joe Sandbox Product:CloudBasic
                                  Overall analysis duration:0h 7m 40s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Sample file name:o3pLoLD7cc (renamed file extension from none to exe)
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                  Number of analysed new started processes analysed:32
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:1
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • HDC enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal100.troj.evad.winEXE@10/1@1/0
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HDC Information:
                                  • Successful, ratio: 93.8% (good quality ratio 82.5%)
                                  • Quality average: 72.5%
                                  • Quality standard deviation: 32.8%
                                  HCA Information:
                                  • Successful, ratio: 97%
                                  • Number of executed functions: 42
                                  • Number of non-executed functions: 186
                                  Cookbook Comments:
                                  • Adjust boot time
                                  • Enable AMSI

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                  • Excluded IPs from analysis (whitelisted): 23.211.6.115
                                  • Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, fs.microsoft.com, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  12:41:18API Interceptor1x Sleep call for process: o3pLoLD7cc.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  No context

                                  Domains

                                  No context

                                  ASNs

                                  No context

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\o3pLoLD7cc.exe.log

                                  Download File
                                  Process:C:\Users\user\Desktop\o3pLoLD7cc.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1308
                                  Entropy (8bit):5.345811588615766
                                  Encrypted:false
                                  SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84FsXE8:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzu
                                  MD5:2E016B886BDB8389D2DD0867BE55F87B
                                  SHA1:25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
                                  SHA-256:1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
                                  SHA-512:C100729153954328AA2A77EECB2A3CBD03CB7E8E23D736000F890B17AAA50BA87745E30FB9E2B0D61E16DCA45694C79B4CE09B9F4475220BEB38CAEA546CFC2A
                                  Malicious:true
                                  Reputation:high, very likely benign file
                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                  Static File Info

                                  General

                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Entropy (8bit):7.77393756874727
                                  TrID:
                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                  • DOS Executable Generic (2002/1) 0.01%
                                  File name:o3pLoLD7cc.exe
                                  File size:807936
                                  MD5:0d8224c48ed19b05a91a413c69e7b4d3
                                  SHA1:a885be432257d23d63d0ba448ec0cb6950e37370
                                  SHA256:4bd0c1c5a6eb5e3bb2e84db799270248f5467dfb3e6e3b1d8db14887eeecae5e
                                  SHA512:67b6a482b9d0dfb5b07351d05402cb10a7b1cd2724d5dc20ac9515805dd887d025b82df351201ac16cc64f71d2dd7dbcfa7e960be2de2afbc6ac1e638b1ff922
                                  SSDEEP:24576:5FxgV10gWvlZm4Ipn1xOFfnckCe9IbUDHDl:lgVWddIpqFpC7U
                                  TLSH:3B05BE1BAF147708C5A76AB4EE0BB97267F61C5D3175D0B83E647C0A4AFF301E52242A
                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b..............0..L...........j... ........@.. ....................................@................................

                                  File Icon

                                  Icon Hash:00828e8e8686b000

                                  Static PE Info

                                  General

                                  Entrypoint:0x4c6ace
                                  Entrypoint Section:.text
                                  Digitally signed:false
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                  Time Stamp:0x62F0CBF8 [Mon Aug 8 08:40:24 2022 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:4
                                  OS Version Minor:0
                                  File Version Major:4
                                  File Version Minor:0
                                  Subsystem Version Major:4
                                  Subsystem Version Minor:0
                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                  Entrypoint Preview

                                  Instruction
                                  jmp dword ptr [00402000h]
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al

                                  Data Directories

                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xc6a7c0x4f.text
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xc80000x3a8.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xca0000xc.reloc
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                  Sections

                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  .text0x20000xc4ad40xc4c00False0.813856267868488data7.7803803280527IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  .rsrc0xc80000x3a80x400False0.3779296875data2.9367451592192806IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .reloc0xca0000xc0x200False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                  Resources

                                  NameRVASizeTypeLanguageCountry
                                  RT_VERSION0xc80580x34cdata

                                  Imports

                                  DLLImport
                                  mscoree.dll_CorExeMain

                                  Network Behavior

                                  Network Port Distribution

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Aug 8, 2022 12:42:59.534740925 CEST5139153192.168.2.38.8.8.8
                                  Aug 8, 2022 12:43:00.008338928 CEST53513918.8.8.8192.168.2.3

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                  Aug 8, 2022 12:42:59.534740925 CEST192.168.2.38.8.8.80xa4dfStandard query (0)www.nattu.infoA (IP address)IN (0x0001)

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                  Aug 8, 2022 12:43:00.008338928 CEST8.8.8.8192.168.2.30xa4dfServer failure (2)www.nattu.infononenoneA (IP address)IN (0x0001)

                                  Code Manipulations

                                  User Modules

                                  Hook Summary

                                  Function NameHook TypeActive in Processes
                                  PeekMessageAINLINEexplorer.exe
                                  PeekMessageWINLINEexplorer.exe
                                  GetMessageWINLINEexplorer.exe
                                  GetMessageAINLINEexplorer.exe

                                  Processes

                                  Process: explorer.exe, Module: user32.dll
                                  Function NameHook TypeNew Data
                                  PeekMessageAINLINE0x48 0x8B 0xB8 0x8A 0xAE 0xEC
                                  PeekMessageWINLINE0x48 0x8B 0xB8 0x82 0x2E 0xEC
                                  GetMessageWINLINE0x48 0x8B 0xB8 0x82 0x2E 0xEC
                                  GetMessageAINLINE0x48 0x8B 0xB8 0x8A 0xAE 0xEC

                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:12:41:08
                                  Start date:08/08/2022
                                  Path:C:\Users\user\Desktop\o3pLoLD7cc.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\o3pLoLD7cc.exe"
                                  Imagebase:0xe10000
                                  File size:807936 bytes
                                  MD5 hash:0D8224C48ED19B05A91A413C69E7B4D3
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Yara matches:
                                  • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.280526739.00000000033FA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.278817916.00000000031C3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.281181873.000000000424F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.281181873.000000000424F000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.281181873.000000000424F000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.281181873.000000000424F000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                  Reputation:low

                                  General

                                  Target ID:4
                                  Start time:12:41:20
                                  Start date:08/08/2022
                                  Path:C:\Users\user\Desktop\o3pLoLD7cc.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Users\user\Desktop\o3pLoLD7cc.exe
                                  Imagebase:0xe0000
                                  File size:807936 bytes
                                  MD5 hash:0D8224C48ED19B05A91A413C69E7B4D3
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low

                                  General

                                  Target ID:5
                                  Start time:12:41:21
                                  Start date:08/08/2022
                                  Path:C:\Users\user\Desktop\o3pLoLD7cc.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Users\user\Desktop\o3pLoLD7cc.exe
                                  Imagebase:0x4b0000
                                  File size:807936 bytes
                                  MD5 hash:0D8224C48ED19B05A91A413C69E7B4D3
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.270208888.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                  Reputation:low

                                  General

                                  Target ID:6
                                  Start time:12:41:28
                                  Start date:08/08/2022
                                  Path:C:\Windows\explorer.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\Explorer.EXE
                                  Imagebase:0x7ff6b8cf0000
                                  File size:3933184 bytes
                                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                  Has elevated privileges:false
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.352084997.000000000D756000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000000.352084997.000000000D756000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.352084997.000000000D756000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.352084997.000000000D756000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.331404311.000000000D756000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000000.331404311.000000000D756000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.331404311.000000000D756000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.331404311.000000000D756000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                  Reputation:high

                                  General

                                  Target ID:21
                                  Start time:12:42:04
                                  Start date:08/08/2022
                                  Path:C:\Windows\SysWOW64\autoconv.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\SysWOW64\autoconv.exe
                                  Imagebase:0x8f0000
                                  File size:851968 bytes
                                  MD5 hash:4506BE56787EDCD771A351C10B5AE3B7
                                  Has elevated privileges:false
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Reputation:moderate

                                  General

                                  Target ID:22
                                  Start time:12:42:04
                                  Start date:08/08/2022
                                  Path:C:\Windows\SysWOW64\svchost.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Windows\SysWOW64\svchost.exe
                                  Imagebase:0x950000
                                  File size:44520 bytes
                                  MD5 hash:FA6C268A5B5BDA067A901764D203D433
                                  Has elevated privileges:false
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000016.00000002.507829731.0000000000900000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000016.00000002.507829731.0000000000900000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000016.00000002.507829731.0000000000900000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000016.00000002.507829731.0000000000900000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000016.00000002.508959934.0000000002960000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000016.00000002.508959934.0000000002960000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000016.00000002.508959934.0000000002960000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000016.00000002.508959934.0000000002960000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000016.00000002.506902043.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000016.00000002.506902043.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000016.00000002.506902043.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000016.00000002.506902043.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                  Reputation:high

                                  General

                                  Target ID:23
                                  Start time:12:42:10
                                  Start date:08/08/2022
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):true
                                  Commandline:/c del "C:\Users\user\Desktop\o3pLoLD7cc.exe"
                                  Imagebase:0xc20000
                                  File size:232960 bytes
                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                  Has elevated privileges:false
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  General

                                  Target ID:25
                                  Start time:12:42:11
                                  Start date:08/08/2022
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff7c9170000
                                  File size:625664 bytes
                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                  Has elevated privileges:false
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Disassembly

                                  Reset < >

                                    Execution Graph

                                    Execution Coverage:7.6%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:0%
                                    Total number of Nodes:123
                                    Total number of Limit Nodes:7
                                    execution_graph 21693 7abf368 21694 7abf3b3 ReadProcessMemory 21693->21694 21696 7abf3f7 21694->21696 21824 7abf248 21825 7abf290 WriteProcessMemory 21824->21825 21827 7abf2e7 21825->21827 21832 7abf158 21833 7abf198 VirtualAllocEx 21832->21833 21835 7abf1d5 21833->21835 21697 19740d0 21698 19740e2 21697->21698 21699 19740ee 21698->21699 21703 19741e0 21698->21703 21708 197388c 21699->21708 21701 197410d 21704 1974205 21703->21704 21712 19742d1 21704->21712 21716 19742e0 21704->21716 21709 1973897 21708->21709 21724 1975b4c 21709->21724 21711 19771fa 21711->21701 21714 1974307 21712->21714 21713 19743e4 21713->21713 21714->21713 21720 1973e18 21714->21720 21718 1974307 21716->21718 21717 19743e4 21717->21717 21718->21717 21719 1973e18 CreateActCtxA 21718->21719 21719->21717 21721 1975370 CreateActCtxA 21720->21721 21723 1975433 21721->21723 21725 1975b57 21724->21725 21728 1976f28 21725->21728 21727 197731d 21727->21711 21729 1976f33 21728->21729 21732 1976f58 21729->21732 21731 19773fa 21731->21727 21733 1976f63 21732->21733 21736 1976f88 21733->21736 21735 19774ea 21735->21731 21737 1976f93 21736->21737 21738 1977c3c 21737->21738 21740 197bf10 21737->21740 21738->21735 21741 197bf41 21740->21741 21744 197bf65 21741->21744 21745 197c0d0 21741->21745 21749 197c0c0 21741->21749 21744->21738 21746 197c0dd 21745->21746 21747 197c117 21746->21747 21753 197b594 21746->21753 21747->21744 21750 197c0dd 21749->21750 21751 197b594 2 API calls 21750->21751 21752 197c117 21750->21752 21751->21752 21752->21744 21754 197b59f 21753->21754 21756 197ca08 21754->21756 21757 197b67c 21754->21757 21756->21756 21758 197b687 21757->21758 21759 1976f88 2 API calls 21758->21759 21763 197ce77 21758->21763 21759->21763 21760 197ceb0 21760->21756 21764 197e7f0 21763->21764 21773 197e808 21763->21773 21765 197e7da 21764->21765 21767 197e7fa 21764->21767 21765->21760 21766 197e86e 21771 197f077 LoadLibraryExW GetModuleHandleW 21766->21771 21772 197f088 LoadLibraryExW GetModuleHandleW 21766->21772 21767->21766 21768 197e845 21767->21768 21769 197e7f0 LoadLibraryExW GetModuleHandleW 21767->21769 21770 197e808 LoadLibraryExW GetModuleHandleW 21767->21770 21768->21760 21769->21766 21770->21766 21771->21768 21772->21768 21775 197e839 21773->21775 21776 197e885 21773->21776 21774 197e845 21774->21760 21775->21774 21777 197e7f0 LoadLibraryExW GetModuleHandleW 21775->21777 21778 197e877 21775->21778 21779 197e808 LoadLibraryExW GetModuleHandleW 21775->21779 21776->21760 21777->21778 21780 197f077 LoadLibraryExW GetModuleHandleW 21778->21780 21781 197f088 LoadLibraryExW GetModuleHandleW 21778->21781 21779->21778 21780->21776 21781->21776 21782 197c410 DuplicateHandle 21783 197c4a6 21782->21783 21784 1979e10 21785 1979e1f 21784->21785 21788 1979f08 21784->21788 21796 1979ef8 21784->21796 21789 1979f1b 21788->21789 21790 1979f33 21789->21790 21804 197a181 21789->21804 21808 197a190 21789->21808 21790->21785 21791 197a130 GetModuleHandleW 21793 197a15d 21791->21793 21792 1979f2b 21792->21790 21792->21791 21793->21785 21797 1979f1b 21796->21797 21799 1979f33 21797->21799 21802 197a181 LoadLibraryExW 21797->21802 21803 197a190 LoadLibraryExW 21797->21803 21798 1979f2b 21798->21799 21800 197a130 GetModuleHandleW 21798->21800 21799->21785 21801 197a15d 21800->21801 21801->21785 21802->21798 21803->21798 21805 197a1a4 21804->21805 21806 197a1c9 21805->21806 21812 1979468 21805->21812 21806->21792 21809 197a1a4 21808->21809 21810 1979468 LoadLibraryExW 21809->21810 21811 197a1c9 21809->21811 21810->21811 21811->21792 21813 197a370 LoadLibraryExW 21812->21813 21815 197a3e9 21813->21815 21815->21806 21816 7abeee0 21817 7abef20 ResumeThread 21816->21817 21819 7abef51 21817->21819 21820 7abf560 21821 7abf5e9 21820->21821 21821->21821 21822 7abf74e CreateProcessA 21821->21822 21823 7abf7ab 21822->21823 21828 7abefc0 21829 7abf005 SetThreadContext 21828->21829 21831 7abf04d 21829->21831 21836 197c1e8 21837 197c1ed GetCurrentProcess 21836->21837 21838 197c262 GetCurrentThread 21837->21838 21839 197c25b 21837->21839 21840 197c29f GetCurrentProcess 21838->21840 21841 197c298 21838->21841 21839->21838 21842 197c2d5 21840->21842 21841->21840 21843 197c2fd GetCurrentThreadId 21842->21843 21844 197c32e 21843->21844

                                    Executed Functions

                                    Function 07AB5A40 Relevance: 2.2, Strings: 1, Instructions: 983COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 45 7ab5a40-7ab5a61 46 7ab5a68-7ab5b5c 45->46 47 7ab5a63 45->47 49 7ab5b62-7ab5cb9 46->49 50 7ab6264-7ab628c 46->50 47->46 94 7ab5cbf-7ab5d1a 49->94 95 7ab6232-7ab6262 49->95 53 7ab6975-7ab697e 50->53 55 7ab629a-7ab62a3 53->55 56 7ab6984-7ab699b 53->56 57 7ab62aa-7ab638b 55->57 58 7ab62a5 55->58 75 7ab6391-7ab639e 57->75 58->57 77 7ab63c8 75->77 78 7ab63a0-7ab63ac 75->78 81 7ab63ce-7ab63ee 77->81 79 7ab63ae-7ab63b4 78->79 80 7ab63b6-7ab63bc 78->80 82 7ab63c6 79->82 80->82 85 7ab644e-7ab64c8 81->85 86 7ab63f0-7ab6449 81->86 82->81 106 7ab64ca-7ab651d 85->106 107 7ab651f-7ab6562 85->107 100 7ab6972 86->100 101 7ab5d1f-7ab5d2a 94->101 102 7ab5d1c 94->102 95->50 100->53 105 7ab6144-7ab614a 101->105 102->101 108 7ab5d2f-7ab5d4d 105->108 109 7ab6150-7ab61cd 105->109 130 7ab656d-7ab6573 106->130 107->130 113 7ab5d4f-7ab5d53 108->113 114 7ab5da4-7ab5db9 108->114 152 7ab621c-7ab6222 109->152 113->114 119 7ab5d55-7ab5d60 113->119 115 7ab5dbb 114->115 116 7ab5dc0-7ab5dd6 114->116 115->116 121 7ab5dd8 116->121 122 7ab5ddd-7ab5df4 116->122 124 7ab5d96-7ab5d9c 119->124 121->122 127 7ab5dfb-7ab5e11 122->127 128 7ab5df6 122->128 125 7ab5d9e-7ab5d9f 124->125 126 7ab5d62-7ab5d66 124->126 131 7ab5e22-7ab6048 125->131 132 7ab5d68 126->132 133 7ab5d6c-7ab5d84 126->133 135 7ab5e18-7ab5e1f 127->135 136 7ab5e13 127->136 128->127 139 7ab65ca-7ab65d6 130->139 145 7ab604a-7ab604e 131->145 146 7ab60ac-7ab60c1 131->146 132->133 137 7ab5d8b-7ab5d93 133->137 138 7ab5d86 133->138 135->131 136->135 137->124 138->137 142 7ab65d8-7ab6660 139->142 143 7ab6575-7ab6597 139->143 177 7ab67e5-7ab67ee 142->177 147 7ab6599 143->147 148 7ab659e-7ab65c7 143->148 145->146 153 7ab6050-7ab605f 145->153 149 7ab60c8-7ab60e9 146->149 150 7ab60c3 146->150 147->148 148->139 156 7ab60eb 149->156 157 7ab60f0-7ab610f 149->157 150->149 154 7ab61cf-7ab6219 152->154 155 7ab6224-7ab622a 152->155 158 7ab609e-7ab60a4 153->158 154->152 155->95 156->157 161 7ab6111 157->161 162 7ab6116-7ab6136 157->162 163 7ab6061-7ab6065 158->163 164 7ab60a6-7ab60a7 158->164 161->162 167 7ab6138 162->167 168 7ab613d 162->168 165 7ab606f-7ab6090 163->165 166 7ab6067-7ab606b 163->166 171 7ab6141 164->171 173 7ab6092 165->173 174 7ab6097-7ab609b 165->174 166->165 167->168 168->171 171->105 173->174 174->158 179 7ab6665-7ab667a 177->179 180 7ab67f4-7ab684f 177->180 181 7ab667c 179->181 182 7ab6683-7ab67d9 179->182 195 7ab6851-7ab6884 180->195 196 7ab6886-7ab68b0 180->196 181->182 184 7ab6689-7ab66c9 181->184 185 7ab6758-7ab6798 181->185 186 7ab66ce-7ab670e 181->186 187 7ab6713-7ab6753 181->187 197 7ab67df 182->197 184->197 185->197 186->197 187->197 204 7ab68b9-7ab696b 195->204 196->204 197->177 204->100
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.287502622.0000000007AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AB0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ab0000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: UUUU
                                    • API String ID: 0-1798160573
                                    • Opcode ID: 548ba04945128b015e956cdeaffbe66e9626042bb5d2ac814d280405ddc58261
                                    • Instruction ID: 594ff06041925b269438827f7dd8c3e2112907b1f19425897b3a4bb48243f8fc
                                    • Opcode Fuzzy Hash: 548ba04945128b015e956cdeaffbe66e9626042bb5d2ac814d280405ddc58261
                                    • Instruction Fuzzy Hash: FFA2B575A00628CFDB64CF69C984AD9BBB2FF89304F1581E9D509AB361DB319E85CF40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0197C1DA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124threadCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • GetCurrentProcess.KERNEL32 ref: 0197C248
                                    • GetCurrentThread.KERNEL32 ref: 0197C285
                                    • GetCurrentProcess.KERNEL32 ref: 0197C2C2
                                    • GetCurrentThreadId.KERNEL32 ref: 0197C31B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.278218196.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1970000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: Current$ProcessThread
                                    • String ID: 4
                                    • API String ID: 2063062207-4088798008
                                    • Opcode ID: ab5d964956c932123a5578a8f3035a38e0e9e22f2f414f6eabfba79b0e7126c9
                                    • Instruction ID: e94a7930bf5281105d537773d0273e7d823355133a909e417c218c8b957d93e2
                                    • Opcode Fuzzy Hash: ab5d964956c932123a5578a8f3035a38e0e9e22f2f414f6eabfba79b0e7126c9
                                    • Instruction Fuzzy Hash: D65134B09006498FDB14CFAAD589BEEBFF4EF48304F248569E419A7750DB349984CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0197C1E8 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • GetCurrentProcess.KERNEL32 ref: 0197C248
                                    • GetCurrentThread.KERNEL32 ref: 0197C285
                                    • GetCurrentProcess.KERNEL32 ref: 0197C2C2
                                    • GetCurrentThreadId.KERNEL32 ref: 0197C31B
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.278218196.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1970000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: Current$ProcessThread
                                    • String ID:
                                    • API String ID: 2063062207-0
                                    • Opcode ID: bfa408e32cfee50467e6aa5c9a7df09cacc099eff4fda68ddd4bb9f8e730d525
                                    • Instruction ID: 6a2a3f61de784894f1fc8b3dd38d1e0dd6cb916b65b624d98d690fc72a809bf8
                                    • Opcode Fuzzy Hash: bfa408e32cfee50467e6aa5c9a7df09cacc099eff4fda68ddd4bb9f8e730d525
                                    • Instruction Fuzzy Hash: A95154B09006498FDB24CFAAC588BEEBFF0EF48304F248569E419B3750DB349984CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 07ABF560 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 209 7abf560-7abf5f5 211 7abf62e-7abf64e 209->211 212 7abf5f7-7abf601 209->212 219 7abf650-7abf65a 211->219 220 7abf687-7abf6b6 211->220 212->211 213 7abf603-7abf605 212->213 214 7abf628-7abf62b 213->214 215 7abf607-7abf611 213->215 214->211 217 7abf613 215->217 218 7abf615-7abf624 215->218 217->218 218->218 221 7abf626 218->221 219->220 222 7abf65c-7abf65e 219->222 228 7abf6b8-7abf6c2 220->228 229 7abf6ef-7abf7a9 CreateProcessA 220->229 221->214 224 7abf681-7abf684 222->224 225 7abf660-7abf66a 222->225 224->220 226 7abf66e-7abf67d 225->226 227 7abf66c 225->227 226->226 230 7abf67f 226->230 227->226 228->229 231 7abf6c4-7abf6c6 228->231 240 7abf7ab-7abf7b1 229->240 241 7abf7b2-7abf838 229->241 230->224 233 7abf6e9-7abf6ec 231->233 234 7abf6c8-7abf6d2 231->234 233->229 235 7abf6d6-7abf6e5 234->235 236 7abf6d4 234->236 235->235 238 7abf6e7 235->238 236->235 238->233 240->241 251 7abf83a-7abf83e 241->251 252 7abf848-7abf84c 241->252 251->252 253 7abf840 251->253 254 7abf84e-7abf852 252->254 255 7abf85c-7abf860 252->255 253->252 254->255 258 7abf854 254->258 256 7abf862-7abf866 255->256 257 7abf870-7abf874 255->257 256->257 259 7abf868 256->259 260 7abf886-7abf88d 257->260 261 7abf876-7abf87c 257->261 258->255 259->257 262 7abf88f-7abf89e 260->262 263 7abf8a4 260->263 261->260 262->263
                                    APIs
                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07ABF796
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.287502622.0000000007AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AB0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ab0000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: CreateProcess
                                    • String ID:
                                    • API String ID: 963392458-0
                                    • Opcode ID: f0bead5f18b21729e24673ac7b3ae00be0b4c86fe9479616eae048a2b5ec875e
                                    • Instruction ID: ec731d62c29bfc580fea66a4ac49bdd64a896b76dcebf4452a23532a8f903d96
                                    • Opcode Fuzzy Hash: f0bead5f18b21729e24673ac7b3ae00be0b4c86fe9479616eae048a2b5ec875e
                                    • Instruction Fuzzy Hash: D5915AB1D00259CFDB20CFA9CC917DEBBB6BF48314F188569E818A7250DB749985CF92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01979F08 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 265 1979f08-1979f1d call 19782a8 268 1979f33-1979f37 265->268 269 1979f1f 265->269 270 1979f4b-1979f8c 268->270 271 1979f39-1979f43 268->271 320 1979f25 call 197a181 269->320 321 1979f25 call 197a190 269->321 276 1979f8e-1979f96 270->276 277 1979f99-1979fa7 270->277 271->270 272 1979f2b-1979f2d 272->268 273 197a068-197a0e6 272->273 313 197a0ed-197a128 273->313 314 197a0e8-197a0ec 273->314 276->277 278 1979fcb-1979fcd 277->278 279 1979fa9-1979fae 277->279 283 1979fd0-1979fd7 278->283 281 1979fb0-1979fb7 call 1979410 279->281 282 1979fb9 279->282 286 1979fbb-1979fc9 281->286 282->286 287 1979fe4-1979feb 283->287 288 1979fd9-1979fe1 283->288 286->283 290 1979fed-1979ff5 287->290 291 1979ff8-197a001 call 1979420 287->291 288->287 290->291 296 197a003-197a00b 291->296 297 197a00e-197a013 291->297 296->297 298 197a015-197a01c 297->298 299 197a031-197a035 297->299 298->299 300 197a01e-197a02e call 1979430 call 1979440 298->300 303 197a03b-197a03e 299->303 300->299 306 197a061-197a067 303->306 307 197a040-197a05e 303->307 307->306 315 197a130-197a15b GetModuleHandleW 313->315 316 197a12a-197a12d 313->316 314->313 317 197a164-197a178 315->317 318 197a15d-197a163 315->318 316->315 318->317 320->272 321->272
                                    APIs
                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0197A14E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.278218196.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1970000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: HandleModule
                                    • String ID:
                                    • API String ID: 4139908857-0
                                    • Opcode ID: 1e65fb2daf0eb15b1261b83e25f0c21bd770d84f247101bb7b347a5b70a707b5
                                    • Instruction ID: c7b538f55f10700368e4f04b59063319409e1b39fca0faf8e3bca0e8ae5f304d
                                    • Opcode Fuzzy Hash: 1e65fb2daf0eb15b1261b83e25f0c21bd770d84f247101bb7b347a5b70a707b5
                                    • Instruction Fuzzy Hash: D9713670A00B058FDB24DF2AD44475ABBF5FF88219F04892ED44AD7B50EB75E849CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01973E18 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 322 1973e18-1975431 CreateActCtxA 325 1975433-1975439 322->325 326 197543a-1975494 322->326 325->326 333 1975496-1975499 326->333 334 19754a3-19754a7 326->334 333->334 335 19754a9-19754b5 334->335 336 19754b8 334->336 335->336 337 19754b9 336->337 337->337
                                    APIs
                                    • CreateActCtxA.KERNEL32(?), ref: 01975421
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.278218196.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1970000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: 7c35e23a00e776d163204cad066ba25ae0d6926ae8a1582cbc33e83015b4328f
                                    • Instruction ID: 116b7eed99c6a417639bd108be71d232a5d831baa92a607d7b385f8ffbf62554
                                    • Opcode Fuzzy Hash: 7c35e23a00e776d163204cad066ba25ae0d6926ae8a1582cbc33e83015b4328f
                                    • Instruction Fuzzy Hash: DA41D171D00618CFDB24CFAAC884BDEBBB5FF48709F208169D409AB651EB756949CF90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01975364 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 339 1975364-1975431 CreateActCtxA 341 1975433-1975439 339->341 342 197543a-1975494 339->342 341->342 349 1975496-1975499 342->349 350 19754a3-19754a7 342->350 349->350 351 19754a9-19754b5 350->351 352 19754b8 350->352 351->352 353 19754b9 352->353 353->353
                                    APIs
                                    • CreateActCtxA.KERNEL32(?), ref: 01975421
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.278218196.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1970000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: 6cec18ac88a465d3f4bee9d316852f50b36eff803f7668bfbb6abc4519ba1e7e
                                    • Instruction ID: 6409a1422183536dad2b75e9bb611ee608a10bbcd57ca8d544dabd4a9f4c76cd
                                    • Opcode Fuzzy Hash: 6cec18ac88a465d3f4bee9d316852f50b36eff803f7668bfbb6abc4519ba1e7e
                                    • Instruction Fuzzy Hash: 5D41F371D00218CFEB24CFAAC884BDEBBB5FF48709F208169D409AB650DB755949CF90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 07ABF248 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 355 7abf248-7abf296 357 7abf298-7abf2a4 355->357 358 7abf2a6-7abf2e5 WriteProcessMemory 355->358 357->358 360 7abf2ee-7abf31e 358->360 361 7abf2e7-7abf2ed 358->361 361->360
                                    APIs
                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07ABF2D8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.287502622.0000000007AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AB0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ab0000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: MemoryProcessWrite
                                    • String ID:
                                    • API String ID: 3559483778-0
                                    • Opcode ID: 8fb146dbd50477c0902ade2498f876913beb38b2e80bd963f2331930292c0fcd
                                    • Instruction ID: a65d6f08e7655512bf81c4827adb83aebe3fd427dae3f1b6dfc2f8bb458a95a4
                                    • Opcode Fuzzy Hash: 8fb146dbd50477c0902ade2498f876913beb38b2e80bd963f2331930292c0fcd
                                    • Instruction Fuzzy Hash: 532148B59003499FCB10CFA9C881BDEBBF5FF48314F048429E918A7651D7789945CBA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 07ABF368 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 375 7abf368-7abf3f5 ReadProcessMemory 378 7abf3fe-7abf42e 375->378 379 7abf3f7-7abf3fd 375->379 379->378
                                    APIs
                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07ABF3E8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.287502622.0000000007AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AB0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ab0000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: MemoryProcessRead
                                    • String ID:
                                    • API String ID: 1726664587-0
                                    • Opcode ID: 647eecb8bca8371ea462af9148b267d92836f66d3b2a8dc4e58de2d46303ccad
                                    • Instruction ID: 792e3f5fc74bdf66a42aa6bd9b9017be2ce4e3e91b07d6cb3ebcc7ed63463818
                                    • Opcode Fuzzy Hash: 647eecb8bca8371ea462af9148b267d92836f66d3b2a8dc4e58de2d46303ccad
                                    • Instruction Fuzzy Hash: C02128B1C002599FCF10CFAAC8817EEBBF5FF48314F148429E529A7650D7789945CBA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 07ABEFC0 Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 365 7abefc0-7abf00b 367 7abf01b-7abf04b SetThreadContext 365->367 368 7abf00d-7abf019 365->368 370 7abf04d-7abf053 367->370 371 7abf054-7abf084 367->371 368->367 370->371
                                    APIs
                                    • SetThreadContext.KERNELBASE(?,00000000), ref: 07ABF03E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.287502622.0000000007AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AB0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ab0000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: ContextThread
                                    • String ID:
                                    • API String ID: 1591575202-0
                                    • Opcode ID: fdbeaedf12c5bc984bce5985f0e97d571fd4fa7f0973f18f3fe5c103b906afd9
                                    • Instruction ID: 3a1ec9f3cdc6ef4fffd27403579e09602a9121845d83b86fc694e5c5d9b836e0
                                    • Opcode Fuzzy Hash: fdbeaedf12c5bc984bce5985f0e97d571fd4fa7f0973f18f3fe5c103b906afd9
                                    • Instruction Fuzzy Hash: 542138B1D002098FCB10CFAAC8857EEBBF4EF48264F148429D529A7751DB78A945CFA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0197C410 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 388 197c410-197c4a4 DuplicateHandle 389 197c4a6-197c4ac 388->389 390 197c4ad-197c4ca 388->390 389->390
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0197C497
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.278218196.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1970000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: c3631ffececacfaf3ed4185ab827dcc85908a5d22a844908de22d2000dea8d63
                                    • Instruction ID: 346b7d82786caa12261dfcf627e70855ef7fdfce70310cdd621a1956a99cda02
                                    • Opcode Fuzzy Hash: c3631ffececacfaf3ed4185ab827dcc85908a5d22a844908de22d2000dea8d63
                                    • Instruction Fuzzy Hash: 2C21C6B5D002199FDB10CF9AD984ADEBBF8EF48324F14841AE918A3710D374A945CF61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0197C40A Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 383 197c40a-197c4a4 DuplicateHandle 384 197c4a6-197c4ac 383->384 385 197c4ad-197c4ca 383->385 384->385
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0197C497
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.278218196.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1970000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 1e49f6659827b48d35d1b26cbfb5682eabd28bc79bf544a5586dbfec836d3aee
                                    • Instruction ID: fd183dc6477936aca37128f1540f24e52b7250b0c2bb3e1f815d146a1eb56241
                                    • Opcode Fuzzy Hash: 1e49f6659827b48d35d1b26cbfb5682eabd28bc79bf544a5586dbfec836d3aee
                                    • Instruction Fuzzy Hash: ED21E5B59002199FDB10CF9AD585ADEBFF4EB48324F14841AE918A7310D374AA45CF60
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01979468 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 393 1979468-197a3b0 395 197a3b2-197a3b5 393->395 396 197a3b8-197a3e7 LoadLibraryExW 393->396 395->396 397 197a3f0-197a40d 396->397 398 197a3e9-197a3ef 396->398 398->397
                                    APIs
                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0197A1C9,00000800,00000000,00000000), ref: 0197A3DA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.278218196.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1970000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: LibraryLoad
                                    • String ID:
                                    • API String ID: 1029625771-0
                                    • Opcode ID: c6cc0437af585fe35bcd05f26e36b1f66c68a35b3c5ed70fd3b394904fa5303e
                                    • Instruction ID: e33a72123c278ec1659c6b41a294a0b5c90f699eb13e0fabd978cc35f3460825
                                    • Opcode Fuzzy Hash: c6cc0437af585fe35bcd05f26e36b1f66c68a35b3c5ed70fd3b394904fa5303e
                                    • Instruction Fuzzy Hash: 3311D6B69002499FDB10CF9AC844BDEFBF4EF48314F14852AD519A7610D3B4A945CFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0197A368 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 401 197a368-197a3b0 402 197a3b2-197a3b5 401->402 403 197a3b8-197a3e7 LoadLibraryExW 401->403 402->403 404 197a3f0-197a40d 403->404 405 197a3e9-197a3ef 403->405 405->404
                                    APIs
                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0197A1C9,00000800,00000000,00000000), ref: 0197A3DA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.278218196.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1970000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: LibraryLoad
                                    • String ID:
                                    • API String ID: 1029625771-0
                                    • Opcode ID: a003844e44a6696bf23158395ee5b3751dd6f9bc0e6b1cc802576dc17b2f42c3
                                    • Instruction ID: b114183a6de765834b2e8c0c33d8404109434d6df380bfb709ab8c14429e376f
                                    • Opcode Fuzzy Hash: a003844e44a6696bf23158395ee5b3751dd6f9bc0e6b1cc802576dc17b2f42c3
                                    • Instruction Fuzzy Hash: BE1103B6C002498FDB10CFAAC444BEEFBF4EB88314F14852AD559A7610D374A545CFA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 07ABF158 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 408 7abf158-7abf1d3 VirtualAllocEx 411 7abf1dc-7abf201 408->411 412 7abf1d5-7abf1db 408->412 412->411
                                    APIs
                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07ABF1C6
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.287502622.0000000007AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AB0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ab0000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: AllocVirtual
                                    • String ID:
                                    • API String ID: 4275171209-0
                                    • Opcode ID: d71204903e74bc028862384d4d5e0361f7c1c0899f68276b42cd8ff9d751bdd5
                                    • Instruction ID: f9b5a4176398e3c54c3e3908ca86ee91e0a5de573b66aebd18d7a25980ddcd06
                                    • Opcode Fuzzy Hash: d71204903e74bc028862384d4d5e0361f7c1c0899f68276b42cd8ff9d751bdd5
                                    • Instruction Fuzzy Hash: A41179B28002499FCF10DFAAC8447EFBBF5EF88324F148819D525A7610D775A944CFA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 07ABEEE0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.287502622.0000000007AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AB0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ab0000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: ResumeThread
                                    • String ID:
                                    • API String ID: 947044025-0
                                    • Opcode ID: 621e7bededc877e49fd105cd0a86475e763a7a6e9180952856ab6c45c60288a9
                                    • Instruction ID: f6fd049abd8f6d0290e5c43d57990fd3037b19f21572b0bd7830a426ec00b7a6
                                    • Opcode Fuzzy Hash: 621e7bededc877e49fd105cd0a86475e763a7a6e9180952856ab6c45c60288a9
                                    • Instruction Fuzzy Hash: B11128B1D002488FCB20DFAAC4457EEBBF4EB88224F148429D529A7750D778A945CBA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0197A0E8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0197A14E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.278218196.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1970000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: HandleModule
                                    • String ID:
                                    • API String ID: 4139908857-0
                                    • Opcode ID: 33bf61aeff0bdca7ee22a31fdc555fadabcb6ce2be91f4b664ae0b7249de8823
                                    • Instruction ID: b3665cda87091384d6c3a9caf8c05c8cb4ee0b8c0c399d8fd38f52041a1c5844
                                    • Opcode Fuzzy Hash: 33bf61aeff0bdca7ee22a31fdc555fadabcb6ce2be91f4b664ae0b7249de8823
                                    • Instruction Fuzzy Hash: C411E3B6C007498FDB10CF9AD844BDEFBF4EF48224F14852AD429A7610D378A545CFA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 013ED4C4 Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.276786326.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_13ed000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 52a364f62ad48d050506c1560bbb48f62167352834e33c2d60e1d9521ee5da6d
                                    • Instruction ID: 59e0067f1813eea84d70f93eaaff18fa0fbcf81239fded91371018d68f7a6fb8
                                    • Opcode Fuzzy Hash: 52a364f62ad48d050506c1560bbb48f62167352834e33c2d60e1d9521ee5da6d
                                    • Instruction Fuzzy Hash: 78212571504344DFDB05DF54D9C8B66BFA5FB8832CF248569E8050BB86C336D856CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 013FD01C Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.276836130.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_13fd000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 39728755e8a3a7fcb9888a49e12911ea6e7e42393e07477a0b48dfe9f7a63ebf
                                    • Instruction ID: 6b773b1d71798ab11cdee775647a3f42829776eeaa11cb15776ddd1c7595c77a
                                    • Opcode Fuzzy Hash: 39728755e8a3a7fcb9888a49e12911ea6e7e42393e07477a0b48dfe9f7a63ebf
                                    • Instruction Fuzzy Hash: D0216770504204DFCB15CF54D8C8B16BB65FB8435CF20C56DD90A4BB46C336D84BCAA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 013FD1D4 Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.276836130.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_13fd000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c6cddfd68a4410d9721cbdeb254e35ce3b9025cfa2ccd22eaf3fb0162b1cf6c7
                                    • Instruction ID: 9040a721b9415e96b0b3c49664d2f2c477f05e5f644835e3c9d2db435cda077d
                                    • Opcode Fuzzy Hash: c6cddfd68a4410d9721cbdeb254e35ce3b9025cfa2ccd22eaf3fb0162b1cf6c7
                                    • Instruction Fuzzy Hash: 45210779504204EFDB05DF54D9C8B16BB65FB8432CF24C56DD9094B746C336D846CAA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 013FD006 Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.276836130.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_13fd000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b080548e744093c9ca88ce2a6cef62efba3db1779490b45da0876a2b991fc262
                                    • Instruction ID: bf3c1642179c5318dc5c0d048f22925af028a8068c9c6a307f897f5b0b1f0c75
                                    • Opcode Fuzzy Hash: b080548e744093c9ca88ce2a6cef62efba3db1779490b45da0876a2b991fc262
                                    • Instruction Fuzzy Hash: E5219F755093808FCB03CF24D994B15BF71EB46218F28C5EED9498F667C33A984ACB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 013ED4BF Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.276786326.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_13ed000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 443a7f9af640cd919331e281847f8d6becf020b849bdf04c35086449af5cbafc
                                    • Instruction ID: 4146dc4a795f8ea14fdb09a1f5d04430520d6c70cba4185a26ca24116d44c87c
                                    • Opcode Fuzzy Hash: 443a7f9af640cd919331e281847f8d6becf020b849bdf04c35086449af5cbafc
                                    • Instruction Fuzzy Hash: AD11D376404380CFCB12CF54D9C4B16BFB1FB84328F24C6A9D8450B696C336D556CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 013FD1CF Relevance: .1, Instructions: 53COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.276836130.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_13fd000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7295738dd5415a26bb4c57afd7e216ba35a237fb4860c4a8b3290a6f7a399039
                                    • Instruction ID: 104cb4b48c52eca9e4e808fb4775ae4f672202bab7ffa339443300c846615c6b
                                    • Opcode Fuzzy Hash: 7295738dd5415a26bb4c57afd7e216ba35a237fb4860c4a8b3290a6f7a399039
                                    • Instruction Fuzzy Hash: 6A11BE79504280DFCB02CF54C5C4B15BB71FB84228F24C6AED9494B656C33AD44ACB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 013ED745 Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.276786326.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_13ed000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5430e05a473a987c57b385fe2db11eec8f6add017057069ff1fcc67ac351496e
                                    • Instruction ID: 3ea9c0f015528c44718f3f8a3798470968b4eb86c890b446bb40ccfdeaeda5e9
                                    • Opcode Fuzzy Hash: 5430e05a473a987c57b385fe2db11eec8f6add017057069ff1fcc67ac351496e
                                    • Instruction Fuzzy Hash: 9901F7714043D49AE7104F56CDCCBA6BFDCDF4126CF08C52AED055AB86D3799844C6B1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 013ED744 Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.276786326.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_13ed000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1443abf91f67a913c5145740f47fc3cf9c804f62218d140d13e13c5aa645b94f
                                    • Instruction ID: 54b4e7b812ecdaa87378fbb840c9a0291e5db0ed420a1bb7582d3fed6769db78
                                    • Opcode Fuzzy Hash: 1443abf91f67a913c5145740f47fc3cf9c804f62218d140d13e13c5aa645b94f
                                    • Instruction Fuzzy Hash: FCF0C2714043849AEB118F1ACC88B66FFD8EB41278F18C46AED085B286C3799844CAB0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 07AB6FF0 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.287502622.0000000007AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AB0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ab0000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: `
                                    • API String ID: 0-2679148245
                                    • Opcode ID: 93930c2a6ee8eec2de4bf7ab8c5ddfb6c73ac5b5b5993afc0bd0bc81a0a12f5e
                                    • Instruction ID: d9052d7b98d02be5461414cf746f347cf466db5918bf0cde21e8895028942181
                                    • Opcode Fuzzy Hash: 93930c2a6ee8eec2de4bf7ab8c5ddfb6c73ac5b5b5993afc0bd0bc81a0a12f5e
                                    • Instruction Fuzzy Hash: 264121B1D11A588BEB6CCF6B8C4079EFAF7AFC9201F14C1BAD41DAA255EB7405858F10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0197F0D0 Relevance: .3, Instructions: 315COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.278218196.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1970000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 52d060b71df147f19c05755dc81507d6dda7c77ae12b3fd0a82818a1eb2213cb
                                    • Instruction ID: b981d8fea9d5142f6ccf4fe311ba4b20abf19c6851b2499690ec4c999b8e016a
                                    • Opcode Fuzzy Hash: 52d060b71df147f19c05755dc81507d6dda7c77ae12b3fd0a82818a1eb2213cb
                                    • Instruction Fuzzy Hash: 7212E6F94137468BD310EF65EE981893BB1F746328F904308D2612BAD9D7BC566ACF84
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 07AB5A30 Relevance: .3, Instructions: 269COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.287502622.0000000007AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AB0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ab0000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 18c6bbc8012ea40680fd6601b00ac35439ed5ffb39f8431b8197dd72fce0eb3d
                                    • Instruction ID: 5187e79b02aa020d987ab8927ca8df86c10978ddc2c89c4de6489654d7d38965
                                    • Opcode Fuzzy Hash: 18c6bbc8012ea40680fd6601b00ac35439ed5ffb39f8431b8197dd72fce0eb3d
                                    • Instruction Fuzzy Hash: 7EC19675E006198FDB68CF6AD9446D9BBF2BF89304F14C0AAD809AB365DB305E85CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0197CD04 Relevance: .3, Instructions: 265COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.278218196.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1970000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3355455f63b612c088d78462ae87124c28163893d9afab879911473374e64cd9
                                    • Instruction ID: a39b4cee842ec34387fb5601657c4138fe32344f27195ecc08889176dfc7d238
                                    • Opcode Fuzzy Hash: 3355455f63b612c088d78462ae87124c28163893d9afab879911473374e64cd9
                                    • Instruction Fuzzy Hash: 1EA19236E0021ACFCF05DFA5C9445DDBBB6FF85301B1585AAE509BB261EB31E945CB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0197F0C0 Relevance: .2, Instructions: 222COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.278218196.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1970000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: aace34bea147cf91c2e04cf3d84a3b38d9df22c7598235be085613207ae399a3
                                    • Instruction ID: f12edfd1f7b84150971a4cf7b8f88217a632166104482c3efda88668592bc60a
                                    • Opcode Fuzzy Hash: aace34bea147cf91c2e04cf3d84a3b38d9df22c7598235be085613207ae399a3
                                    • Instruction Fuzzy Hash: 2DC13DF9412746CBD710EF65EE881893B71FB86328F504308D2612BAD9D7BC566ACF84
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 07AB5608 Relevance: .2, Instructions: 169COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.287502622.0000000007AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AB0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ab0000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 49721ceef8e659eb941e933e9c46d0cd59fd54fcbcfedccf4d591e08790be0be
                                    • Instruction ID: fd2d33866f810de3d28d1de75f4f96af5bb878f5f483de3642a3caf87b03ff8f
                                    • Opcode Fuzzy Hash: 49721ceef8e659eb941e933e9c46d0cd59fd54fcbcfedccf4d591e08790be0be
                                    • Instruction Fuzzy Hash: D7611D70A102098FD745DF6AE94169DBFF3EBC4208F08C929D0199B3A0EB78AD49CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 07AB5618 Relevance: .2, Instructions: 160COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.287502622.0000000007AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AB0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ab0000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d804f919b590118ea2d6389baf9bb08a847a42ec062aa5d92d3f59f71d2623fb
                                    • Instruction ID: 06490a424de22028959d1536bcfe6146e94dea605c391e7f36033e28d3006898
                                    • Opcode Fuzzy Hash: d804f919b590118ea2d6389baf9bb08a847a42ec062aa5d92d3f59f71d2623fb
                                    • Instruction Fuzzy Hash: 6B610B70A102098FD749DF6AE94169DBBF7EBC4308F08C829D0199B3A4EF78AC45CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 07AB6FEA Relevance: .1, Instructions: 92COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.287502622.0000000007AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AB0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ab0000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 715d344553c80622b73acb0893c44159af03279c24398275a1bef151d3d66b45
                                    • Instruction ID: 5dbeccd8369aeac65899a4f8a25b127556f73753925b937f6566ce2c6b788388
                                    • Opcode Fuzzy Hash: 715d344553c80622b73acb0893c44159af03279c24398275a1bef151d3d66b45
                                    • Instruction Fuzzy Hash: 3A4124B1D01A588BEB5CCF6B9D4069EFAF7AFC8201F14C1BAC41CAA215EB7405468F10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Execution Graph

                                    Execution Coverage:0.5%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:66.8%
                                    Total number of Nodes:2000
                                    Total number of Limit Nodes:116
                                    execution_graph 19177 fcfab0 19178 fcfb14 19177->19178 19179 fcfac2 19177->19179 19213 faeef0 19179->19213 19181 fcfacd 19182 fcfadf 19181->19182 19185 fcfb18 19181->19185 19228 faeb70 19182->19228 19191 100bdcb 19185->19191 19218 fa6d90 19185->19218 19186 fcfafa GetPEB 19186->19178 19187 fcfb09 19186->19187 19234 faff60 19187->19234 19197 100be19 19191->19197 19208 100bea7 19191->19208 19254 f9b150 19191->19254 19192 fa76e2 GetPEB 19193 fcfc4b 19192->19193 19194 fcfba7 19194->19193 19198 fcfbe4 19194->19198 19242 fcfd22 19194->19242 19197->19208 19257 fa75ce 19197->19257 19198->19193 19200 100bf17 19198->19200 19201 fcfc47 19198->19201 19200->19193 19202 fcfd22 GetPEB 19200->19202 19201->19193 19203 fcfd22 GetPEB 19201->19203 19205 100bf22 19202->19205 19206 fcfcb2 19203->19206 19204 100be54 19204->19193 19207 100be92 19204->19207 19261 fa76e2 19204->19261 19205->19193 19209 fcfd9b 3 API calls 19205->19209 19206->19193 19246 fcfd9b 19206->19246 19207->19208 19212 fa76e2 GetPEB 19207->19212 19208->19192 19208->19193 19209->19193 19212->19208 19214 faef0c 19213->19214 19215 faef21 19213->19215 19214->19181 19216 faef29 19215->19216 19265 faef40 19215->19265 19216->19181 19219 fa6dba 19218->19219 19227 fa6da4 19218->19227 19593 fd2e1c 19219->19593 19221 fa6dbf 19222 faeef0 27 API calls 19221->19222 19223 fa6dca 19222->19223 19224 fa6dde 19223->19224 19598 f9db60 19223->19598 19225 faeb70 34 API calls 19224->19225 19225->19227 19227->19191 19227->19193 19227->19194 19229 faeb81 19228->19229 19233 faeb9e 19228->19233 19231 faebac 19229->19231 19229->19233 19716 102ff10 19229->19716 19231->19233 19710 f94dc0 19231->19710 19233->19178 19233->19186 19235 faff99 19234->19235 19236 faff6d 19234->19236 19237 10688f5 34 API calls 19235->19237 19236->19235 19238 faff80 GetPEB 19236->19238 19239 faff94 19237->19239 19238->19235 19240 faff8f 19238->19240 19239->19178 19818 fb0050 19240->19818 19243 fcfd31 _vswprintf_s 19242->19243 19244 fcfd3a 19242->19244 19243->19198 19244->19243 19854 fa7608 19244->19854 19247 fcfdba GetPEB 19246->19247 19248 fcfdcc 19246->19248 19247->19248 19249 100c0bd 19248->19249 19250 fcfdf2 19248->19250 19253 fcfdfc 19248->19253 19252 100c0d3 GetPEB 19249->19252 19249->19253 19251 fa76e2 GetPEB 19250->19251 19250->19253 19251->19253 19252->19253 19253->19193 19255 f9b171 _vswprintf_s 12 API calls 19254->19255 19256 f9b16e 19255->19256 19256->19197 19258 fa75db 19257->19258 19260 fa75eb 19257->19260 19259 fa7608 GetPEB 19258->19259 19258->19260 19259->19260 19260->19204 19262 fa76fd 19261->19262 19263 fa76e6 19261->19263 19262->19207 19263->19262 19264 fa76ec GetPEB 19263->19264 19264->19262 19266 faf0bd 19265->19266 19268 faef5d 19265->19268 19266->19268 19303 f99080 19266->19303 19270 faf071 19268->19270 19271 faf042 19268->19271 19273 f92d8a 19268->19273 19270->19214 19271->19270 19272 faf053 GetPEB 19271->19272 19272->19270 19274 f92db8 19273->19274 19278 f92df1 _vswprintf_s 19273->19278 19275 f92de7 19274->19275 19274->19278 19309 f92e9f 19274->19309 19275->19278 19313 fc1624 19275->19313 19277 fef9d0 GetPEB 19280 fef9e3 GetPEB 19277->19280 19278->19277 19278->19280 19284 f92e5a 19278->19284 19307 fb7d50 GetPEB 19278->19307 19320 102fe87 19278->19320 19327 102fdda 19278->19327 19333 102ffb9 19278->19333 19341 1025720 19278->19341 19280->19278 19285 f92e61 19284->19285 19288 f92e99 _vswprintf_s 19284->19288 19286 fb7d50 GetPEB 19285->19286 19302 f92e69 19285->19302 19289 fefa76 19286->19289 19293 f92ece 19288->19293 19356 fd95d0 LdrInitializeThunk 19288->19356 19290 fefa8a 19289->19290 19291 fefa7a GetPEB 19289->19291 19294 fefa97 GetPEB 19290->19294 19290->19302 19291->19290 19293->19268 19296 fefaaa 19294->19296 19294->19302 19297 fb7d50 GetPEB 19296->19297 19298 fefaaf 19297->19298 19299 fefac3 19298->19299 19300 fefab3 GetPEB 19298->19300 19299->19302 19344 1017016 19299->19344 19300->19299 19302->19268 19304 f99098 19303->19304 19305 f9909e GetPEB 19303->19305 19304->19305 19306 f990aa 19305->19306 19306->19268 19308 fb7d5d 19307->19308 19308->19278 19310 f92ebb _vswprintf_s 19309->19310 19312 f92ece 19310->19312 19357 fd95d0 LdrInitializeThunk 19310->19357 19312->19275 19358 fc16e0 19313->19358 19315 fc1630 19319 fc1691 19315->19319 19362 fc16c7 19315->19362 19318 fc165a 19318->19319 19369 fca185 19318->19369 19319->19278 19321 fb7d50 GetPEB 19320->19321 19322 102fec1 19321->19322 19323 102fec5 GetPEB 19322->19323 19324 102fed5 _vswprintf_s 19322->19324 19323->19324 19400 fdb640 19324->19400 19326 102fef8 19326->19278 19328 102fdff __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 19327->19328 19329 1025720 _vswprintf_s 12 API calls 19328->19329 19330 102fe0f 19329->19330 19331 1025720 _vswprintf_s 12 API calls 19330->19331 19332 102fe39 19331->19332 19332->19278 19334 102ffc8 _vswprintf_s 19333->19334 19547 fce730 19334->19547 19336 1030067 _vswprintf_s 19337 fed130 _vswprintf_s 12 API calls 19336->19337 19339 103009a 19337->19339 19338 102ffd5 _vswprintf_s 19338->19336 19340 1020c30 _vswprintf_s 12 API calls 19338->19340 19339->19278 19340->19336 19553 f9b171 19341->19553 19345 1017052 19344->19345 19346 1017073 GetPEB 19345->19346 19347 1017084 19345->19347 19346->19347 19348 1017101 _vswprintf_s 19347->19348 19350 1017136 19347->19350 19353 fb7d50 GetPEB 19347->19353 19349 1017125 GetPEB 19348->19349 19348->19350 19349->19350 19351 fdb640 _vswprintf_s 12 API calls 19350->19351 19352 1017147 19351->19352 19352->19302 19354 10170ec 19353->19354 19354->19348 19355 10170f0 GetPEB 19354->19355 19355->19348 19356->19293 19357->19312 19359 fc16ed 19358->19359 19360 fc16f3 GetPEB 19359->19360 19361 fc16f1 19359->19361 19360->19361 19361->19315 19363 10055f4 19362->19363 19364 fc16da 19362->19364 19374 104bbf0 19363->19374 19364->19318 19368 100560a 19370 fca1a0 19369->19370 19371 fca192 19369->19371 19370->19371 19372 fca1b0 GetPEB 19370->19372 19371->19319 19373 fca1c1 19372->19373 19373->19319 19375 104bc12 19374->19375 19376 10055fb 19375->19376 19382 104c08a 19375->19382 19376->19368 19378 104bf33 19376->19378 19379 104bf4c 19378->19379 19381 104bf97 19379->19381 19395 104be9b 19379->19395 19381->19368 19383 104c0c6 19382->19383 19385 104c104 _vswprintf_s 19383->19385 19386 104bfdb 19383->19386 19385->19376 19387 104bfeb 19386->19387 19388 104bfef 19386->19388 19387->19385 19388->19387 19390 104bdfa 19388->19390 19392 104be17 19390->19392 19391 104be6d 19391->19387 19392->19391 19394 fd9660 LdrInitializeThunk 19392->19394 19394->19391 19396 104beb3 19395->19396 19397 104bf08 19396->19397 19399 fd9660 LdrInitializeThunk 19396->19399 19397->19381 19399->19397 19401 fdb648 19400->19401 19402 fdb64b 19400->19402 19401->19326 19405 104b590 19402->19405 19404 fdb74a _vswprintf_s 19404->19326 19408 104b260 19405->19408 19407 104b5a3 19407->19404 19466 fed08c 19408->19466 19410 104b26c GetPEB 19411 104b279 GetPEB 19410->19411 19413 104b293 19411->19413 19414 104b54b 19413->19414 19415 104b2ba 19413->19415 19416 104b48b 19413->19416 19420 104b56b _vswprintf_s 19414->19420 19467 1020c30 19414->19467 19417 104b414 19415->19417 19418 104b2c6 19415->19418 19419 1025720 _vswprintf_s 10 API calls 19416->19419 19424 1025720 _vswprintf_s 10 API calls 19417->19424 19421 104b32d 19418->19421 19422 104b2ce 19418->19422 19423 104b49e 19419->19423 19420->19407 19429 104b396 19421->19429 19434 104b34d 19421->19434 19463 104b2eb 19421->19463 19426 104b2f3 19422->19426 19427 104b2da 19422->19427 19432 1025720 _vswprintf_s 10 API calls 19423->19432 19428 104b427 19424->19428 19431 1025720 _vswprintf_s 10 API calls 19426->19431 19430 1025720 _vswprintf_s 10 API calls 19427->19430 19433 1025720 _vswprintf_s 10 API calls 19428->19433 19437 1025720 _vswprintf_s 10 API calls 19429->19437 19430->19463 19436 104b302 19431->19436 19438 104b4c2 19432->19438 19439 104b43e 19433->19439 19440 1025720 _vswprintf_s 10 API calls 19434->19440 19435 1025720 _vswprintf_s 10 API calls 19441 104b4fd 19435->19441 19442 1025720 _vswprintf_s 10 API calls 19436->19442 19443 104b3aa 19437->19443 19444 104b4cc 19438->19444 19446 104b320 19438->19446 19445 1025720 _vswprintf_s 10 API calls 19439->19445 19447 104b361 19440->19447 19448 104b519 19441->19448 19456 1025720 _vswprintf_s 10 API calls 19441->19456 19449 104b311 19442->19449 19450 104b38f 19443->19450 19451 104b3b6 19443->19451 19452 1025720 _vswprintf_s 10 API calls 19444->19452 19445->19446 19454 1025720 _vswprintf_s 10 API calls 19446->19454 19446->19463 19447->19450 19455 104b371 19447->19455 19457 1025720 _vswprintf_s 10 API calls 19448->19457 19458 1025720 _vswprintf_s 10 API calls 19449->19458 19460 1025720 _vswprintf_s 10 API calls 19450->19460 19453 1025720 _vswprintf_s 10 API calls 19451->19453 19452->19463 19459 104b3c5 19453->19459 19454->19463 19464 1025720 _vswprintf_s 10 API calls 19455->19464 19456->19448 19461 104b528 19457->19461 19458->19446 19462 1025720 _vswprintf_s 10 API calls 19459->19462 19460->19463 19461->19414 19465 1025720 _vswprintf_s 10 API calls 19461->19465 19462->19463 19463->19435 19464->19463 19465->19414 19466->19410 19468 1020c50 19467->19468 19476 1020c49 19467->19476 19477 102193b 19468->19477 19470 1020c5e 19470->19476 19483 1021c76 19470->19483 19476->19420 19478 1021967 _vswprintf_s 19477->19478 19479 102194c 19477->19479 19478->19470 19500 1021c49 19479->19500 19481 1021951 _vswprintf_s 19481->19478 19482 1021c49 _vswprintf_s LdrInitializeThunk 19481->19482 19482->19481 19503 fd9670 19483->19503 19501 fd9670 _vswprintf_s LdrInitializeThunk 19500->19501 19502 1021c65 19501->19502 19502->19481 19504 fd967a _vswprintf_s LdrInitializeThunk 19503->19504 19548 fd9670 _vswprintf_s LdrInitializeThunk 19547->19548 19549 fce747 _vswprintf_s 19548->19549 19550 fce74b 19549->19550 19551 fce784 GetPEB 19549->19551 19550->19338 19552 fce7a8 19551->19552 19552->19338 19554 f9b180 _vswprintf_s 19553->19554 19555 f9b1b0 GetPEB 19554->19555 19562 f9b1c0 _vswprintf_s 19554->19562 19555->19562 19556 fed130 _vswprintf_s 10 API calls 19557 f9b1de 19556->19557 19557->19278 19559 ff4904 GetPEB 19560 f9b1d1 _vswprintf_s 19559->19560 19560->19556 19562->19559 19562->19560 19563 fde2d0 19562->19563 19566 fde2ed 19563->19566 19565 fde2e8 19565->19562 19567 fde30f 19566->19567 19568 fde2fb 19566->19568 19570 fde31e 19567->19570 19571 fde332 19567->19571 19575 fdb58e 19568->19575 19572 fdb58e _vswprintf_s 12 API calls 19570->19572 19580 fe2440 19571->19580 19574 fde307 _vswprintf_s 19572->19574 19574->19565 19576 f9b150 _vswprintf_s 12 API calls 19575->19576 19577 fdb627 19576->19577 19578 fdb640 _vswprintf_s 12 API calls 19577->19578 19579 fdb632 19578->19579 19579->19574 19581 fe24af 19580->19581 19582 fe249a 19580->19582 19584 fe24b7 19581->19584 19591 fe24cc __aulldvrm _vswprintf_s 19581->19591 19583 fdb58e _vswprintf_s 12 API calls 19582->19583 19586 fe24a4 19583->19586 19585 fdb58e _vswprintf_s 12 API calls 19584->19585 19585->19586 19587 fdb640 _vswprintf_s 12 API calls 19586->19587 19588 fe2d6e 19587->19588 19588->19574 19589 fe2d4f 19590 fdb58e _vswprintf_s 12 API calls 19589->19590 19590->19586 19591->19586 19591->19589 19592 fe58ee 12 API calls __cftof 19591->19592 19592->19591 19594 fd2e32 19593->19594 19595 fd2e57 19594->19595 19606 fd9840 LdrInitializeThunk 19594->19606 19595->19221 19597 100df2e 19599 f9db6d 19598->19599 19605 f9db91 19598->19605 19599->19605 19607 f9db40 GetPEB 19599->19607 19601 f9db76 19601->19605 19609 f9e7b0 19601->19609 19603 f9db87 19604 ff4fa6 GetPEB 19603->19604 19603->19605 19604->19605 19605->19224 19606->19597 19608 f9db52 19607->19608 19608->19601 19610 f9e7e0 19609->19610 19611 f9e7ce 19609->19611 19612 f9e7e8 19610->19612 19615 f9b150 _vswprintf_s 12 API calls 19610->19615 19611->19612 19617 fa3d34 19611->19617 19616 f9e7f6 19612->19616 19656 f9dca4 19612->19656 19615->19612 19616->19603 19618 fa3d6c 19617->19618 19619 ff8213 19617->19619 19672 fa1b8f 19618->19672 19623 ff822b GetPEB 19619->19623 19643 fa4068 19619->19643 19621 fa3d81 19621->19619 19622 fa3d89 19621->19622 19624 fa1b8f 2 API calls 19622->19624 19623->19643 19625 fa3d9e 19624->19625 19626 fa3dba 19625->19626 19627 fa3da2 GetPEB 19625->19627 19627->19626 19630 ff8344 GetPEB 19633 fa407a 19630->19633 19632 fa4085 19632->19610 19633->19632 19637 ff8363 GetPEB 19633->19637 19637->19632 19643->19630 19643->19633 19658 f9dcfd 19656->19658 19670 f9dd6f _vswprintf_s 19656->19670 19657 f9dd47 19687 f9dbb1 19657->19687 19658->19657 19666 f9dfc2 19658->19666 19678 f9e620 19658->19678 19660 ff4ff2 19660->19660 19664 f9dfae 19664->19666 19700 fd95d0 LdrInitializeThunk 19664->19700 19667 fdb640 _vswprintf_s 12 API calls 19666->19667 19668 f9dfe4 19667->19668 19668->19616 19670->19660 19670->19664 19670->19666 19694 f9e375 19670->19694 19699 fd95d0 LdrInitializeThunk 19670->19699 19674 fa1ba9 _vswprintf_s 19672->19674 19677 fa1c05 19672->19677 19673 ff701a GetPEB 19675 fa1c21 19673->19675 19674->19675 19676 fa1bf4 GetPEB 19674->19676 19674->19677 19675->19621 19676->19677 19677->19673 19677->19675 19679 ff5503 19678->19679 19680 f9e644 19678->19680 19680->19679 19701 f9f358 19680->19701 19682 f9e725 19683 f9e661 _vswprintf_s 19683->19682 19705 fd95d0 LdrInitializeThunk 19683->19705 19706 fa766d 19687->19706 19689 f9dbcf 19689->19670 19690 f9dbf1 19689->19690 19698 f9e3a3 19694->19698 19695 fdb640 _vswprintf_s 12 API calls 19697 f9e400 19695->19697 19696 ff5306 19697->19670 19698->19695 19698->19696 19699->19670 19700->19666 19702 f9f370 19701->19702 19703 f9f38c 19702->19703 19704 f9f379 GetPEB 19702->19704 19703->19683 19704->19703 19705->19682 19707 fa7687 19706->19707 19708 fa76d3 19707->19708 19709 fa76c2 GetPEB 19707->19709 19708->19689 19709->19708 19711 f94dfa 19710->19711 19713 f94dd1 _vswprintf_s 19710->19713 19712 f92e9f LdrInitializeThunk 19711->19712 19712->19713 19715 f94df3 19713->19715 19732 f94f2e 19713->19732 19715->19233 19817 fed0e8 19716->19817 19718 102ff1c GetPEB 19719 102ff43 GetPEB 19718->19719 19720 102ff2b 19718->19720 19722 102ff4f 19719->19722 19727 102ff6e 19719->19727 19720->19719 19721 102ffb1 19720->19721 19723 fed130 _vswprintf_s 12 API calls 19721->19723 19724 1025720 _vswprintf_s 12 API calls 19722->19724 19726 102ffb6 19723->19726 19724->19727 19725 fce730 2 API calls 19728 102ff7d _vswprintf_s 19725->19728 19726->19231 19727->19725 19729 102ffa4 19728->19729 19730 102ff94 RtlDebugPrintTimes 19728->19730 19729->19231 19731 102ffa3 19730->19731 19731->19231 19733 f94f3e 19732->19733 19734 ff0b85 19732->19734 19733->19734 19739 f94f5b GetPEB 19733->19739 19735 ff0b8b GetPEB 19734->19735 19736 ff0b9a 19734->19736 19735->19736 19737 ff0b9f 19735->19737 19741 10688f5 19736->19741 19739->19734 19740 f94f6e 19739->19740 19740->19715 19742 1068901 _vswprintf_s 19741->19742 19747 f9cc50 19742->19747 19744 106891f _vswprintf_s 19745 fed130 _vswprintf_s 12 API calls 19744->19745 19746 1068946 19745->19746 19746->19737 19748 f9cc79 19747->19748 19752 f9cc7e 19748->19752 19753 fcb230 19748->19753 19749 fdb640 _vswprintf_s 12 API calls 19750 f9cc89 19749->19750 19750->19744 19752->19749 19754 fcb26a 19753->19754 19755 100a2f6 19753->19755 19754->19755 19757 100a2fd 19754->19757 19761 fcb2ab _vswprintf_s 19754->19761 19756 fdb640 _vswprintf_s 12 API calls 19760 fcb2d0 19756->19760 19758 fcb2b5 19757->19758 19771 1065ba5 19757->19771 19758->19755 19758->19756 19760->19752 19761->19758 19763 f9ccc0 19761->19763 19764 f9cd04 19763->19764 19765 f9cd95 19764->19765 19766 f9b150 _vswprintf_s 12 API calls 19764->19766 19765->19758 19767 ff4e0a 19766->19767 19768 f9b150 _vswprintf_s 12 API calls 19767->19768 19769 ff4e14 19768->19769 19770 f9b150 _vswprintf_s 12 API calls 19769->19770 19770->19765 19773 1065bb4 _vswprintf_s 19771->19773 19772 1065c10 19775 fed130 _vswprintf_s 12 API calls 19772->19775 19773->19772 19780 1065c2a _vswprintf_s 19773->19780 19782 1064c56 19773->19782 19776 10663e5 19775->19776 19776->19758 19779 10660cf GetPEB 19779->19780 19780->19772 19780->19779 19781 fd9710 LdrInitializeThunk 19780->19781 19786 fd6de6 19780->19786 19781->19780 19783 1064c62 _vswprintf_s 19782->19783 19784 fed130 _vswprintf_s 12 API calls 19783->19784 19785 1064caa 19784->19785 19785->19780 19787 fd6e03 19786->19787 19791 fd6e73 19786->19791 19789 fd6e53 19787->19789 19787->19791 19792 fd6ebe 19787->19792 19789->19791 19800 fc6a60 19789->19800 19791->19780 19793 faeef0 27 API calls 19792->19793 19795 fd6eeb 19793->19795 19794 faeb70 34 API calls 19796 fd6f0d 19795->19796 19805 fd7742 19795->19805 19811 10484e0 19795->19811 19796->19794 19801 1008025 19800->19801 19803 fc6a8d _vswprintf_s 19800->19803 19802 fdb640 _vswprintf_s 12 API calls 19804 fc6b66 19802->19804 19803->19801 19803->19802 19804->19791 19806 fd7768 _vswprintf_s 19805->19806 19809 fd7827 19805->19809 19806->19809 19809->19795 19812 1048511 19811->19812 19817->19718 19819 fb0074 19818->19819 19820 fb009d GetPEB 19819->19820 19833 fb00f8 19819->19833 19822 ffc01b 19820->19822 19823 fb00d0 19820->19823 19821 fdb640 _vswprintf_s 12 API calls 19824 fb0105 19821->19824 19822->19823 19825 ffc024 GetPEB 19822->19825 19826 fb00df 19823->19826 19827 ffc037 19823->19827 19824->19239 19825->19823 19834 fc9702 19826->19834 19838 1068a62 19827->19838 19830 fb00ef 19832 fb0109 RtlDebugPrintTimes 19830->19832 19830->19833 19831 ffc04b 19831->19831 19832->19833 19833->19821 19835 fc9720 19834->19835 19837 fc9784 19835->19837 19845 1068214 19835->19845 19837->19830 19839 fb7d50 GetPEB 19838->19839 19840 1068a9d 19839->19840 19841 1068aa1 GetPEB 19840->19841 19842 1068ab1 _vswprintf_s 19840->19842 19841->19842 19843 fdb640 _vswprintf_s 12 API calls 19842->19843 19844 1068ad7 19843->19844 19844->19831 19847 106823b 19845->19847 19846 10682c0 19846->19837 19847->19846 19849 fc3b7a GetPEB 19847->19849 19853 fc3bb5 _vswprintf_s 19849->19853 19850 1006298 19851 fc3c1b GetPEB 19852 fc3c35 19851->19852 19852->19846 19853->19850 19853->19851 19853->19853 19855 fa7620 19854->19855 19856 fa766d GetPEB 19855->19856 19857 fa7632 19856->19857 19857->19243 19859 fd9670 19861 fd967a 19859->19861 19862 fd968f LdrInitializeThunk 19861->19862 19863 fd9681 19861->19863 19870 1065ba5 19872 1065bb4 _vswprintf_s 19870->19872 19871 1065c10 19874 fed130 _vswprintf_s 12 API calls 19871->19874 19872->19871 19873 1064c56 12 API calls 19872->19873 19879 1065c2a _vswprintf_s 19872->19879 19873->19879 19875 10663e5 19874->19875 19877 fd6de6 33 API calls 19877->19879 19878 10660cf GetPEB 19878->19879 19879->19871 19879->19877 19879->19878 19880 fd9710 LdrInitializeThunk 19879->19880 19880->19879 20109 10502f7 20110 1050323 20109->20110 20114 10503b0 20110->20114 20123 1050a28 20110->20123 20112 1050342 20112->20114 20127 105bbbb 20112->20127 20113 10503d1 20114->20113 20161 105bcd2 20114->20161 20117 105035f 20117->20114 20136 106dfce 20117->20136 20124 1050a57 20123->20124 20126 1050a4d 20123->20126 20165 fc4e70 20124->20165 20126->20112 20128 105bbde 20127->20128 20173 105bd54 20128->20173 20131 105bc3c 20131->20117 20132 105bc17 20177 105f9a1 20132->20177 20133 105bc3e 20187 105aa16 20133->20187 20139 106dff0 20136->20139 20141 106e19d 20136->20141 20137 fdb640 _vswprintf_s 12 API calls 20138 1050388 20137->20138 20138->20114 20148 10503da 20138->20148 20139->20141 20924 106e62a RtlDebugPrintTimes 20139->20924 20141->20137 20142 106e28a 20932 106e5b6 20142->20932 20143 106e2ed RtlDebugPrintTimes 20146 106e303 20143->20146 20144 106e1cd 20144->20141 20144->20142 20144->20143 20146->20142 20147 106e401 RtlDebugPrintTimes 20146->20147 20147->20142 20149 105bbbb 298 API calls 20148->20149 20152 1050404 20149->20152 20150 105039a 20150->20114 20157 106e4b3 20150->20157 20151 105058b 20151->20150 20153 105bcd2 279 API calls 20151->20153 20152->20150 20152->20151 20957 1050150 20152->20957 20153->20150 20158 106e4c9 20157->20158 20159 106e5b6 14 API calls 20158->20159 20160 106e5a7 20158->20160 20159->20160 20160->20114 20162 105bceb 20161->20162 20963 105ae44 20162->20963 20166 fc4ec0 20165->20166 20168 fc4e94 20165->20168 20167 fc4ed6 RtlDebugPrintTimes 20166->20167 20172 fc4eeb 20166->20172 20167->20172 20169 fdb640 _vswprintf_s 12 API calls 20168->20169 20170 fc4eac 20169->20170 20170->20126 20171 1048df1 13 API calls 20171->20168 20172->20168 20172->20171 20174 105bd63 20173->20174 20175 105bc04 20173->20175 20176 fc4e70 14 API calls 20174->20176 20175->20131 20175->20132 20175->20133 20176->20175 20178 105f9d6 20177->20178 20199 106022c 20178->20199 20180 105f9e1 20181 105f9e7 20180->20181 20183 105fa16 20180->20183 20205 10605ac 20180->20205 20181->20131 20185 105fa1a _vswprintf_s 20183->20185 20221 106070d 20183->20221 20185->20181 20235 1060a13 20185->20235 20188 105aa44 20187->20188 20196 105aa66 20188->20196 20720 105ab54 20188->20720 20189 fb7d50 GetPEB 20191 105ab0f 20189->20191 20192 105ab23 20191->20192 20193 105ab13 GetPEB 20191->20193 20194 105ab2d GetPEB 20192->20194 20195 105ab49 20192->20195 20193->20192 20194->20195 20197 105ab3c 20194->20197 20195->20131 20196->20189 20732 105131b 20197->20732 20200 1060278 20199->20200 20202 10602c2 20200->20202 20243 1060ea5 20200->20243 20203 10602e9 20202->20203 20270 fecf85 20202->20270 20203->20180 20209 10605d1 20205->20209 20206 10606db 20206->20183 20207 1060652 20208 105a854 34 API calls 20207->20208 20211 1060672 20208->20211 20209->20206 20209->20207 20210 105a80d 28 API calls 20209->20210 20210->20207 20211->20206 20433 1061293 20211->20433 20214 fb7d50 GetPEB 20215 106069c 20214->20215 20216 10606a0 GetPEB 20215->20216 20217 10606b0 20215->20217 20216->20217 20217->20206 20218 10606ba GetPEB 20217->20218 20218->20206 20219 10606c9 20218->20219 20220 105138a 14 API calls 20219->20220 20220->20206 20222 1060734 20221->20222 20223 10607d2 20222->20223 20224 105afde 34 API calls 20222->20224 20223->20185 20225 1060782 20224->20225 20226 1061293 34 API calls 20225->20226 20227 106078e 20226->20227 20228 fb7d50 GetPEB 20227->20228 20229 1060793 20228->20229 20230 10607a7 20229->20230 20231 1060797 GetPEB 20229->20231 20230->20223 20232 10607b1 GetPEB 20230->20232 20231->20230 20232->20223 20233 10607c0 20232->20233 20437 10514fb 20233->20437 20236 1060a3c 20235->20236 20445 1060392 20236->20445 20239 fecf85 34 API calls 20240 1060aec 20239->20240 20241 1060b19 20240->20241 20242 1061074 36 API calls 20240->20242 20241->20181 20242->20241 20274 105ff69 20243->20274 20245 106105b 20267 1061055 20245->20267 20314 1061074 20245->20314 20246 1060f32 20280 105a854 20246->20280 20249 105a80d 28 API calls 20249->20246 20250 1060fab 20253 fb7d50 GetPEB 20250->20253 20251 1060ecb 20251->20245 20251->20246 20251->20249 20254 1060fcf 20253->20254 20256 1060fe3 20254->20256 20257 1060fd3 GetPEB 20254->20257 20255 1060f50 20255->20245 20255->20250 20288 10615b5 20255->20288 20258 106100e 20256->20258 20259 1060fed GetPEB 20256->20259 20257->20256 20259->20258 20267->20202 20272 fecf98 20270->20272 20271 fecfb1 20271->20203 20272->20271 20273 10552f8 34 API calls 20272->20273 20273->20271 20275 105ffd1 20274->20275 20278 105ff9f 20274->20278 20276 105a854 34 API calls 20275->20276 20277 105fff1 20276->20277 20277->20251 20278->20275 20279 105a80d 28 API calls 20278->20279 20279->20275 20281 105a8c0 20280->20281 20282 105a941 20280->20282 20281->20282 20326 105f021 20281->20326 20284 105aa00 20282->20284 20330 10553d9 20282->20330 20286 fdb640 _vswprintf_s 12 API calls 20284->20286 20287 105aa10 20286->20287 20287->20255 20289 10615d0 20288->20289 20291 10615d7 20288->20291 20290 106165e LdrInitializeThunk 20289->20290 20290->20291 20291->20255 20315 1061095 20314->20315 20316 10610b0 20314->20316 20317 106165e LdrInitializeThunk 20315->20317 20391 105afde 20316->20391 20317->20316 20320 fb7d50 GetPEB 20321 10610cd 20320->20321 20322 10610e1 20321->20322 20323 10610d1 GetPEB 20321->20323 20324 10610fa 20322->20324 20400 104fe3f 20322->20400 20323->20322 20324->20267 20327 105f03a 20326->20327 20344 105ee22 20327->20344 20331 10553f7 20330->20331 20332 1055552 20330->20332 20334 1055403 20331->20334 20335 10554eb 20331->20335 20333 105547c 20332->20333 20336 1017b9c 34 API calls 20332->20336 20339 fdb640 _vswprintf_s 12 API calls 20333->20339 20337 1055481 20334->20337 20338 105540b 20334->20338 20335->20333 20340 1017b9c 34 API calls 20335->20340 20336->20333 20337->20333 20342 1017b9c 34 API calls 20337->20342 20338->20333 20375 1017b9c 20338->20375 20341 10555bd 20339->20341 20340->20333 20341->20284 20342->20333 20345 105ee5d 20344->20345 20349 105ee73 20345->20349 20350 105ef09 20345->20350 20346 105eef5 20347 fdb640 _vswprintf_s 12 API calls 20346->20347 20348 105efd4 20347->20348 20348->20282 20349->20346 20355 105f607 20349->20355 20350->20346 20360 105f8c5 20350->20360 20356 105f626 20355->20356 20357 105eedd 20356->20357 20366 106165e 20356->20366 20357->20346 20359 fd96e0 LdrInitializeThunk 20357->20359 20359->20346 20361 105f8ea 20360->20361 20362 105f932 20361->20362 20363 105f607 LdrInitializeThunk 20361->20363 20362->20346 20364 105f90f 20363->20364 20364->20362 20369 106166a _vswprintf_s 20366->20369 20378 fd1130 20375->20378 20381 fd115f 20378->20381 20382 100cd96 20381->20382 20383 fd11a8 20381->20383 20383->20382 20384 100cd9d 20383->20384 20389 fd11e9 _vswprintf_s 20383->20389 20392 105b039 20391->20392 20393 105b00a 20391->20393 20395 105b035 20392->20395 20417 fd96e0 LdrInitializeThunk 20392->20417 20393->20392 20394 105b00e 20393->20394 20397 105b026 20394->20397 20408 105f209 20394->20408 20395->20397 20399 10553d9 34 API calls 20395->20399 20397->20320 20399->20397 20401 104fe64 _vswprintf_s 20400->20401 20409 105f23b 20408->20409 20410 105f241 20409->20410 20411 105f27a 20409->20411 20418 fd96e0 LdrInitializeThunk 20410->20418 20412 105f28f _vswprintf_s 20411->20412 20419 fd96e0 LdrInitializeThunk 20411->20419 20416 105f26d 20412->20416 20420 105f7dd 20412->20420 20416->20395 20417->20395 20418->20416 20419->20412 20421 105f803 20420->20421 20434 10612b2 20433->20434 20435 1060697 20433->20435 20436 10552f8 34 API calls 20434->20436 20435->20214 20436->20435 20438 1051520 _vswprintf_s 20437->20438 20439 fb7d50 GetPEB 20438->20439 20448 10603a0 20445->20448 20446 1060589 20446->20239 20447 106070d 37 API calls 20447->20448 20448->20446 20448->20447 20450 103da47 20448->20450 20451 103da9b 20450->20451 20452 103da51 20450->20452 20451->20448 20452->20451 20456 fbc4a0 20452->20456 20476 fbc577 20456->20476 20459 fbc4cc 20469 fbc52c 20459->20469 20484 fbc182 20459->20484 20477 fbc5b5 20476->20477 20482 fbc583 20476->20482 20478 fbc5bb GetPEB 20477->20478 20479 fbc5ce 20477->20479 20478->20479 20480 fbc5ad 20478->20480 20481 10688f5 34 API calls 20479->20481 20480->20459 20481->20480 20482->20477 20483 fbc59e GetPEB 20482->20483 20483->20477 20483->20480 20721 105ab79 20720->20721 20727 105ab88 20720->20727 20739 105cac9 20721->20739 20723 105aba4 20745 10628ec 20723->20745 20724 105abb1 20725 105abb6 20724->20725 20726 105abc1 20724->20726 20729 105f9a1 271 API calls 20725->20729 20754 105e539 20726->20754 20727->20723 20727->20724 20731 105ab8f 20727->20731 20729->20731 20731->20196 20733 fb7d50 GetPEB 20732->20733 20734 105134d 20733->20734 20735 1051351 GetPEB 20734->20735 20736 1051361 _vswprintf_s 20734->20736 20735->20736 20737 fdb640 _vswprintf_s 12 API calls 20736->20737 20738 1051384 20737->20738 20738->20195 20740 105cadd 20739->20740 20742 105cafc 20740->20742 20775 105c8f7 20740->20775 20744 105cb00 _vswprintf_s 20742->20744 20779 105d12f 20742->20779 20744->20727 20753 1062908 20745->20753 20747 10629f5 20748 1062a60 20747->20748 20749 1062a8c 20747->20749 20750 105a80d 28 API calls 20748->20750 20903 10625dd 20749->20903 20752 1062a70 _vswprintf_s 20750->20752 20752->20731 20753->20747 20753->20752 20894 1063149 20753->20894 20755 105bbbb 297 API calls 20754->20755 20756 105e567 20755->20756 20760 105e635 20756->20760 20762 105a80d 28 API calls 20756->20762 20763 105e5f6 20756->20763 20774 105e618 20756->20774 20757 105afde 34 API calls 20772 105e804 20757->20772 20758 105a854 34 API calls 20765 105e614 20758->20765 20759 105bcd2 279 API calls 20759->20760 20760->20757 20760->20772 20761 105e68f 20764 105a854 34 API calls 20761->20764 20762->20763 20763->20758 20767 105e6ae 20764->20767 20765->20761 20766 105a80d 28 API calls 20765->20766 20765->20774 20766->20761 20768 fb7d50 GetPEB 20767->20768 20767->20774 20769 105e7a8 20768->20769 20770 105e7c0 20769->20770 20771 105e7ac GetPEB 20769->20771 20770->20772 20773 104fec0 14 API calls 20770->20773 20771->20770 20772->20731 20773->20774 20774->20759 20774->20760 20776 105c94b 20775->20776 20777 105c915 20775->20777 20776->20742 20777->20776 20795 105c43e 20777->20795 20780 105d15d 20779->20780 20781 105d29e 20780->20781 20786 105d2d8 20780->20786 20788 105d2c1 20780->20788 20801 105d616 20780->20801 20813 105d38e 20781->20813 20783 105d2ac 20783->20788 20818 105dbd2 20783->20818 20787 105d38e 15 API calls 20786->20787 20791 105d2e8 20787->20791 20789 105d31c 20788->20789 20827 105c7a2 20788->20827 20790 105d330 20789->20790 20833 105c52d 20789->20833 20790->20744 20791->20788 20794 105dbd2 262 API calls 20791->20794 20794->20788 20796 105c46c 20795->20796 20800 105c4bf _vswprintf_s 20795->20800 20798 105c490 RtlDebugPrintTimes 20796->20798 20796->20800 20797 fdb640 _vswprintf_s 12 API calls 20799 105c529 20797->20799 20798->20800 20799->20776 20800->20797 20802 105d651 20801->20802 20803 105d733 RtlDebugPrintTimes 20802->20803 20804 105d751 20802->20804 20803->20804 20805 105d757 20804->20805 20806 105d7b1 RtlDebugPrintTimes 20804->20806 20807 105d7ca 20804->20807 20808 fdb640 _vswprintf_s 12 API calls 20805->20808 20806->20807 20811 105d7ce 20807->20811 20837 105def6 20807->20837 20809 105d85e 20808->20809 20809->20780 20811->20805 20812 105d81f RtlDebugPrintTimes 20811->20812 20812->20805 20855 f9774a 20813->20855 20815 105d3d2 20817 105d419 20815->20817 20860 105d466 20815->20860 20817->20783 20820 105dc12 20818->20820 20824 105dd1f 20818->20824 20819 105dcca 20819->20788 20820->20819 20821 105dcd1 20820->20821 20822 105dcb2 20820->20822 20821->20824 20866 105d8df 20821->20866 20823 105a80d 28 API calls 20822->20823 20823->20819 20824->20819 20825 105c52d 247 API calls 20824->20825 20825->20819 20830 105c7c6 _vswprintf_s 20827->20830 20828 fdb640 _vswprintf_s 12 API calls 20829 105c87f 20828->20829 20829->20789 20832 105c863 20830->20832 20874 105c59e RtlDebugPrintTimes 20830->20874 20832->20828 20836 105c548 20833->20836 20834 105c595 20834->20790 20836->20834 20878 105db14 20836->20878 20838 105dfe8 20837->20838 20841 105a6b3 20838->20841 20846 fc1164 20841->20846 20844 fc1164 14 API calls 20847 1005490 20846->20847 20851 fc117f 20846->20851 20849 fd9670 _vswprintf_s LdrInitializeThunk 20847->20849 20849->20851 20852 fc5720 20851->20852 20853 fc4e70 14 API calls 20852->20853 20854 fc1185 20853->20854 20854->20844 20856 f9777a 20855->20856 20857 ff28d8 20855->20857 20856->20815 20858 fc1164 14 API calls 20857->20858 20859 ff28dd 20858->20859 20861 105d4bc 20860->20861 20862 105d4cc RtlDebugPrintTimes 20861->20862 20863 105d4c6 20861->20863 20862->20863 20864 fdb640 _vswprintf_s 12 API calls 20863->20864 20865 105d591 20864->20865 20865->20817 20869 105d917 20866->20869 20871 103da47 244 API calls 20869->20871 20872 105da54 20869->20872 20873 105d96d 20869->20873 20871->20873 20873->20872 20875 105c5cb 20874->20875 20876 fdb640 _vswprintf_s 12 API calls 20875->20876 20877 105c5f9 20876->20877 20877->20832 20879 105dbae 20878->20879 20883 105db4f 20878->20883 20886 105c95a 20879->20886 20881 105dbac 20882 fdb640 _vswprintf_s 12 API calls 20881->20882 20885 105dbcc 20882->20885 20884 105db90 RtlDebugPrintTimes 20883->20884 20884->20881 20885->20834 20887 105c99f 20886->20887 20888 105c9e8 20886->20888 20890 105c9c6 RtlDebugPrintTimes 20887->20890 20889 105d8df 245 API calls 20888->20889 20891 105c9e4 20889->20891 20890->20891 20892 fdb640 _vswprintf_s 12 API calls 20891->20892 20893 105ca15 20892->20893 20893->20881 20895 106318c 20894->20895 20896 1063169 RtlDebugPrintTimes 20895->20896 20897 10631d4 RtlDebugPrintTimes 20895->20897 20898 106319a 20895->20898 20896->20895 20897->20898 20899 10631a0 RtlDebugPrintTimes 20898->20899 20900 10631bf 20898->20900 20899->20900 20901 fdb640 _vswprintf_s 12 API calls 20900->20901 20902 10631ce 20901->20902 20902->20753 20904 1062603 20903->20904 20907 10627a5 20904->20907 20909 1062fbd 20904->20909 20905 106286b 20905->20752 20907->20905 20916 106241a 20907->20916 20910 1062fe4 20909->20910 20911 1063074 RtlDebugPrintTimes 20910->20911 20912 10630a2 RtlDebugPrintTimes 20910->20912 20913 1063089 20911->20913 20912->20913 20914 fdb640 _vswprintf_s 12 API calls 20913->20914 20915 10630f0 20914->20915 20915->20907 20917 106242f 20916->20917 20919 106246c 20917->20919 20920 10622ae 20917->20920 20919->20905 20921 10622dd 20920->20921 20922 1062fbd 14 API calls 20921->20922 20923 10623ee 20921->20923 20922->20923 20923->20917 20925 106e669 _vswprintf_s 20924->20925 20926 106e66f 20925->20926 20929 106e704 20925->20929 20939 106e824 20925->20939 20927 fdb640 _vswprintf_s 12 API calls 20926->20927 20928 106e725 20927->20928 20928->20144 20929->20926 20930 106e5b6 14 API calls 20929->20930 20930->20926 20933 106e5e1 20932->20933 20934 106e608 RtlDebugPrintTimes 20932->20934 20933->20934 20951 106ed52 20933->20951 20935 106e619 20934->20935 20937 fdb640 _vswprintf_s 12 API calls 20935->20937 20938 106e626 20937->20938 20938->20141 20940 106e853 20939->20940 20941 106e9fb RtlDebugPrintTimes 20940->20941 20942 106e9d6 20940->20942 20946 106ea18 _vswprintf_s 20941->20946 20943 fdb640 _vswprintf_s 12 API calls 20942->20943 20944 106ed3b 20943->20944 20944->20925 20945 106eb19 20945->20942 20947 106ed1b RtlDebugPrintTimes 20945->20947 20946->20942 20946->20945 20948 106eb7a RtlDebugPrintTimes 20946->20948 20947->20942 20949 106eb90 20948->20949 20949->20945 20950 106ec9d RtlDebugPrintTimes 20949->20950 20950->20945 20955 106ed73 20951->20955 20952 106ee58 20953 fdb640 _vswprintf_s 12 API calls 20952->20953 20954 106ee6d 20953->20954 20954->20933 20955->20952 20956 106ee47 RtlDebugPrintTimes 20955->20956 20956->20952 20958 105bbbb 298 API calls 20957->20958 20959 105016d 20958->20959 20959->20151 20960 1050180 20959->20960 20961 105bcd2 279 API calls 20960->20961 20962 1050199 20961->20962 20962->20151 20964 105ae6a 20963->20964 20967 105af3d 20964->20967 20970 105af27 20964->20970 20971 105af38 20964->20971 20965 105afc3 21003 105fde2 20965->21003 20966 105af6c 20981 105ea55 20966->20981 20967->20965 20967->20966 20973 105a80d 28 API calls 20970->20973 20971->20113 20973->20971 20974 fb7d50 GetPEB 20975 105af85 20974->20975 20976 105af99 20975->20976 20977 105af89 GetPEB 20975->20977 20976->20971 20978 105afa3 GetPEB 20976->20978 20977->20976 20978->20971 20979 105afb2 20978->20979 20979->20971 20996 1051608 20979->20996 20982 105ea74 20981->20982 20983 105eab0 20982->20983 20984 105ea8d 20982->20984 20987 105afde 34 API calls 20983->20987 20985 105a80d 28 API calls 20984->20985 20986 105af7a 20985->20986 20986->20974 20988 105eb12 20987->20988 20989 105bcd2 278 API calls 20988->20989 20990 105eb3d 20989->20990 20991 fb7d50 GetPEB 20990->20991 20992 105eb48 20991->20992 20993 105eb60 20992->20993 20994 105eb4c GetPEB 20992->20994 20993->20986 20995 104fe3f 14 API calls 20993->20995 20994->20993 20995->20986 20997 fb7d50 GetPEB 20996->20997 20998 1051634 20997->20998 20999 1051638 GetPEB 20998->20999 21000 1051648 _vswprintf_s 20998->21000 20999->21000 21001 fdb640 _vswprintf_s 12 API calls 21000->21001 21002 105166b 21001->21002 21002->20971 21004 105fdf5 21003->21004 21005 105fe12 21004->21005 21006 105fdfe 21004->21006 21008 105febd 21005->21008 21009 105fe2c 21005->21009 21007 105a80d 28 API calls 21006->21007 21010 105fe0d 21007->21010 21013 1060a13 249 API calls 21008->21013 21011 105fe45 21009->21011 21012 105fe35 21009->21012 21010->20971 21032 1062b28 21011->21032 21014 105dbd2 262 API calls 21012->21014 21016 105fecb 21013->21016 21017 105fe41 21014->21017 21019 fb7d50 GetPEB 21016->21019 21023 fb7d50 GetPEB 21017->21023 21018 105fe55 21018->21017 21025 105c8f7 13 API calls 21018->21025 21020 105fed3 21019->21020 21021 105fee7 21020->21021 21022 105fed7 GetPEB 21020->21022 21021->21010 21028 105fef1 GetPEB 21021->21028 21022->21021 21024 105fe77 21023->21024 21026 105fe8b 21024->21026 21027 105fe7b GetPEB 21024->21027 21025->21017 21026->21010 21029 105fe95 GetPEB 21026->21029 21027->21026 21028->21010 21031 105fea4 21028->21031 21029->21010 21029->21031 21030 1051608 14 API calls 21030->21010 21031->21010 21031->21030 21035 1062b46 21032->21035 21033 1062bd3 21037 1062c36 21033->21037 21038 1062c15 21033->21038 21034 1062bbf 21036 105a80d 28 API calls 21034->21036 21035->21033 21035->21034 21042 1062bce 21036->21042 21040 106241a 14 API calls 21037->21040 21039 105a80d 28 API calls 21038->21039 21039->21042 21041 1062c4a 21040->21041 21041->21042 21044 1063209 RtlDebugPrintTimes 21041->21044 21042->21018 21045 1063242 21044->21045 21046 fdb640 _vswprintf_s 12 API calls 21045->21046 21047 106324d 21046->21047 21047->21042 20065 f99240 20066 f9924c _vswprintf_s 20065->20066 20067 f9925f 20066->20067 20083 fd95d0 LdrInitializeThunk 20066->20083 20084 f99335 20067->20084 20071 f99335 LdrInitializeThunk 20072 f99276 20071->20072 20089 fd95d0 LdrInitializeThunk 20072->20089 20074 f9927e GetPEB 20075 fb77f0 20074->20075 20076 f9929a GetPEB 20075->20076 20077 fb77f0 20076->20077 20078 f992b6 GetPEB 20077->20078 20080 f992d2 20078->20080 20079 f99330 20080->20079 20081 f99305 GetPEB 20080->20081 20082 f9931f _vswprintf_s 20081->20082 20083->20067 20090 fd95d0 LdrInitializeThunk 20084->20090 20086 f99342 20091 fd95d0 LdrInitializeThunk 20086->20091 20088 f9926b 20088->20071 20089->20074 20090->20086 20091->20088 21048 fb5600 21049 fb567f 21048->21049 21051 fb672c 21048->21051 21050 fb569f 21049->21050 21049->21051 21052 fb56b9 21050->21052 21053 fb64d1 GetPEB 21050->21053 21059 fb6756 21051->21059 21257 1052d82 21051->21257 21054 fb5711 21052->21054 21056 fb56df 21052->21056 21057 fb6856 21052->21057 21053->21052 21058 fb69d3 21054->21058 21083 fb571d 21054->21083 21056->21054 21061 fb69cc 21056->21061 21062 ffebee 21057->21062 21064 fb6875 21057->21064 21149 fb57a3 21057->21149 21060 fff548 21058->21060 21063 fc1164 14 API calls 21058->21063 21059->21062 21059->21149 21069 fff598 GetPEB 21060->21069 21084 fb5fec 21060->21084 21245 fc5640 21061->21245 21068 f9ccc0 _vswprintf_s 12 API calls 21062->21068 21066 fb69f3 21063->21066 21067 faeef0 27 API calls 21064->21067 21251 fc0678 21066->21251 21067->21149 21138 fb5fc0 _vswprintf_s 21068->21138 21069->21084 21071 ffeee3 21075 105a80d 28 API calls 21071->21075 21073 ffecc0 21078 105a80d 28 API calls 21073->21078 21075->21138 21076 fb5ffd 21082 ffecbe 21078->21082 21079 104fa2b 28 API calls 21079->21149 21081 fb6a4d 21081->21138 21256 fd9660 LdrInitializeThunk 21081->21256 21085 f9ccc0 _vswprintf_s 12 API calls 21082->21085 21083->21149 21237 fcf4a7 21083->21237 21084->21076 21089 104fec0 14 API calls 21084->21089 21085->21138 21086 fff311 21098 102ff10 16 API calls 21086->21098 21089->21076 21090 ffee5e GetPEB 21092 ffee6b GetPEB 21090->21092 21090->21149 21091 fb6a7d 21091->21060 21097 fb7d50 GetPEB 21091->21097 21095 f9b150 _vswprintf_s 12 API calls 21092->21095 21093 fb68ac 21102 fba309 94 API calls 21093->21102 21094 fb6c0e 21307 fba309 21094->21307 21095->21149 21096 f9b150 12 API calls _vswprintf_s 21096->21149 21100 fb6ace 21097->21100 21101 fb67b9 _vswprintf_s 21098->21101 21106 fff406 GetPEB 21100->21106 21107 fb6ad6 21100->21107 21104 fff354 21101->21104 21110 fb67f7 21101->21110 21111 fff3b1 GetPEB 21101->21111 21102->21138 21103 f9b150 _vswprintf_s 12 API calls 21108 ffeeaf GetPEB 21103->21108 21118 fc16c7 LdrInitializeThunk 21104->21118 21105 105a80d 28 API calls 21105->21149 21112 fff419 GetPEB 21106->21112 21107->21112 21113 fb6ae4 21107->21113 21108->21149 21109 fb622f 21110->21104 21120 fb681a GetPEB 21110->21120 21111->21138 21112->21113 21116 fff42c 21112->21116 21114 fb7d50 GetPEB 21113->21114 21117 fb6ae9 21114->21117 21115 fb5f74 21115->21086 21125 fb6dc3 21115->21125 21115->21138 21119 105138a 14 API calls 21116->21119 21122 fb6af1 21117->21122 21123 fff440 GetPEB 21117->21123 21118->21138 21119->21113 21120->21138 21126 fb6aff 21122->21126 21127 fff453 GetPEB 21122->21127 21123->21127 21124 fff2de 21128 f9ccc0 _vswprintf_s 12 API calls 21124->21128 21133 f94dc0 34 API calls 21125->21133 21125->21138 21130 fb7d50 GetPEB 21126->21130 21127->21126 21131 fff466 21127->21131 21128->21138 21129 ffedbd 21135 105a80d 28 API calls 21129->21135 21134 fb6b04 21130->21134 21136 fb7d50 GetPEB 21131->21136 21132 fff3eb 21141 105a80d 28 API calls 21132->21141 21133->21138 21139 fb6b0c 21134->21139 21140 fff4a1 GetPEB 21134->21140 21135->21138 21142 fff46b 21136->21142 21174 fb6df6 21138->21174 21145 fb6b1a 21139->21145 21146 fff4b4 21139->21146 21140->21146 21141->21138 21147 fff47f 21142->21147 21148 fff46f GetPEB 21142->21148 21143 fbbc04 28 API calls 21143->21149 21144 fba309 94 API calls 21144->21149 21150 fff4ea 21145->21150 21151 fb6b27 GetPEB 21145->21151 21152 fb7d50 GetPEB 21146->21152 21469 1051582 21147->21469 21148->21147 21149->21071 21149->21073 21149->21079 21149->21086 21149->21090 21149->21093 21149->21094 21149->21096 21149->21101 21149->21103 21149->21105 21149->21109 21149->21115 21149->21124 21149->21129 21149->21132 21149->21138 21149->21143 21149->21144 21154 fff0dc GetPEB 21149->21154 21155 ffed7e 21149->21155 21157 fbe12c 28 API calls 21149->21157 21158 fba229 39 API calls 21149->21158 21166 ffee09 21149->21166 21172 f9b150 _vswprintf_s 12 API calls 21149->21172 21178 fbb236 21149->21178 21241 fbe4a0 21149->21241 21445 fba830 21149->21445 21153 fc16c7 LdrInitializeThunk 21150->21153 21156 fb6b41 21151->21156 21165 fff4f9 21151->21165 21160 fff4b9 21152->21160 21153->21165 21154->21149 21161 fff0e9 GetPEB 21154->21161 21169 105a80d 28 API calls 21155->21169 21156->21138 21156->21165 21157->21149 21158->21149 21162 fff4cd 21160->21162 21163 fff4bd GetPEB 21160->21163 21164 f9b150 _vswprintf_s 12 API calls 21161->21164 21171 1051582 12 API calls 21162->21171 21163->21162 21164->21149 21168 105a80d 28 API calls 21165->21168 21170 fba309 94 API calls 21166->21170 21168->21060 21169->21093 21170->21138 21171->21150 21173 fff12d GetPEB 21172->21173 21173->21149 21175 fb5fdb GetPEB 21174->21175 21177 fb6dfd 21174->21177 21175->21060 21175->21084 21176 faeb70 34 API calls 21176->21175 21177->21176 21473 fbb477 21178->21473 21181 fbb264 21540 fb99bf 21181->21540 21183 fbb44e 21186 fbb2a9 21183->21186 21638 103cb4f 21183->21638 21185 fbb2b2 21185->21183 21189 fbb284 21185->21189 21190 fbb305 21185->21190 21186->21149 21187 fba830 32 API calls 21187->21189 21189->21186 21193 104fa2b 28 API calls 21189->21193 21191 fc0678 28 API calls 21190->21191 21192 fbb30f 21191->21192 21604 fd9660 LdrInitializeThunk 21192->21604 21193->21186 21195 fbb333 21195->21183 21605 fd9660 LdrInitializeThunk 21195->21605 21196 fbb329 21196->21195 21630 fd9660 LdrInitializeThunk 21196->21630 21199 fbb366 21200 10028f2 21199->21200 21606 fc138b GetPEB 21199->21606 21631 fc174b 21200->21631 21204 fbb3a6 21207 1002814 GetPEB 21204->21207 21208 fbb3b8 21204->21208 21205 fbb3a1 21238 fcf4ae 21237->21238 21239 fcf4dc 21237->21239 21238->21239 21765 fcf4ec 21238->21765 21239->21149 21242 fbe4c0 21241->21242 21243 105a80d 28 API calls 21242->21243 21244 fbe4db 21242->21244 21243->21244 21244->21149 21246 fc5667 21245->21246 21247 fc5651 21245->21247 21248 fc5671 21246->21248 21811 f99ce1 21246->21811 21247->21246 21789 fc53c5 21247->21789 21248->21058 21252 fb6a28 21251->21252 21253 fc069c 21251->21253 21255 fd9660 LdrInitializeThunk 21252->21255 21253->21252 21254 105a80d 28 API calls 21253->21254 21254->21252 21255->21081 21256->21091 21258 1052d8e _vswprintf_s 21257->21258 21259 1052da6 RtlDebugPrintTimes 21258->21259 21260 1052dc0 21258->21260 21262 1052dbb 21259->21262 21909 f940e1 21260->21909 21264 fed130 _vswprintf_s 12 API calls 21262->21264 21263 1052f7c 22016 10530c4 21263->22016 21266 10530c1 21264->21266 21266->21059 21268 1053027 GetPEB 21269 1053032 GetPEB 21268->21269 21270 105304f 21268->21270 21272 f9b150 _vswprintf_s 12 API calls 21269->21272 21273 f9b150 _vswprintf_s 12 API calls 21270->21273 21271 1052e29 21274 1052e38 21271->21274 21276 faeef0 27 API calls 21271->21276 21275 105304c 21272->21275 21273->21275 21924 1054496 21274->21924 21278 f9b150 _vswprintf_s 12 API calls 21275->21278 21276->21274 21278->21263 21279 1052e53 21988 10549a4 21279->21988 21282 104fa2b 28 API calls 21283 1052eab 21282->21283 21284 1052ecc 21283->21284 21286 fc16c7 LdrInitializeThunk 21283->21286 21285 1052f18 GetPEB 21284->21285 21287 1054496 128 API calls 21284->21287 21288 1052f95 21285->21288 21289 1052f29 21285->21289 21286->21284 21287->21285 21288->21263 21296 1052fd0 GetPEB 21288->21296 21290 1052f2e GetPEB 21289->21290 21291 1052f4b 21289->21291 21292 f9b150 _vswprintf_s 12 API calls 21290->21292 21293 f9b150 _vswprintf_s 12 API calls 21291->21293 21294 1052f48 21292->21294 21293->21294 21295 f9b150 _vswprintf_s 12 API calls 21294->21295 21297 1052f69 GetPEB 21295->21297 21298 1052ff8 21296->21298 21299 1052fdb GetPEB 21296->21299 21297->21263 21300 f9b150 _vswprintf_s 12 API calls 21298->21300 21302 f9b150 _vswprintf_s 12 API calls 21299->21302 21303 1052ff5 21300->21303 21302->21303 22008 103d455 21303->22008 21305 105300e 21306 f9b150 _vswprintf_s 12 API calls 21305->21306 21306->21297 21308 fba337 21307->21308 21311 fba42d 21307->21311 21310 fb99bf 73 API calls 21308->21310 21308->21311 21349 fba3c6 21308->21349 21309 fba830 32 API calls 21338 fba3bd 21309->21338 21312 fba37f 21310->21312 21313 fba620 21311->21313 21325 fba440 21311->21325 21314 fba396 21312->21314 21318 fba3f8 21312->21318 21316 1001e6c GetPEB 21313->21316 21317 fba62d 21313->21317 21315 fba830 32 API calls 21314->21315 21319 fba39e 21315->21319 21320 1001e95 21316->21320 21321 1001e78 GetPEB 21316->21321 21323 fba65b 21317->21323 21329 1001eca 21317->21329 21318->21311 21324 f99373 28 API calls 21318->21324 21319->21338 22100 fcabd8 21319->22100 21327 f9b150 _vswprintf_s 12 API calls 21320->21327 21326 f9b150 _vswprintf_s 12 API calls 21321->21326 21322 10020c2 GetPEB 21331 10020d5 GetPEB 21322->21331 21328 fc174b 14 API calls 21323->21328 21324->21311 21325->21329 21336 fc174b 14 API calls 21325->21336 21325->21349 21351 fba4fb 21325->21351 21373 fba4e5 21325->21373 21330 1001e92 21326->21330 21327->21330 21333 fba66e 21328->21333 21334 1002240 GetPEB 21329->21334 21329->21349 21337 f9b150 _vswprintf_s 12 API calls 21330->21337 21335 10020ea 21331->21335 21331->21351 21339 fba676 21333->21339 21340 1001ede 21333->21340 21342 1002269 21334->21342 21343 100224c GetPEB 21334->21343 21345 10514fb 14 API calls 21335->21345 21346 fba4d8 21336->21346 21347 1001eaa 21337->21347 21338->21082 21348 fb7d50 GetPEB 21339->21348 21340->21349 21350 fbb73d 32 API calls 21340->21350 21341 fba594 21344 fbb73d 32 API calls 21341->21344 21354 f9b150 _vswprintf_s 12 API calls 21342->21354 21353 f9b150 _vswprintf_s 12 API calls 21343->21353 21355 fba5b2 21344->21355 21345->21351 21346->21340 21356 fba4e0 21346->21356 21347->21317 21365 1052073 28 API calls 21347->21365 21357 fba67b 21348->21357 21349->21309 21350->21349 21351->21341 21352 fba55f 21351->21352 21363 1002109 GetPEB 21351->21363 21360 1002162 21352->21360 21368 fba584 21352->21368 21361 1002266 21353->21361 21354->21361 21362 fba830 32 API calls 21355->21362 21364 fb7d50 GetPEB 21356->21364 21358 1001f11 GetPEB 21357->21358 21359 fba688 21357->21359 21366 1001f24 GetPEB 21358->21366 21359->21366 21367 fba693 21359->21367 21376 105a80d 28 API calls 21360->21376 21369 f9b150 _vswprintf_s 12 API calls 21361->21369 21370 fba5c1 21362->21370 21371 1002131 21363->21371 21372 1002114 GetPEB 21363->21372 21364->21373 21365->21317 21366->21367 21375 1001f37 21366->21375 22105 f99373 21367->22105 21374 fba830 32 API calls 21368->21374 21377 100227e 21369->21377 21378 fb7d50 GetPEB 21370->21378 21381 f9b150 _vswprintf_s 12 API calls 21371->21381 21379 f9b150 _vswprintf_s 12 API calls 21372->21379 21373->21322 21380 fba4ed 21373->21380 21374->21341 21383 10514fb 14 API calls 21375->21383 21376->21341 21377->21349 21388 1052073 28 API calls 21377->21388 21384 fba5c6 21378->21384 21385 100212e 21379->21385 21380->21331 21380->21351 21381->21385 21383->21367 21389 10021a0 GetPEB 21384->21389 21390 fba5d3 21384->21390 21386 f9b150 _vswprintf_s 12 API calls 21385->21386 21391 1002146 21386->21391 21388->21349 21393 10021b3 GetPEB 21389->21393 21390->21393 21394 fba5de 21390->21394 21391->21352 21398 1052073 28 API calls 21391->21398 21393->21394 21395 10021c8 21393->21395 21396 fb7d50 GetPEB 21394->21396 21397 fb7d50 GetPEB 21395->21397 21399 fba5e3 21396->21399 21400 10021cd 21397->21400 21398->21352 21402 1002201 GetPEB 21399->21402 21403 fba5f0 21399->21403 21404 10021e0 21400->21404 21405 10021d1 GetPEB 21400->21405 21401 fba77d 21406 fb7d50 GetPEB 21401->21406 21402->21403 21403->21338 21414 fb7d50 GetPEB 21403->21414 21409 1051411 12 API calls 21404->21409 21405->21404 21408 fba787 21406->21408 21411 fba78f 21408->21411 21412 1001fea GetPEB 21408->21412 21409->21394 21410 fba74e 21415 fba76d 21410->21415 21422 1001faf 21410->21422 21417 fba79a 21411->21417 21418 1001ffd GetPEB 21411->21418 21412->21418 21413 1001f56 GetPEB 21419 1001f61 GetPEB 21413->21419 21420 1001f7e 21413->21420 21421 1002219 21414->21421 21416 fba830 32 API calls 21415->21416 21416->21401 21424 fb7d50 GetPEB 21417->21424 21418->21417 21427 1002012 21418->21427 21425 f9b150 _vswprintf_s 12 API calls 21419->21425 21428 f9b150 _vswprintf_s 12 API calls 21420->21428 21421->21329 21426 1002075 21421->21426 21423 105a80d 28 API calls 21422->21423 21423->21401 21429 fba79f 21424->21429 21430 1001f7b 21425->21430 21436 1051411 12 API calls 21426->21436 21431 fb7d50 GetPEB 21427->21431 21428->21430 21434 1002051 GetPEB 21429->21434 21435 fba7b1 21429->21435 21433 f9b150 _vswprintf_s 12 API calls 21430->21433 21439 1001f93 21433->21439 21434->21435 21435->21338 21436->21338 21439->21410 21441 1052073 28 API calls 21439->21441 21441->21410 21458 fba850 21445->21458 21468 fbaa53 21445->21468 21446 10022bb GetPEB 21447 10022c7 GetPEB 21446->21447 21446->21458 21449 f9b150 _vswprintf_s 12 API calls 21447->21449 21448 105a80d 28 API calls 21448->21458 21449->21458 21450 1002385 21452 105a80d 28 API calls 21450->21452 21451 fbab40 28 API calls 21451->21458 21454 fbaa3c 21452->21454 21453 f9b150 12 API calls _vswprintf_s 21453->21458 21459 10023cb GetPEB 21454->21459 21454->21468 21455 1052073 28 API calls 21455->21458 21456 1002376 21457 105a80d 28 API calls 21456->21457 21457->21450 21458->21446 21458->21448 21458->21450 21458->21451 21458->21453 21458->21454 21458->21455 21458->21456 21458->21468 21460 10023f6 21459->21460 21461 10023d7 GetPEB 21459->21461 21463 f9b150 _vswprintf_s 12 API calls 21460->21463 21462 f9b150 _vswprintf_s 12 API calls 21461->21462 21464 10023f1 21462->21464 21463->21464 21465 f9b150 _vswprintf_s 12 API calls 21464->21465 21466 100240d 21465->21466 21467 1052073 28 API calls 21466->21467 21466->21468 21467->21468 21468->21149 21470 10515bd _vswprintf_s 21469->21470 21471 fdb640 _vswprintf_s 12 API calls 21470->21471 21472 1051602 21471->21472 21472->21126 21650 fbb8e4 21473->21650 21476 1002957 GetPEB 21479 1002980 21476->21479 21480 1002963 GetPEB 21476->21480 21477 fbb65a 21488 1002ad1 21477->21488 21489 fbb6f5 21477->21489 21494 fbb66c GetPEB 21477->21494 21478 fdb640 _vswprintf_s 12 API calls 21483 fbb260 21478->21483 21484 f9b150 _vswprintf_s 12 API calls 21479->21484 21485 f9b150 _vswprintf_s 12 API calls 21480->21485 21481 fbb4e8 21486 fbb51f 21481->21486 21490 10029c0 21481->21490 21482 10029af RtlDebugPrintTimes 21482->21490 21483->21181 21483->21185 21487 100297d 21484->21487 21485->21487 21664 fd9660 LdrInitializeThunk 21486->21664 21492 f9b150 _vswprintf_s 12 API calls 21487->21492 21493 105a80d 28 API calls 21488->21493 21489->21494 21502 105a80d 28 API calls 21490->21502 21496 1002995 21492->21496 21497 1002add 21493->21497 21494->21497 21498 fbb680 21494->21498 21495 fbb535 21499 fbb543 GetPEB 21495->21499 21519 fbb6b1 21495->21519 21500 fbb4ba 21496->21500 21505 1052073 28 API calls 21496->21505 21497->21498 21501 1002aee GetPEB 21497->21501 21506 1002b06 GetPEB 21498->21506 21507 fbb690 GetPEB 21498->21507 21503 1002a12 21499->21503 21504 fbb554 21499->21504 21500->21477 21500->21481 21500->21482 21501->21498 21502->21519 21503->21504 21508 1002a1b GetPEB 21503->21508 21513 fbb562 21504->21513 21514 1002a2e GetPEB 21504->21514 21505->21500 21506->21507 21509 1002b19 21506->21509 21510 fbb6a6 21507->21510 21511 1002b4f 21507->21511 21508->21504 21515 fb7d50 GetPEB 21509->21515 21510->21519 21520 1002b6b 21510->21520 21511->21510 21512 1002b58 GetPEB 21511->21512 21512->21510 21516 fbb588 21513->21516 21528 104fa2b 28 API calls 21513->21528 21514->21513 21517 1002a41 21514->21517 21518 1002b1e 21515->21518 21525 105a80d 28 API calls 21516->21525 21537 fbb5b8 21516->21537 21522 105138a 14 API calls 21517->21522 21523 1002b31 21518->21523 21524 1002b22 GetPEB 21518->21524 21519->21478 21521 fb7d50 GetPEB 21520->21521 21526 1002b70 21521->21526 21522->21513 21527 1051582 12 API calls 21523->21527 21524->21523 21525->21537 21529 1002b83 21526->21529 21530 1002b74 GetPEB 21526->21530 21531 1002b4a 21527->21531 21528->21516 21532 1051582 12 API calls 21529->21532 21530->21529 21531->21507 21534 1002b9c 21532->21534 21533 fbb5d4 21536 fbb5f2 21533->21536 21538 105a80d 28 API calls 21533->21538 21534->21534 21536->21477 21665 fbb73d 21536->21665 21537->21533 21537->21536 21689 fbbc04 21537->21689 21538->21536 21542 fb99e5 21540->21542 21599 fb99f5 21540->21599 21541 fb9a6e 21543 1001466 21541->21543 21544 fb9a7c 21541->21544 21542->21541 21545 104fa2b 28 API calls 21542->21545 21542->21599 21546 100159c 21543->21546 21549 1001487 21543->21549 21547 100166a 21544->21547 21548 fb9a9d 21544->21548 21545->21541 21550 105a80d 28 API calls 21546->21550 21551 105a80d 28 API calls 21547->21551 21552 fb9ad7 21548->21552 21560 fbbc04 28 API calls 21548->21560 21553 10014c0 21549->21553 21562 fbbc04 28 API calls 21549->21562 21570 fb9b2b 21550->21570 21551->21599 21565 fb9ae8 21552->21565 21702 fba229 21552->21702 21556 fba229 39 API calls 21553->21556 21568 10014f2 21553->21568 21554 104fa2b 28 API calls 21554->21599 21555 105a80d 28 API calls 21555->21599 21559 10014da 21556->21559 21558 fba309 82 API calls 21558->21599 21563 10014de 21559->21563 21559->21568 21560->21552 21561 fb9b27 21561->21565 21561->21570 21562->21553 21566 fba309 82 API calls 21563->21566 21564 fb9a3d 21564->21187 21569 10015f9 GetPEB 21565->21569 21565->21599 21566->21570 21567 fba229 39 API calls 21567->21599 21568->21570 21571 1001532 GetPEB 21568->21571 21573 1001624 21569->21573 21574 1001606 GetPEB 21569->21574 21570->21558 21576 100155d 21571->21576 21577 100153f GetPEB 21571->21577 21572 10018a7 21572->21564 21585 10018e7 GetPEB 21572->21585 21580 f9b150 _vswprintf_s 12 API calls 21573->21580 21579 f9b150 _vswprintf_s 12 API calls 21574->21579 21575 fbbc04 28 API calls 21575->21599 21578 f9b150 _vswprintf_s 12 API calls 21576->21578 21582 f9b150 _vswprintf_s 12 API calls 21577->21582 21583 100155a 21578->21583 21586 1001621 21579->21586 21580->21586 21581 fba309 82 API calls 21581->21599 21582->21583 21587 f9b150 _vswprintf_s 12 API calls 21583->21587 21584 100179e GetPEB 21588 10017ab GetPEB 21584->21588 21584->21599 21589 1001912 21585->21589 21590 10018f4 GetPEB 21585->21590 21591 f9b150 _vswprintf_s 12 API calls 21586->21591 21592 100157c GetPEB 21587->21592 21593 f9b150 _vswprintf_s 12 API calls 21588->21593 21596 f9b150 _vswprintf_s 12 API calls 21589->21596 21595 f9b150 _vswprintf_s 12 API calls 21590->21595 21597 1001643 GetPEB 21591->21597 21592->21570 21593->21599 21594 f9b150 _vswprintf_s 12 API calls 21594->21599 21598 100190f 21595->21598 21596->21598 21597->21599 21601 f9b150 _vswprintf_s 12 API calls 21598->21601 21599->21554 21599->21555 21599->21564 21599->21567 21599->21572 21599->21575 21599->21581 21599->21584 21599->21594 21600 f9b150 _vswprintf_s 12 API calls 21599->21600 21602 10017e8 GetPEB 21600->21602 21603 1001931 GetPEB 21601->21603 21602->21599 21603->21564 21604->21196 21605->21199 21610 fc13b9 21606->21610 21607 fc13ea 21609 fc16c7 LdrInitializeThunk 21607->21609 21611 fc141f 21607->21611 21608 fc0678 28 API calls 21608->21610 21609->21611 21610->21607 21610->21608 21615 100555b 21610->21615 21750 fd9660 LdrInitializeThunk 21610->21750 21612 fc1482 21611->21612 21616 105a80d 28 API calls 21611->21616 21614 fbb73d 32 API calls 21612->21614 21617 fc14a0 21614->21617 21618 fb7d50 GetPEB 21615->21618 21616->21612 21620 fc14c9 21617->21620 21623 fba830 32 API calls 21617->21623 21619 1005560 21618->21619 21621 1005574 21619->21621 21622 1005564 GetPEB 21619->21622 21624 fbb391 21620->21624 21625 105a80d 28 API calls 21620->21625 21621->21607 21626 100557e GetPEB 21621->21626 21622->21621 21623->21620 21624->21200 21624->21204 21624->21205 21627 10055ef 21625->21627 21626->21607 21628 100558d 21626->21628 21627->21627 21629 105138a 14 API calls 21628->21629 21629->21607 21630->21196 21751 fd96e0 LdrInitializeThunk 21631->21751 21633 fc1765 21637 fc1773 21633->21637 21752 1043c60 21633->21752 21637->21183 21639 103cb72 21638->21639 21649 103ccf7 21638->21649 21640 104fa2b 28 API calls 21639->21640 21641 fb99bf 94 API calls 21639->21641 21642 105a80d 28 API calls 21639->21642 21643 fba229 39 API calls 21639->21643 21644 fba830 32 API calls 21639->21644 21645 fba309 94 API calls 21639->21645 21646 fbbc04 28 API calls 21639->21646 21647 103ccc4 21639->21647 21640->21639 21641->21639 21642->21639 21643->21639 21644->21639 21645->21639 21646->21639 21648 104fa2b 28 API calls 21647->21648 21647->21649 21648->21649 21649->21186 21651 1002c43 21650->21651 21658 fbb8fa 21650->21658 21652 1002c56 GetPEB 21651->21652 21651->21658 21653 1002c62 GetPEB 21652->21653 21654 1002c7f 21652->21654 21655 f9b150 _vswprintf_s 12 API calls 21653->21655 21657 f9b150 _vswprintf_s 12 API calls 21654->21657 21660 1002c7c 21655->21660 21656 fbb49a 21656->21476 21656->21500 21656->21519 21657->21660 21658->21656 21694 fbab40 21658->21694 21661 f9b150 _vswprintf_s 12 API calls 21660->21661 21662 1002c94 21661->21662 21662->21658 21663 1052073 28 API calls 21662->21663 21663->21658 21664->21495 21666 fbb855 21665->21666 21669 fbb77c 21665->21669 21667 105a80d 28 API calls 21666->21667 21666->21669 21667->21669 21668 1002bbf GetPEB 21670 1002be8 21668->21670 21671 1002bcb GetPEB 21668->21671 21669->21668 21674 fbb78e 21669->21674 21673 f9b150 _vswprintf_s 12 API calls 21670->21673 21672 f9b150 _vswprintf_s 12 API calls 21671->21672 21675 1002be5 21672->21675 21673->21675 21676 fbb8e4 30 API calls 21674->21676 21682 fbb7e2 21674->21682 21677 f9b150 _vswprintf_s 12 API calls 21675->21677 21678 fbb7bf 21676->21678 21679 1002bfd 21677->21679 21680 1002c18 21678->21680 21687 fbb7ca 21678->21687 21679->21674 21685 1052073 28 API calls 21679->21685 21683 105a80d 28 API calls 21680->21683 21681 fbb800 21681->21477 21682->21681 21684 105a80d 28 API calls 21682->21684 21683->21682 21686 1002c3e 21684->21686 21685->21674 21686->21686 21687->21682 21688 fbe4a0 28 API calls 21687->21688 21688->21682 21690 fbbc24 21689->21690 21691 105a80d 28 API calls 21690->21691 21693 fbbc5f 21690->21693 21692 1002d06 21691->21692 21693->21533 21695 fbab6e 21694->21695 21701 fbabbb 21694->21701 21696 105a80d 28 API calls 21695->21696 21697 fbabd0 21695->21697 21695->21701 21696->21697 21698 105a80d 28 API calls 21697->21698 21699 fbac01 21697->21699 21698->21699 21700 105a80d 28 API calls 21699->21700 21699->21701 21700->21699 21701->21656 21712 fba249 21702->21712 21703 fba265 21749 fd9660 LdrInitializeThunk 21703->21749 21705 fba27e 21706 1001db5 GetPEB 21705->21706 21711 fb7d50 GetPEB 21705->21711 21709 1001de4 21706->21709 21710 1001dc7 GetPEB 21706->21710 21707 1001c9e 21708 105a80d 28 API calls 21707->21708 21713 1001cb0 21708->21713 21715 f9b150 _vswprintf_s 12 API calls 21709->21715 21714 f9b150 _vswprintf_s 12 API calls 21710->21714 21716 fba28d 21711->21716 21712->21703 21712->21707 21713->21561 21719 1001de1 21714->21719 21715->21719 21717 fba29a 21716->21717 21718 1001cb8 GetPEB 21716->21718 21720 1001ccb GetPEB 21717->21720 21721 fba2a5 21717->21721 21718->21720 21722 f9b150 _vswprintf_s 12 API calls 21719->21722 21720->21721 21724 1001cde 21720->21724 21723 fb7d50 GetPEB 21721->21723 21725 1001e03 21722->21725 21726 fba2ba 21723->21726 21727 105138a 14 API calls 21724->21727 21728 1001cf4 GetPEB 21726->21728 21729 fba2c2 21726->21729 21727->21721 21730 1001d07 GetPEB 21728->21730 21729->21730 21743 fba2cd 21729->21743 21730->21743 21749->21705 21750->21610 21751->21633 21753 100562b 21752->21753 21754 1043c78 21752->21754 21753->21637 21756 fd96e0 LdrInitializeThunk 21753->21756 21754->21753 21757 1043d40 21754->21757 21756->21637 21758 1043d7f 21757->21758 21759 1043da6 RtlDebugPrintTimes 21758->21759 21761 1043e0c 21758->21761 21759->21758 21760 1043e55 21762 fdb640 _vswprintf_s 12 API calls 21760->21762 21761->21760 21764 1043e37 GetPEB 21761->21764 21764->21761 21768 fcf527 21765->21768 21769 fcf559 21768->21769 21779 fcf505 21768->21779 21770 fc0678 28 API calls 21769->21770 21771 fcf569 21770->21771 21788 fd9660 LdrInitializeThunk 21771->21788 21773 fcf57d 21774 fb7d50 GetPEB 21773->21774 21773->21779 21775 fcf592 21774->21775 21776 100bcc0 GetPEB 21775->21776 21777 fcf59f 21775->21777 21778 100bcd3 GetPEB 21776->21778 21777->21778 21777->21779 21778->21779 21780 100bce6 21778->21780 21779->21239 21781 fb7d50 GetPEB 21780->21781 21782 100bceb 21781->21782 21783 100bcfe 21782->21783 21784 100bcef GetPEB 21782->21784 21785 1051582 12 API calls 21783->21785 21784->21783 21786 100bd16 21785->21786 21787 105138a 14 API calls 21786->21787 21787->21779 21788->21773 21790 fc53d1 _vswprintf_s 21789->21790 21791 10070b0 21790->21791 21792 fc53fb GetPEB 21790->21792 21792->21791 21793 fc540e 21792->21793 21793->21791 21794 faeef0 27 API calls 21793->21794 21795 fc5426 21794->21795 21795->21791 21815 fc5539 21795->21815 21798 faeb70 34 API calls 21799 fc54a0 21798->21799 21819 fc3c3e 21799->21819 21813 f99d01 21811->21813 21812 f99d44 21812->21248 21813->21812 21814 fbe4a0 28 API calls 21813->21814 21814->21813 21816 fc5487 21815->21816 21817 fc554d 21815->21817 21816->21798 21817->21816 21863 fbeb9a 21817->21863 21820 fc4e70 14 API calls 21819->21820 21821 fc3c65 21820->21821 21882 fc3fcd 21821->21882 21826 fc0678 28 API calls 21827 fc3c99 21826->21827 21889 fd9660 LdrInitializeThunk 21827->21889 21829 fc3cb1 21830 fc0678 28 API calls 21829->21830 21842 fc3d05 21829->21842 21831 fc3ce0 21830->21831 21890 fd9660 LdrInitializeThunk 21831->21890 21832 10062d4 GetPEB 21835 10062e7 GetPEB 21832->21835 21846 fc3d1d 21835->21846 21842->21832 21844 fc3d12 21842->21844 21844->21835 21844->21846 21864 fbec9a 21863->21864 21866 fbebb9 21863->21866 21865 fbec6b 21865->21816 21866->21865 21867 1004258 21866->21867 21869 1004263 21866->21869 21870 fbe4a0 28 API calls 21866->21870 21871 fbbc04 28 API calls 21866->21871 21868 104fa2b 28 API calls 21867->21868 21868->21869 21872 10042d6 21869->21872 21873 1004286 GetPEB 21869->21873 21870->21866 21871->21866 21874 1004292 GetPEB 21873->21874 21875 10042af 21873->21875 21877 f9b150 _vswprintf_s 12 API calls 21874->21877 21876 f9b150 _vswprintf_s 12 API calls 21875->21876 21878 10042ac 21876->21878 21877->21878 21879 f9b150 _vswprintf_s 12 API calls 21878->21879 21880 10042c4 21879->21880 21880->21872 21881 1052073 28 API calls 21880->21881 21881->21872 21883 fc3fdf 21882->21883 21884 fc3c6e 21882->21884 21895 fc4710 21883->21895 21886 fc3f33 21884->21886 21887 fc3f45 GetPEB 21886->21887 21888 fc3c89 21886->21888 21887->21888 21888->21826 21889->21829 21896 fb7d50 GetPEB 21895->21896 21897 fc471b 21896->21897 21898 100664c GetPEB 21897->21898 21899 fc4723 21897->21899 21901 fc472f 21899->21901 21902 10464fb 21899->21902 21901->21884 21904 104659d 21902->21904 21903 1046640 21906 fdb640 _vswprintf_s 12 API calls 21903->21906 21904->21903 21908 fd95d0 LdrInitializeThunk 21904->21908 21907 104664f 21906->21907 21907->21901 21908->21903 21910 ff0423 GetPEB 21909->21910 21911 f940f7 21909->21911 21912 ff042f GetPEB 21910->21912 21913 ff044c 21910->21913 21911->21263 21911->21268 21911->21271 21914 f9b150 _vswprintf_s 12 API calls 21912->21914 21915 f9b150 _vswprintf_s 12 API calls 21913->21915 21916 ff0449 21914->21916 21915->21916 21917 f9b150 _vswprintf_s 12 API calls 21916->21917 21918 ff0462 21917->21918 21919 ff0473 21918->21919 21920 f9b150 _vswprintf_s 12 API calls 21918->21920 21921 f9b150 _vswprintf_s 12 API calls 21919->21921 21920->21919 21922 ff047f GetPEB 21921->21922 21923 ff048c 21922->21923 21925 10549a4 16 API calls 21924->21925 21930 10544b7 21925->21930 21926 10547f2 GetPEB 21927 10547fe 21926->21927 21928 fc174b 14 API calls 21927->21928 21968 1054738 21927->21968 21928->21968 21929 1054564 21933 105459f 21929->21933 22020 fd9660 LdrInitializeThunk 21929->22020 21930->21926 21930->21929 21931 1054697 GetPEB 21930->21931 21932 104fa2b 28 API calls 21930->21932 21934 1054636 GetPEB 21930->21934 21930->21968 21935 10546c0 21931->21935 21936 10546a3 GetPEB 21931->21936 21932->21930 21949 104fa2b 28 API calls 21933->21949 21953 1054759 21933->21953 21933->21968 22021 10423e3 21933->22021 21943 1054642 GetPEB 21934->21943 21944 105465f 21934->21944 21942 f9b150 _vswprintf_s 12 API calls 21935->21942 21941 f9b150 _vswprintf_s 12 API calls 21936->21941 21939 1054830 21950 1054835 GetPEB 21939->21950 21966 1054879 21939->21966 21940 10547aa GetPEB 21946 10547b6 GetPEB 21940->21946 21947 10547d3 21940->21947 21948 10546bd 21941->21948 21942->21948 21951 f9b150 _vswprintf_s 12 API calls 21943->21951 21945 f9b150 _vswprintf_s 12 API calls 21944->21945 21952 105465c 21945->21952 21954 f9b150 _vswprintf_s 12 API calls 21946->21954 21955 f9b150 _vswprintf_s 12 API calls 21947->21955 21956 f9b150 _vswprintf_s 12 API calls 21948->21956 21949->21933 21958 1054841 GetPEB 21950->21958 21959 105485e 21950->21959 21951->21952 21962 f9b150 _vswprintf_s 12 API calls 21952->21962 21961 1054796 21953->21961 21963 1054675 21953->21963 22032 1054aef 21953->22032 21969 10547d0 21954->21969 21955->21969 21956->21963 21964 f9b150 _vswprintf_s 12 API calls 21958->21964 21965 f9b150 _vswprintf_s 12 API calls 21959->21965 21960 10548a8 21967 10548dc 21960->21967 21973 105494f GetPEB 21960->21973 21961->21939 21961->21940 21962->21963 21963->21926 21964->21969 21965->21969 21966->21960 21966->21968 21970 10548fb GetPEB 21966->21970 21971 fc174b 14 API calls 21967->21971 21968->21279 21972 f9b150 _vswprintf_s 12 API calls 21969->21972 21974 1054924 21970->21974 21975 1054907 GetPEB 21970->21975 21971->21968 21972->21963 21978 1054978 21973->21978 21979 105495b GetPEB 21973->21979 21977 f9b150 _vswprintf_s 12 API calls 21974->21977 21976 f9b150 _vswprintf_s 12 API calls 21975->21976 21980 1054921 21976->21980 21977->21980 21982 f9b150 _vswprintf_s 12 API calls 21978->21982 21981 f9b150 _vswprintf_s 12 API calls 21979->21981 21983 f9b150 _vswprintf_s 12 API calls 21980->21983 21984 1054975 21981->21984 21982->21984 21985 1054947 21983->21985 21986 f9b150 _vswprintf_s 12 API calls 21984->21986 21985->21973 21987 105499c 21986->21987 21989 10549bc 21988->21989 21999 1052e6b 21988->21999 21991 10549e4 _vswprintf_s 21989->21991 22092 fd9660 LdrInitializeThunk 21989->22092 21992 1054a21 GetPEB 21991->21992 21991->21999 21993 1054a2d GetPEB 21992->21993 21994 1054a4a 21992->21994 21996 f9b150 _vswprintf_s 12 API calls 21993->21996 21995 f9b150 _vswprintf_s 12 API calls 21994->21995 21997 1054a47 21995->21997 21996->21997 21998 f9b150 _vswprintf_s 12 API calls 21997->21998 22000 1054a6b 21998->22000 21999->21263 21999->21282 21999->21283 22000->21999 22001 1054a9b GetPEB 22000->22001 22002 1054ac4 22001->22002 22003 1054aa7 GetPEB 22001->22003 22004 f9b150 _vswprintf_s 12 API calls 22002->22004 22005 f9b150 _vswprintf_s 12 API calls 22003->22005 22006 1054ac1 22004->22006 22005->22006 22007 f9b150 _vswprintf_s 12 API calls 22006->22007 22007->21999 22009 103d4df 22008->22009 22010 103d462 22008->22010 22009->21305 22010->22009 22011 103d493 22010->22011 22012 103d4c5 22010->22012 22093 1013bd3 22011->22093 22014 1013bd3 12 API calls 22012->22014 22015 103d4c0 22014->22015 22015->21305 22017 10530d8 22016->22017 22018 10530ca 22016->22018 22017->21262 22019 faeb70 34 API calls 22018->22019 22019->22017 22020->21933 22022 10423f9 22021->22022 22031 1042588 22021->22031 22023 1042531 GetPEB 22022->22023 22022->22031 22024 104255c 22023->22024 22025 104253e GetPEB 22023->22025 22027 f9b150 _vswprintf_s 12 API calls 22024->22027 22026 f9b150 _vswprintf_s 12 API calls 22025->22026 22028 1042559 22026->22028 22027->22028 22029 f9b150 _vswprintf_s 12 API calls 22028->22029 22030 1042579 GetPEB 22029->22030 22030->22031 22031->21933 22063 1054eb2 22032->22063 22086 1054b15 22032->22086 22033 10550d5 22038 10550de GetPEB 22033->22038 22068 1054f39 22033->22068 22034 1054ec1 GetPEB 22035 10550b6 22034->22035 22036 1054ed1 GetPEB 22034->22036 22040 f9b150 _vswprintf_s 12 API calls 22035->22040 22039 f9b150 _vswprintf_s 12 API calls 22036->22039 22037 1055045 GetPEB 22041 1055051 GetPEB 22037->22041 22042 105506e 22037->22042 22043 1055107 22038->22043 22044 10550ea GetPEB 22038->22044 22050 1054eeb 22039->22050 22040->22050 22048 f9b150 _vswprintf_s 12 API calls 22041->22048 22045 f9b150 _vswprintf_s 12 API calls 22042->22045 22047 f9b150 _vswprintf_s 12 API calls 22043->22047 22046 f9b150 _vswprintf_s 12 API calls 22044->22046 22049 105506b 22045->22049 22046->22050 22047->22050 22048->22049 22051 f9b150 _vswprintf_s 12 API calls 22049->22051 22052 f9b150 _vswprintf_s 12 API calls 22050->22052 22051->22068 22052->22068 22053 10423e3 15 API calls 22053->22086 22054 1055001 GetPEB 22055 105500d GetPEB 22054->22055 22056 105502a 22054->22056 22059 f9b150 _vswprintf_s 12 API calls 22055->22059 22062 f9b150 _vswprintf_s 12 API calls 22056->22062 22057 1054ef1 GetPEB 22060 1054efd GetPEB 22057->22060 22061 1054f1a 22057->22061 22058 1054f88 22058->22068 22069 1054f9e GetPEB 22058->22069 22065 1055027 22059->22065 22066 f9b150 _vswprintf_s 12 API calls 22060->22066 22067 f9b150 _vswprintf_s 12 API calls 22061->22067 22062->22065 22063->22033 22063->22034 22064 fba229 39 API calls 22064->22086 22065->22037 22085 1054f17 22066->22085 22067->22085 22068->21953 22071 1054fc7 22069->22071 22072 1054faa GetPEB 22069->22072 22074 f9b150 _vswprintf_s 12 API calls 22071->22074 22073 f9b150 _vswprintf_s 12 API calls 22072->22073 22073->22085 22074->22085 22075 fbbc04 28 API calls 22075->22086 22076 fba309 94 API calls 22076->22086 22077 f9b150 _vswprintf_s 12 API calls 22077->22068 22078 1054f41 GetPEB 22079 1054f4d GetPEB 22078->22079 22080 1054f6a 22078->22080 22083 f9b150 _vswprintf_s 12 API calls 22079->22083 22084 f9b150 _vswprintf_s 12 API calls 22080->22084 22081 104fa2b 28 API calls 22081->22086 22082 105a80d 28 API calls 22082->22086 22083->22085 22084->22085 22085->22077 22086->22037 22086->22053 22086->22054 22086->22057 22086->22058 22086->22063 22086->22064 22086->22068 22086->22075 22086->22076 22086->22078 22086->22081 22086->22082 22087 fbe4a0 28 API calls 22086->22087 22088 fbe12c 22086->22088 22087->22086 22090 fbe13b 22088->22090 22089 fbab40 28 API calls 22089->22090 22090->22089 22091 fbe153 22090->22091 22091->22086 22092->21991 22094 1013bf3 22093->22094 22095 1013c05 22093->22095 22097 1013c54 22094->22097 22095->22015 22098 fde3a0 _vswprintf_s 12 API calls 22097->22098 22099 1013c70 22098->22099 22099->22095 22102 fcabf1 22100->22102 22101 fcac5f 22101->21338 22102->22101 22103 104fa2b 28 API calls 22102->22103 22130 fcac7b 22102->22130 22103->22102 22106 ff37ee 22105->22106 22107 f9938f 22105->22107 22108 105a80d 28 API calls 22106->22108 22107->22106 22109 f99397 22107->22109 22110 f993ab 22108->22110 22113 f993c3 22109->22113 22177 f993cc 22109->22177 22112 105a80d 28 API calls 22110->22112 22110->22113 22112->22113 22114 f99819 22113->22114 22115 f99829 22114->22115 22116 f9984c 22114->22116 22117 fbb8e4 30 API calls 22115->22117 22121 f9987b 22116->22121 22124 105a80d 28 API calls 22116->22124 22118 f9982e 22117->22118 22119 f99839 22118->22119 22120 ff3bbe 22118->22120 22181 f9988d 22119->22181 22123 105a80d 28 API calls 22120->22123 22121->21401 22121->21410 22121->21413 22123->22116 22125 ff3be4 22124->22125 22125->22125 22132 fcaca2 22130->22132 22134 fcad10 22130->22134 22131 fcacda 22131->22102 22132->22131 22175 fd96e0 LdrInitializeThunk 22132->22175 22135 1043c60 14 API calls 22134->22135 22136 fcad1e GetPEB 22134->22136 22137 1009f74 22135->22137 22138 fcad2c 22136->22138 22174 100a092 22136->22174 22137->22136 22176 fd96e0 LdrInitializeThunk 22137->22176 22141 fcad3c 22138->22141 22146 1009fa0 GetPEB 22138->22146 22139 100a0ba 22144 f9b150 _vswprintf_s 12 API calls 22139->22144 22140 100a09d GetPEB 22143 f9b150 _vswprintf_s 12 API calls 22140->22143 22148 1009fb3 GetPEB 22141->22148 22149 fcad47 GetPEB 22141->22149 22147 100a0b7 22143->22147 22144->22147 22145 1009f90 22145->22136 22146->22141 22152 f9b150 _vswprintf_s 12 API calls 22147->22152 22148->22149 22153 1009fc6 22148->22153 22150 1009fda 22149->22150 22151 fcad73 22149->22151 22150->22151 22154 1009fe3 GetPEB 22150->22154 22156 fcad7e GetPEB 22151->22156 22157 1009ff6 GetPEB 22151->22157 22152->22131 22155 10514fb 14 API calls 22153->22155 22154->22151 22158 1009fd5 22155->22158 22160 100a042 22156->22160 22161 fcad94 22156->22161 22157->22156 22159 100a009 22157->22159 22158->22149 22162 fb7d50 GetPEB 22159->22162 22160->22161 22163 100a04b GetPEB 22160->22163 22161->22131 22167 fb7d50 GetPEB 22161->22167 22164 100a00e 22162->22164 22163->22161 22165 100a021 22164->22165 22166 100a012 GetPEB 22164->22166 22168 1051411 12 API calls 22165->22168 22166->22165 22169 100a063 22167->22169 22170 100a03d 22168->22170 22171 100a076 22169->22171 22172 100a067 GetPEB 22169->22172 22170->22156 22173 1051411 12 API calls 22171->22173 22172->22171 22173->22174 22174->22139 22174->22140 22175->22134 22176->22145 22178 f993df 22177->22178 22179 f993e3 22177->22179 22178->22110 22180 fbbc04 28 API calls 22179->22180 22180->22178 22182 f998a0 22181->22182 22183 f998a4 22181->22183 22182->22116 22184 fbe4a0 28 API calls 22183->22184 22184->22182 19884 fd9540 LdrInitializeThunk

                                    Executed Functions

                                    Function 00FD98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 13 fd98f0-fd98fc LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: e090a988167f0b4d4240ac02757447fc4b82562d8c9a740e64236bf078cb2ef6
                                    • Instruction ID: 67af2394782c5da9b1f75b14a19153befa7e3f4341748f96c85c19cf76b91653
                                    • Opcode Fuzzy Hash: e090a988167f0b4d4240ac02757447fc4b82562d8c9a740e64236bf078cb2ef6
                                    • Instruction Fuzzy Hash: 2B90026160104502D201715E4804626100A97D03C1FA1C032A5015595FCA658992F171
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 12 fd9860-fd986c LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 94487d643da91e2b3e0c503a64e112a9997b1f798c48ebf0e0eab0bf6a574419
                                    • Instruction ID: 2198d3dc7b24a015a63f55b75fe316aad143a2d7167c93a750d4d06e879ff2b2
                                    • Opcode Fuzzy Hash: 94487d643da91e2b3e0c503a64e112a9997b1f798c48ebf0e0eab0bf6a574419
                                    • Instruction Fuzzy Hash: 0B90027120104413D211615E4904717100997D03C1FA1C422A4415598E96968952F161
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 11 fd9840-fd984c LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 657e334d7ad34b8cc34902ccc8e2436ec922249747eb3721bc22335eb3a5df11
                                    • Instruction ID: 87e0171f56892c5ae0cd039a09c86e2b1a5f0779fc89374cf7299f5073ef5212
                                    • Opcode Fuzzy Hash: 657e334d7ad34b8cc34902ccc8e2436ec922249747eb3721bc22335eb3a5df11
                                    • Instruction Fuzzy Hash: 6E900261242081525645B15E48045175006A7E03C17A1C022A5405990D85669856F661
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 15 fd99a0-fd99ac LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: d805195606aeff1b866bc7ec837bc598a980d051c1b0ba1a319f6bfeacc98988
                                    • Instruction ID: bf839cf576f5cfb69f2ee61d0c419c86663c42ae84012f9513e36025063959ff
                                    • Opcode Fuzzy Hash: d805195606aeff1b866bc7ec837bc598a980d051c1b0ba1a319f6bfeacc98988
                                    • Instruction Fuzzy Hash: CF9002A134104442D200615E4814B161005D7E1381F61C025E5055594E8659CC52B166
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 14 fd9910-fd991c LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: fb700640ca2f07d4838d5bc38bf298f86d39bf91c23577adb790f809828fecf5
                                    • Instruction ID: 06e51f1e2d13d78120733c372b8af2120eda6e2f09abf11fa39eb4207040a8ae
                                    • Opcode Fuzzy Hash: fb700640ca2f07d4838d5bc38bf298f86d39bf91c23577adb790f809828fecf5
                                    • Instruction Fuzzy Hash: 6E9002B120104402D240715E4804756100597D0381F61C021A9055594F86998DD5B6A5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 446b4faccaf77e981d2fe9911c60fca502f1efc27f7c31170cd9f53b7a6900d2
                                    • Instruction ID: 3d8de78b504658400dbaec949824354721ff6271a49c67f71b6859a04dfd104f
                                    • Opcode Fuzzy Hash: 446b4faccaf77e981d2fe9911c60fca502f1efc27f7c31170cd9f53b7a6900d2
                                    • Instruction Fuzzy Hash: AB90026121184042D300656E4C14B17100597D0383F61C125A4145594DC9558861B561
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 17 fd9a20-fd9a2c LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 6a0a38dd5c51919cd985cadc2a929882e5d914effd52666ed61204ae3cf2ddbd
                                    • Instruction ID: 6f13bccb407815f70338193974757146aa551352552b71080cd5949a5337e97b
                                    • Opcode Fuzzy Hash: 6a0a38dd5c51919cd985cadc2a929882e5d914effd52666ed61204ae3cf2ddbd
                                    • Instruction Fuzzy Hash: 4A900261601040424240716E8C449165005BBE1391761C131A4989590E85998865B6A5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 16 fd9a00-fd9a0c LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 5119dfb86c3ee1c81971ddcd724a93b14715b7be4a55a7172dcfafbfce20252f
                                    • Instruction ID: 217d7953a592c3be2ed5d82c69eaf7eb1c532daf71288dcb7afabae1fe2c01c8
                                    • Opcode Fuzzy Hash: 5119dfb86c3ee1c81971ddcd724a93b14715b7be4a55a7172dcfafbfce20252f
                                    • Instruction Fuzzy Hash: 6190027120144402D200615E4C1471B100597D0382F61C021A5155595E86658851B5B1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 5 fd95d0-fd95dc LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 61cb4e7d0aa5dc25867aa28a1524dd623aafe6837554d57e3fbf49639c6bbe2a
                                    • Instruction ID: 23b75397003c2c510676480f791f85fa5ce3a2d1db15df1c4e9d82619982608e
                                    • Opcode Fuzzy Hash: 61cb4e7d0aa5dc25867aa28a1524dd623aafe6837554d57e3fbf49639c6bbe2a
                                    • Instruction Fuzzy Hash: 539002A1202040034205715E4814626500A97E0381B61C031E50055D0EC5658891B165
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 4 fd9540-fd954c LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 3e926aec10801e4735371db30ddbe276ea5a3e927e2f142ff2b23ee187b4e837
                                    • Instruction ID: f97dde9642caac2308b91c1665238212b8d8fbc7a689c7f2dd45d065d6fb012e
                                    • Opcode Fuzzy Hash: 3e926aec10801e4735371db30ddbe276ea5a3e927e2f142ff2b23ee187b4e837
                                    • Instruction Fuzzy Hash: A3900265211040030205A55E0B04517104697D53D1361C031F5006590DD6618861B161
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 7 fd96e0-fd96ec LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: cc62e33dd01b8814fc59134cfcd9aa0dc0df99b152bbc4f181b8ba425b0a9820
                                    • Instruction ID: b8fb34d72dca84081ab4ec53c07210390e3e67abc8269a55aba1507ede5403e9
                                    • Opcode Fuzzy Hash: cc62e33dd01b8814fc59134cfcd9aa0dc0df99b152bbc4f181b8ba425b0a9820
                                    • Instruction Fuzzy Hash: 319002712010C802D210615E880475A100597D0381F65C421A8415698E86D58891B161
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 6 fd9660-fd966c LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 9597f3fb177449a51b90b20580488ec5907d8c0fb6ae01abb8b269c2a2342233
                                    • Instruction ID: c610bfcb7c5a1105fcb4830369ca227604ba7aebd7e1d2a253b1c21d3a817d45
                                    • Opcode Fuzzy Hash: 9597f3fb177449a51b90b20580488ec5907d8c0fb6ae01abb8b269c2a2342233
                                    • Instruction Fuzzy Hash: 7290027120104802D280715E480465A100597D1381FA1C025A4016694ECA558A59B7E1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 10 fd97a0-fd97ac LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: f1117f5ce0aba19cf7009a9ffce968762720b4c89bb86e82c4ec7d8a329e61a6
                                    • Instruction ID: 6d11bb959fa933a735a10f37045058f987e85c8a44003846e0a112d17538f64a
                                    • Opcode Fuzzy Hash: f1117f5ce0aba19cf7009a9ffce968762720b4c89bb86e82c4ec7d8a329e61a6
                                    • Instruction Fuzzy Hash: C790026130104003D240715E58186165005E7E1381F61D021E4405594DD9558856B262
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 9 fd9780-fd978c LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 843a01b6cc02d5605c659035b644776bd86ea8196658e7f3426b235c890f2d22
                                    • Instruction ID: d9ba82a48f7031ab640f03eaadf4c10cdc855fc1f556bdc2aa9352e8f7268b2e
                                    • Opcode Fuzzy Hash: 843a01b6cc02d5605c659035b644776bd86ea8196658e7f3426b235c890f2d22
                                    • Instruction Fuzzy Hash: F390026921304002D280715E580861A100597D1382FA1D425A4006598DC9558869B361
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 8 fd9710-fd971c LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 7ebc793ec5cd49d6076dcc8352d61a1ddfba9b3654d9dd48745fb5beaa90c135
                                    • Instruction ID: 37c288bb8e11c030022854d2d39dbfd91ea8711e15a3bb3d7885d12c8e255f02
                                    • Opcode Fuzzy Hash: 7ebc793ec5cd49d6076dcc8352d61a1ddfba9b3654d9dd48745fb5beaa90c135
                                    • Instruction Fuzzy Hash: 8390027120104402D200659E5808656100597E0381F61D021A9015595FC6A58891B171
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 fd967a-fd967f 1 fd968f-fd9696 LdrInitializeThunk 0->1 2 fd9681-fd9688 0->2
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 4d2cb04fdc5cf282054fced8688faabd29a5d9b29558a78cf1362b75aa7c272d
                                    • Instruction ID: b8b731fbdaf22fb0895cd232d1214b5ce974c2ec0764e342eae6ac4cacaa5a47
                                    • Opcode Fuzzy Hash: 4d2cb04fdc5cf282054fced8688faabd29a5d9b29558a78cf1362b75aa7c272d
                                    • Instruction Fuzzy Hash: 53B09B71D054C5C5D711D7B54A08727790177D0751F26C062D1020695B4778C491F6B5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0041F0A0 Relevance: .0, Instructions: 7COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366222827.000000000041F000.00000040.00000400.00020000.00000000.sdmp, Offset: 0041F000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_41f000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f0823cfae073da212eb333ff970e5c6e7a9f36da7609cc17c3dd2c68a5e4798d
                                    • Instruction ID: 318487e5e0aea3dc49f7eb1cd4554a1f15d8c32a5429445fd8a7697016cc2948
                                    • Opcode Fuzzy Hash: f0823cfae073da212eb333ff970e5c6e7a9f36da7609cc17c3dd2c68a5e4798d
                                    • Instruction Fuzzy Hash: 0FA022A0C0830C03002030FA2A83023B32CC000A08F0003EAAE8C022023C02A83200EB
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 0104B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Strings
                                    • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0104B53F
                                    • *** then kb to get the faulting stack, xrefs: 0104B51C
                                    • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0104B2DC
                                    • a NULL pointer, xrefs: 0104B4E0
                                    • an invalid address, %p, xrefs: 0104B4CF
                                    • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0104B39B
                                    • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0104B47D
                                    • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0104B305
                                    • Go determine why that thread has not released the critical section., xrefs: 0104B3C5
                                    • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0104B38F
                                    • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0104B2F3
                                    • This failed because of error %Ix., xrefs: 0104B446
                                    • The resource is owned exclusively by thread %p, xrefs: 0104B374
                                    • *** enter .cxr %p for the context, xrefs: 0104B50D
                                    • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0104B314
                                    • The resource is owned shared by %d threads, xrefs: 0104B37E
                                    • The instruction at %p tried to %s , xrefs: 0104B4B6
                                    • write to, xrefs: 0104B4A6
                                    • *** enter .exr %p for the exception record, xrefs: 0104B4F1
                                    • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0104B484
                                    • *** An Access Violation occurred in %ws:%s, xrefs: 0104B48F
                                    • The instruction at %p referenced memory at %p., xrefs: 0104B432
                                    • read from, xrefs: 0104B4AD, 0104B4B2
                                    • *** Inpage error in %ws:%s, xrefs: 0104B418
                                    • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0104B476
                                    • <unknown>, xrefs: 0104B27E, 0104B2D1, 0104B350, 0104B399, 0104B417, 0104B48E
                                    • *** Resource timeout (%p) in %ws:%s, xrefs: 0104B352
                                    • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0104B3D6
                                    • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0104B323
                                    • The critical section is owned by thread %p., xrefs: 0104B3B9
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                    • API String ID: 0-108210295
                                    • Opcode ID: fac2c8e3876cf69aefcb165684f0eca34a167b033fd54590af0d750105c6d3dc
                                    • Instruction ID: bf8c954a5e9f1bc44fda612f385db6c3b65ba42ecd038a153b4ca60f62f11b2c
                                    • Opcode Fuzzy Hash: fac2c8e3876cf69aefcb165684f0eca34a167b033fd54590af0d750105c6d3dc
                                    • Instruction Fuzzy Hash: B78124B5A40210FFDB217A09DC89EFF3B65BF96B51F4040A4F9846B196D761C401EBB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01051C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 44%
                                    			E01051C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0xf748a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00F9B150();
				} else {
					E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x108589c);
				E00F9B150("Heap error detected at %p (heap handle %p)\n",  *0x10858a0);
				_t27 =  *0x1085898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01051E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00F9B150();
				} else {
					E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E00F9B150("Error code: %d - %s\n",  *0x1085898);
				_t113 =  *0x10858a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00F9B150();
					} else {
						E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00F9B150("Parameter1: %p\n",  *0x10858a4);
				}
				_t115 =  *0x10858a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00F9B150();
					} else {
						E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00F9B150("Parameter2: %p\n",  *0x10858a8);
				}
				_t117 =  *0x10858ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00F9B150();
					} else {
						E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00F9B150("Parameter3: %p\n",  *0x10858ac);
				}
				_t119 =  *0x10858b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00F9B150();
					} else {
						E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x10858b4);
					E00F9B150("Last known valid blocks: before - %p, after - %p\n",  *0x10858b0);
				} else {
					_t120 =  *0x10858b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00F9B150();
				} else {
					E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E00F9B150("Stack trace available at %p\n", 0x10858c0);
			}











                                    0x01051c10
                                    0x01051c16
                                    0x01051c1e
                                    0x01051c3d
                                    0x01051c3e
                                    0x01051c20
                                    0x01051c35
                                    0x01051c3a
                                    0x01051c44
                                    0x01051c55
                                    0x01051c5a
                                    0x01051c65
                                    0x01051c67
                                    0x00000000
                                    0x01051c6e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x01051c67
                                    0x01051cdc
                                    0x01051ce5
                                    0x01051d04
                                    0x01051d05
                                    0x01051ce7
                                    0x01051cfc
                                    0x01051d01
                                    0x01051d0b
                                    0x01051d17
                                    0x01051d1f
                                    0x01051d25
                                    0x01051d30
                                    0x01051d4f
                                    0x01051d50
                                    0x01051d32
                                    0x01051d47
                                    0x01051d4c
                                    0x01051d61
                                    0x01051d67
                                    0x01051d68
                                    0x01051d6e
                                    0x01051d79
                                    0x01051d98
                                    0x01051d99
                                    0x01051d7b
                                    0x01051d90
                                    0x01051d95
                                    0x01051daa
                                    0x01051db0
                                    0x01051db1
                                    0x01051db7
                                    0x01051dc2
                                    0x01051de1
                                    0x01051de2
                                    0x01051dc4
                                    0x01051dd9
                                    0x01051dde
                                    0x01051df3
                                    0x01051df9
                                    0x01051dfa
                                    0x01051e00
                                    0x01051e0a
                                    0x01051e13
                                    0x01051e32
                                    0x01051e33
                                    0x01051e15
                                    0x01051e2a
                                    0x01051e2f
                                    0x01051e39
                                    0x01051e4a
                                    0x01051e02
                                    0x01051e02
                                    0x01051e08
                                    0x00000000
                                    0x00000000
                                    0x01051e08
                                    0x01051e5b
                                    0x01051e7a
                                    0x01051e7b
                                    0x01051e5d
                                    0x01051e72
                                    0x01051e77
                                    0x01051e95

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                    • API String ID: 0-2897834094
                                    • Opcode ID: 01e57b4f58f0da602cb040c4a205f8898eaad66a54e9621ac8784de6c2862a49
                                    • Instruction ID: b9d6e2b396f92eb1d517dcc8ecb1ec97d24635288b78f7f213805e86ddcfa099
                                    • Opcode Fuzzy Hash: 01e57b4f58f0da602cb040c4a205f8898eaad66a54e9621ac8784de6c2862a49
                                    • Instruction Fuzzy Hash: DD612836528144DFE791B744E855F2A77E4EB00B30709807BF88D6B262D27A9880AB1B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01052D82 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 228timeCOMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 64%
                                    			E01052D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x1070e80);
				E00FED0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E00F940E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E010530C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E00F9B150();
						} else {
							E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E00F9B150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E00FAEEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E01054496(_t181, 0);
						_t177 = L00FB4620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E010549A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E0104FA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E00F91F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E00FC16C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E01054496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x1086360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x1086364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x1086366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E00F9B150();
								} else {
									E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E0103D455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E00F9B150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E00F9B150();
								} else {
									E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E00F9B150("Just allocated block at %p for %Ix bytes\n",  *0x1086360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x1086378 = 1;
									 *0x10860c0 = 0;
									asm("int3");
									 *0x1086378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x1085708; // 0x0
					 *0x108b1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E00FED130(0, _t177, _t181);
				}
			}





















                                    0x01052d82
                                    0x01052d84
                                    0x01052d89
                                    0x01052d8e
                                    0x01052d90
                                    0x01052d92
                                    0x01052d97
                                    0x01052d9a
                                    0x01052da4
                                    0x01052dc0
                                    0x01052dc3
                                    0x01052dd1
                                    0x01052dd6
                                    0x01052dd8
                                    0x010530a7
                                    0x010530a7
                                    0x010530aa
                                    0x010530aa
                                    0x010530ad
                                    0x010530b4
                                    0x00000000
                                    0x010530b9
                                    0x01052de3
                                    0x01052de8
                                    0x01052deb
                                    0x01052dee
                                    0x01052df1
                                    0x01052df3
                                    0x01052dfb
                                    0x01052dfb
                                    0x01052df5
                                    0x01052df5
                                    0x01052df5
                                    0x01052e04
                                    0x01052e0a
                                    0x01052e0d
                                    0x01052e11
                                    0x01052e11
                                    0x01052e12
                                    0x01052e15
                                    0x01052e18
                                    0x01052e1a
                                    0x01053027
                                    0x01053027
                                    0x0105302d
                                    0x01053030
                                    0x0105304f
                                    0x01053054
                                    0x01053032
                                    0x01053047
                                    0x0105304c
                                    0x0105305a
                                    0x01053063
                                    0x00000000
                                    0x01052e20
                                    0x01052e20
                                    0x01052e23
                                    0x00000000
                                    0x00000000
                                    0x01052e29
                                    0x01052e2b
                                    0x01052e47
                                    0x01052e2d
                                    0x01052e33
                                    0x01052e38
                                    0x01052e3f
                                    0x01052e42
                                    0x01052e42
                                    0x01052e4e
                                    0x01052e5d
                                    0x01052e5f
                                    0x01052e62
                                    0x01052e66
                                    0x01052e6b
                                    0x01052e6d
                                    0x00000000
                                    0x01052e73
                                    0x01052e73
                                    0x01052e76
                                    0x01052e7a
                                    0x01052e83
                                    0x01052e83
                                    0x01052e83
                                    0x01052e85
                                    0x01052e87
                                    0x01052e8a
                                    0x01052e8d
                                    0x01052e92
                                    0x01052e9c
                                    0x01052e9f
                                    0x01052ea1
                                    0x01052ea2
                                    0x01052ea6
                                    0x01052ea6
                                    0x01052e9f
                                    0x01052eab
                                    0x01052eaf
                                    0x01052edf
                                    0x01052ee2
                                    0x01052ee5
                                    0x01052eb1
                                    0x01052eb3
                                    0x01052eb8
                                    0x01052ebd
                                    0x01052ec4
                                    0x01052ed6
                                    0x01052ec6
                                    0x01052ec7
                                    0x01052ecc
                                    0x01052ecf
                                    0x01052ed2
                                    0x01052ed2
                                    0x01052ed9
                                    0x01052ed9
                                    0x01052ee8
                                    0x01052eeb
                                    0x01052eef
                                    0x01052ef2
                                    0x01052efe
                                    0x01052f04
                                    0x01052f04
                                    0x01052f04
                                    0x01052f06
                                    0x01052f0d
                                    0x01052f0f
                                    0x01052f13
                                    0x01052f13
                                    0x01052f1b
                                    0x01052f21
                                    0x01052f27
                                    0x01052f95
                                    0x01052f98
                                    0x01052f9b
                                    0x01052fa0
                                    0x00000000
                                    0x00000000
                                    0x01052fa6
                                    0x01052fa9
                                    0x01052fac
                                    0x00000000
                                    0x00000000
                                    0x01052fb2
                                    0x01052fb9
                                    0x00000000
                                    0x00000000
                                    0x01052fc3
                                    0x01052fca
                                    0x00000000
                                    0x00000000
                                    0x01052fd0
                                    0x01052fd6
                                    0x01052fd9
                                    0x01052ff8
                                    0x01052ffd
                                    0x01052fdb
                                    0x01052ff0
                                    0x01052ff5
                                    0x0105300e
                                    0x0105300f
                                    0x0105301a
                                    0x00000000
                                    0x01052f29
                                    0x01052f29
                                    0x01052f2c
                                    0x01052f4b
                                    0x01052f50
                                    0x01052f2e
                                    0x01052f43
                                    0x01052f48
                                    0x01052f56
                                    0x01052f64
                                    0x01052f6c
                                    0x01052f6c
                                    0x01052f72
                                    0x01052f76
                                    0x01052f7c
                                    0x01052f83
                                    0x01052f89
                                    0x01052f8a
                                    0x01052f8a
                                    0x00000000
                                    0x01052f76
                                    0x01052f27
                                    0x01052e6d
                                    0x01052da6
                                    0x01052dab
                                    0x01052db3
                                    0x01052db9
                                    0x010530bc
                                    0x010530c1
                                    0x010530c1

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: DebugPrintTimes
                                    • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                    • API String ID: 3446177414-1745908468
                                    • Opcode ID: 960425e2a2979137b4dde4d229a2c1119c7d92e4175724de82075b7192a87b1d
                                    • Instruction ID: 5df0cddd9219fe39dd376813c5d4355d52df308429f557e8cdc6077ea2edf7e1
                                    • Opcode Fuzzy Hash: 960425e2a2979137b4dde4d229a2c1119c7d92e4175724de82075b7192a87b1d
                                    • Instruction Fuzzy Hash: B991F431500740DFDBA2DF68D465AAEBBF2BF45710F188059F9C59B2A2C73A9881DB11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01054AEF Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 59%
                                    			E01054AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E00F9B150();
						} else {
							E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E00F9B150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E00F9B150();
					} else {
						E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E0104FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E00F9B150();
						} else {
							E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E00F9B150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E00F9B150();
								} else {
									E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E00F9B150();
									} else {
										E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E00F9B150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E0104FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E00F9B150();
										} else {
											E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E00FED540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E00F9B150();
								} else {
									E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E0105A80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E00FBE12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E0105A80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E00FBE4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E00FBA229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E00FBA309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E00FBBC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E010423E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E00F91F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                    0x01054af7
                                    0x01054afb
                                    0x01054afd
                                    0x01054b01
                                    0x01054b03
                                    0x01054b08
                                    0x01054b0a
                                    0x01054b0f
                                    0x01054eb5
                                    0x01054eb5
                                    0x01054ebb
                                    0x010550d5
                                    0x010550d8
                                    0x01054ff6
                                    0x00000000
                                    0x01054ff6
                                    0x010550de
                                    0x010550e4
                                    0x010550e8
                                    0x01055107
                                    0x0105510c
                                    0x010550ea
                                    0x010550ff
                                    0x01055104
                                    0x01055112
                                    0x01055115
                                    0x01055118
                                    0x01055119
                                    0x010550cb
                                    0x010550cb
                                    0x010550af
                                    0x00000000
                                    0x010550af
                                    0x01054ecb
                                    0x010550b6
                                    0x010550bb
                                    0x01054ed1
                                    0x01054ee6
                                    0x01054eeb
                                    0x010550c1
                                    0x010550c2
                                    0x010550c5
                                    0x010550c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x01054b15
                                    0x01054b15
                                    0x01054b1c
                                    0x01054b1e
                                    0x01054b23
                                    0x01054b27
                                    0x01054b33
                                    0x01054b38
                                    0x01054b3a
                                    0x01054b3c
                                    0x01054b41
                                    0x01054b41
                                    0x01054b3a
                                    0x01054b52
                                    0x01055045
                                    0x0105504b
                                    0x0105504f
                                    0x0105506e
                                    0x01055073
                                    0x01055051
                                    0x01055066
                                    0x0105506b
                                    0x01055083
                                    0x01055088
                                    0x01055088
                                    0x0105508a
                                    0x01055091
                                    0x01055099
                                    0x01055099
                                    0x0105509d
                                    0x010550a7
                                    0x010550ad
                                    0x010550ad
                                    0x010550ad
                                    0x00000000
                                    0x0105509d
                                    0x01054b58
                                    0x01054b5b
                                    0x01054b5e
                                    0x01054b63
                                    0x01054b66
                                    0x01054b69
                                    0x01054b6f
                                    0x01054be4
                                    0x01054bf0
                                    0x01054bf2
                                    0x01054bf5
                                    0x01054dc3
                                    0x01054dc6
                                    0x01054dc9
                                    0x01054dce
                                    0x01054dce
                                    0x01054dd0
                                    0x01054dd0
                                    0x01054dd5
                                    0x01054def
                                    0x01054dd7
                                    0x01054de7
                                    0x01054de7
                                    0x01054df3
                                    0x01055001
                                    0x01055007
                                    0x0105500b
                                    0x0105502a
                                    0x0105502f
                                    0x0105500d
                                    0x01055022
                                    0x01055027
                                    0x01055039
                                    0x0105503a
                                    0x0105503b
                                    0x00000000
                                    0x01054df9
                                    0x01054dfd
                                    0x01054e90
                                    0x01054e94
                                    0x01054e9e
                                    0x01054ea4
                                    0x01054ea4
                                    0x01054ea4
                                    0x01054ea6
                                    0x01054ea6
                                    0x00000000
                                    0x01054ea6
                                    0x01054e03
                                    0x01054e08
                                    0x01054f88
                                    0x01054f92
                                    0x01054f99
                                    0x01054f9c
                                    0x01054fe0
                                    0x01054fe4
                                    0x01054fee
                                    0x01054ff4
                                    0x01054ff4
                                    0x01054ff4
                                    0x00000000
                                    0x01054fe4
                                    0x01054f9e
                                    0x01054fa4
                                    0x01054fa8
                                    0x01054fc7
                                    0x01054fcc
                                    0x01054faa
                                    0x01054fbf
                                    0x01054fc4
                                    0x01054fd2
                                    0x01054fd5
                                    0x01054fd6
                                    0x01054f34
                                    0x01054f34
                                    0x00000000
                                    0x01054f39
                                    0x01054e0e
                                    0x01054e14
                                    0x01054e1b
                                    0x01054e25
                                    0x01054e2b
                                    0x01054e2b
                                    0x01054e33
                                    0x01054e38
                                    0x01054e8a
                                    0x01054e8a
                                    0x00000000
                                    0x01054e3a
                                    0x01054e3e
                                    0x01054e43
                                    0x01054e47
                                    0x01054e53
                                    0x01054e58
                                    0x01054e5a
                                    0x01054e5c
                                    0x01054e61
                                    0x01054e61
                                    0x01054e5a
                                    0x01054e6e
                                    0x01054f41
                                    0x01054f47
                                    0x01054f4b
                                    0x01054f6a
                                    0x01054f6f
                                    0x01054f4d
                                    0x01054f62
                                    0x01054f67
                                    0x01054f7f
                                    0x01054f80
                                    0x01054f81
                                    0x00000000
                                    0x01054e74
                                    0x01054e78
                                    0x01054e82
                                    0x01054e88
                                    0x01054e88
                                    0x00000000
                                    0x01054e78
                                    0x01054e6e
                                    0x01054e38
                                    0x01054df3
                                    0x01054bfe
                                    0x01054c01
                                    0x01054c04
                                    0x01054c07
                                    0x01054c09
                                    0x01054c0c
                                    0x01054c0e
                                    0x01054c0e
                                    0x01054c11
                                    0x01054c11
                                    0x01054c0c
                                    0x01054c14
                                    0x01054c17
                                    0x01054dae
                                    0x01054db2
                                    0x01054db7
                                    0x01054dba
                                    0x01054dbd
                                    0x01054ef1
                                    0x01054ef7
                                    0x01054efb
                                    0x01054f1a
                                    0x01054f1f
                                    0x01054efd
                                    0x01054f12
                                    0x01054f17
                                    0x01054f2b
                                    0x01054f2b
                                    0x01054f2d
                                    0x01054f2e
                                    0x01054f2f
                                    0x00000000
                                    0x01054f2f
                                    0x00000000
                                    0x01054c1d
                                    0x01054c1d
                                    0x01054c20
                                    0x01054c23
                                    0x01054c26
                                    0x01054c29
                                    0x01054c2c
                                    0x01054c2e
                                    0x01054d91
                                    0x01054d91
                                    0x01054d92
                                    0x01054d97
                                    0x01054d9e
                                    0x00000000
                                    0x01054d9e
                                    0x01054c34
                                    0x01054c37
                                    0x01054c39
                                    0x01054c3c
                                    0x00000000
                                    0x00000000
                                    0x01054c45
                                    0x01054c48
                                    0x01054c4e
                                    0x01054c50
                                    0x01054c78
                                    0x01054c78
                                    0x01054c7b
                                    0x01054c7d
                                    0x01054c80
                                    0x01054c84
                                    0x01054cad
                                    0x01054cad
                                    0x01054cb0
                                    0x01054cb8
                                    0x01054cbb
                                    0x01054cbe
                                    0x01054cc1
                                    0x01054cc7
                                    0x01054cdc
                                    0x01054cc9
                                    0x01054cd2
                                    0x01054cd4
                                    0x01054cd4
                                    0x01054cde
                                    0x01054ce0
                                    0x01054d13
                                    0x01054d13
                                    0x01054d16
                                    0x01054d18
                                    0x01054d29
                                    0x01054d2a
                                    0x01054d2c
                                    0x01054d34
                                    0x01054d1a
                                    0x01054d1a
                                    0x01054d1a
                                    0x01054d1d
                                    0x01054d1f
                                    0x01054d22
                                    0x01054d24
                                    0x01054d24
                                    0x01054d3c
                                    0x01054d3f
                                    0x01054d45
                                    0x01054d47
                                    0x01054d6c
                                    0x01054d6c
                                    0x01054d70
                                    0x01054d7e
                                    0x01054d84
                                    0x01054d84
                                    0x00000000
                                    0x01054d49
                                    0x01054d49
                                    0x01054d56
                                    0x01054d56
                                    0x01054d59
                                    0x00000000
                                    0x00000000
                                    0x01054d4e
                                    0x01054d50
                                    0x01054d52
                                    0x01054d8e
                                    0x01054d5d
                                    0x01054d5f
                                    0x01054d67
                                    0x00000000
                                    0x01054d67
                                    0x01054d54
                                    0x01054d54
                                    0x01054d5b
                                    0x00000000
                                    0x01054d5b
                                    0x01054ce2
                                    0x01054ce2
                                    0x01054ce5
                                    0x01054ce5
                                    0x01054ce7
                                    0x01054cfb
                                    0x01054ce9
                                    0x01054ce9
                                    0x01054cec
                                    0x01054cef
                                    0x01054cf1
                                    0x01054cf3
                                    0x01054cf3
                                    0x01054cf3
                                    0x01054cf6
                                    0x01054cf6
                                    0x01054d02
                                    0x01054d05
                                    0x00000000
                                    0x00000000
                                    0x01054d07
                                    0x01054d0f
                                    0x01054d11
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x01054d11
                                    0x00000000
                                    0x01054ce5
                                    0x01054ce0
                                    0x01054c8a
                                    0x01054c8f
                                    0x01054c91
                                    0x00000000
                                    0x00000000
                                    0x01054c9d
                                    0x00000000
                                    0x01054c9d
                                    0x01054c52
                                    0x01054c5f
                                    0x01054c5f
                                    0x01054c62
                                    0x00000000
                                    0x00000000
                                    0x01054c57
                                    0x01054c59
                                    0x01054c5b
                                    0x01054caa
                                    0x01054c66
                                    0x01054c68
                                    0x01054c70
                                    0x01054c75
                                    0x00000000
                                    0x01054c75
                                    0x01054c5d
                                    0x01054c5d
                                    0x01054c64
                                    0x00000000
                                    0x01054c64
                                    0x01054c17
                                    0x01054b75
                                    0x01054bc4
                                    0x01054bc8
                                    0x00000000
                                    0x00000000
                                    0x01054bd9
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x01054b77
                                    0x01054b7a
                                    0x01054b8c
                                    0x01054b7c
                                    0x01054b7e
                                    0x01054b83
                                    0x01054b86
                                    0x01054b86
                                    0x01054b90
                                    0x01054b93
                                    0x00000000
                                    0x00000000
                                    0x01054b95
                                    0x01054bab
                                    0x01054bb0
                                    0x00000000
                                    0x00000000
                                    0x01054bb2
                                    0x01054bb9
                                    0x00000000
                                    0x00000000
                                    0x01054bbb
                                    0x01054bbe
                                    0x01054bc1
                                    0x01054bc1
                                    0x00000000
                                    0x01054bc1
                                    0x01054b97
                                    0x01054ba4
                                    0x00000000
                                    0x00000000
                                    0x01054ba6
                                    0x00000000
                                    0x01054ba6
                                    0x01054ea9
                                    0x01054ea9
                                    0x01054eb2
                                    0x00000000

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                    • API String ID: 0-3591852110
                                    • Opcode ID: 2abaeec54f85307c5c6861b3ddd2554b6f2b46d6caaee4bbf7c75c3495c2db74
                                    • Instruction ID: ae2ed4c0426008e87466c9f9a9bf5e9435bd5e7f4650fe39ee5f4b160ac8af1c
                                    • Opcode Fuzzy Hash: 2abaeec54f85307c5c6861b3ddd2554b6f2b46d6caaee4bbf7c75c3495c2db74
                                    • Instruction Fuzzy Hash: D412D1302046459FEBA5DF29C895BFBBBE1EF44700F148499E8C6CB652E778E880DB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01054496 Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 56%
                                    			E01054496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E010549A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x1086378 = _t267;
						asm("int3");
						 *0x1086378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E00FC174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E00F9B150();
							} else {
								E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E00F9B150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E00F9B150();
							} else {
								E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E00F9B150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x1086350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E00FD9660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E00FC174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E00F9B150();
										} else {
											E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E00F9B150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E00F9B150();
									} else {
										E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E00F9B150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E00F9B150();
								} else {
									E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E00F9B150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E00F9B150();
							} else {
								E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E01054AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E0104FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E010423E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                    0x010544a1
                                    0x010544a3
                                    0x010544a7
                                    0x010544ac
                                    0x010544af
                                    0x010544b2
                                    0x010544b9
                                    0x010544bc
                                    0x010547f2
                                    0x010547f2
                                    0x010547f8
                                    0x010547fc
                                    0x010547fe
                                    0x01054804
                                    0x01054805
                                    0x01054805
                                    0x0105480c
                                    0x01054810
                                    0x01054812
                                    0x01054812
                                    0x01054812
                                    0x01054822
                                    0x01054822
                                    0x01054827
                                    0x01054827
                                    0x00000000
                                    0x01054827
                                    0x010544c4
                                    0x010544d3
                                    0x010544d9
                                    0x010544dc
                                    0x010544de
                                    0x010544e0
                                    0x01054560
                                    0x01054520
                                    0x01054522
                                    0x01054525
                                    0x01054528
                                    0x0105452b
                                    0x0105452e
                                    0x01054530
                                    0x01054697
                                    0x0105469d
                                    0x010546a1
                                    0x010546c0
                                    0x010546c5
                                    0x010546a3
                                    0x010546b8
                                    0x010546bd
                                    0x010546cb
                                    0x010546d4
                                    0x01054677
                                    0x01054677
                                    0x01054679
                                    0x0105467c
                                    0x0105468a
                                    0x01054690
                                    0x01054690
                                    0x010547f1
                                    0x010547f1
                                    0x010547f1
                                    0x00000000
                                    0x010547f1
                                    0x01054536
                                    0x01054539
                                    0x0105453c
                                    0x01054636
                                    0x0105463c
                                    0x01054640
                                    0x0105465f
                                    0x01054664
                                    0x01054642
                                    0x01054657
                                    0x0105465c
                                    0x01054670
                                    0x00000000
                                    0x01054542
                                    0x01054542
                                    0x01054546
                                    0x01054548
                                    0x0105454b
                                    0x01054555
                                    0x0105455b
                                    0x0105455b
                                    0x0105455b
                                    0x0105455d
                                    0x0105455d
                                    0x0105455d
                                    0x00000000
                                    0x0105455d
                                    0x0105453c
                                    0x01054579
                                    0x0105457c
                                    0x01054587
                                    0x01054589
                                    0x01054591
                                    0x01054592
                                    0x01054597
                                    0x01054598
                                    0x010545a1
                                    0x010545ab
                                    0x010545ab
                                    0x010545a1
                                    0x010545ae
                                    0x010545b4
                                    0x010545b9
                                    0x010545bd
                                    0x01054759
                                    0x01054759
                                    0x0105475f
                                    0x01054761
                                    0x01054763
                                    0x01054765
                                    0x01054768
                                    0x0105476b
                                    0x0105476d
                                    0x0105479c
                                    0x0105479c
                                    0x0105479f
                                    0x010547a2
                                    0x010547a4
                                    0x01054830
                                    0x01054833
                                    0x01054879
                                    0x0105487d
                                    0x010548f1
                                    0x010548f3
                                    0x010548f3
                                    0x00000000
                                    0x010548f3
                                    0x0105487f
                                    0x01054885
                                    0x01054887
                                    0x010548a8
                                    0x010548a8
                                    0x010548ae
                                    0x010548b0
                                    0x010548dc
                                    0x010548dc
                                    0x010548dc
                                    0x010548dc
                                    0x010548ec
                                    0x00000000
                                    0x010548ec
                                    0x010548b2
                                    0x010548bc
                                    0x010548be
                                    0x010548c1
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x010548c3
                                    0x010548c3
                                    0x010548c6
                                    0x010548c9
                                    0x010548cc
                                    0x010548d1
                                    0x010548d4
                                    0x00000000
                                    0x00000000
                                    0x010548d6
                                    0x010548d7
                                    0x010548da
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x010548da
                                    0x0105494f
                                    0x01054955
                                    0x01054959
                                    0x01054978
                                    0x0105497d
                                    0x0105495b
                                    0x01054970
                                    0x01054975
                                    0x01054986
                                    0x01054987
                                    0x0105498a
                                    0x0105498d
                                    0x01054997
                                    0x010547ef
                                    0x010547ef
                                    0x010547ef
                                    0x00000000
                                    0x010547ef
                                    0x01054890
                                    0x01054890
                                    0x01054891
                                    0x01054891
                                    0x01054894
                                    0x01054897
                                    0x0105489d
                                    0x010548a0
                                    0x00000000
                                    0x00000000
                                    0x010548a2
                                    0x010548a3
                                    0x010548a6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x010548a6
                                    0x010548fb
                                    0x01054901
                                    0x01054905
                                    0x01054924
                                    0x01054929
                                    0x01054907
                                    0x0105491c
                                    0x01054921
                                    0x0105492f
                                    0x01054935
                                    0x01054936
                                    0x01054939
                                    0x01054942
                                    0x00000000
                                    0x01054947
                                    0x01054835
                                    0x0105483b
                                    0x0105483f
                                    0x0105485e
                                    0x01054863
                                    0x01054841
                                    0x01054856
                                    0x0105485b
                                    0x01054869
                                    0x0105486c
                                    0x0105486f
                                    0x010547e7
                                    0x010547e7
                                    0x00000000
                                    0x010547ec
                                    0x010547aa
                                    0x010547b0
                                    0x010547b4
                                    0x010547d3
                                    0x010547d8
                                    0x010547b6
                                    0x010547cb
                                    0x010547d0
                                    0x010547de
                                    0x010547df
                                    0x010547e2
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0105476f
                                    0x0105476f
                                    0x01054778
                                    0x01054785
                                    0x01054787
                                    0x0105478c
                                    0x0105478e
                                    0x00000000
                                    0x00000000
                                    0x01054790
                                    0x01054792
                                    0x01054794
                                    0x00000000
                                    0x00000000
                                    0x01054796
                                    0x01054799
                                    0x00000000
                                    0x01054799
                                    0x00000000
                                    0x010545c3
                                    0x010545c3
                                    0x010545c7
                                    0x010545c7
                                    0x010545ca
                                    0x010545cf
                                    0x010545d3
                                    0x010545df
                                    0x010545e4
                                    0x010545e6
                                    0x010545e8
                                    0x010545ed
                                    0x010545ed
                                    0x010545f2
                                    0x010545f2
                                    0x010545f7
                                    0x010545fc
                                    0x01054602
                                    0x01054606
                                    0x01054609
                                    0x0105460f
                                    0x010546de
                                    0x010546e3
                                    0x010546e5
                                    0x010546ec
                                    0x010546ee
                                    0x010546f6
                                    0x010546f6
                                    0x010546f6
                                    0x010546f6
                                    0x010546ec
                                    0x01054615
                                    0x01054615
                                    0x0105461d
                                    0x0105462e
                                    0x0105462e
                                    0x0105461d
                                    0x0105460f
                                    0x01054609
                                    0x010546fd
                                    0x00000000
                                    0x00000000
                                    0x01054710
                                    0x0105471a
                                    0x01054720
                                    0x01054720
                                    0x01054722
                                    0x0105472c
                                    0x00000000
                                    0x0105472e
                                    0x0105472e
                                    0x00000000
                                    0x0105472e
                                    0x0105472c
                                    0x01054738
                                    0x0105473c
                                    0x0105474b
                                    0x01054751
                                    0x01054751
                                    0x00000000
                                    0x0105473c
                                    0x010548f4
                                    0x010548f4
                                    0x00000000
                                    0x010548f4

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                    • API String ID: 0-1357697941
                                    • Opcode ID: 7c99ff07ddb7f88cd04ac2cbd59c1b3bb13f39309a32c2afa2287fb110fcaf01
                                    • Instruction ID: 21f610e8bf061c6eea305cd89b1bea7da41fc638939b6dba679f0dd3c0ae6447
                                    • Opcode Fuzzy Hash: 7c99ff07ddb7f88cd04ac2cbd59c1b3bb13f39309a32c2afa2287fb110fcaf01
                                    • Instruction Fuzzy Hash: 8AF11131600645EFEBA5CB68C480BEBBBF5FF09704F048069E985D7251E774E985CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC8E00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 126timeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 44%
                                    			E00FC8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x108d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1088464; // 0x761c0110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1085780 & 0x00000003) != 0) {
							E01015510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1085780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E00FDB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1087984; // 0xb32af8
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1088464; // 0x761c0110
					 *0x108b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E00FC9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1085780 & 0x00000005) != 0) {
						_push(_t49);
						E01015510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                    0x00fc8e0f
                                    0x00fc8e16
                                    0x00fc8e19
                                    0x00fc8e1b
                                    0x00fc8e21
                                    0x00fc8e7f
                                    0x00fc8e85
                                    0x01009354
                                    0x0100936c
                                    0x01009371
                                    0x0100937b
                                    0x01009381
                                    0x01009381
                                    0x0100937b
                                    0x00fc8e9d
                                    0x00fc8e9d
                                    0x00fc8e29
                                    0x00fc8e2c
                                    0x00fc8e38
                                    0x00fc8e3e
                                    0x00fc8e43
                                    0x00fc8eb5
                                    0x00fc8eb9
                                    0x010092aa
                                    0x010092af
                                    0x010092e8
                                    0x010092e8
                                    0x010092af
                                    0x00fc8eb9
                                    0x00fc8e45
                                    0x00fc8e53
                                    0x00fc8e5b
                                    0x00fc8e5f
                                    0x00fc8e78
                                    0x00fc8e78
                                    0x00fc8e7d
                                    0x00fc8ec3
                                    0x00fc8ecd
                                    0x00fc8ed2
                                    0x00fc8ed2
                                    0x00fc8ec5
                                    0x00fc8ec5
                                    0x00000000
                                    0x00fc8e7d
                                    0x00fc8e67
                                    0x00fc8ea4
                                    0x0100931a
                                    0x00000000
                                    0x00000000
                                    0x01009320
                                    0x00fc8ea4
                                    0x00fc8e70
                                    0x01009325
                                    0x01009340
                                    0x01009345
                                    0x01009345
                                    0x00fc8e76
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000

                                    APIs
                                    Strings
                                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0100932A
                                    • LdrpFindDllActivationContext, xrefs: 01009331, 0100935D
                                    • Querying the active activation context failed with status 0x%08lx, xrefs: 01009357
                                    • minkernel\ntdll\ldrsnap.c, xrefs: 0100933B, 01009367
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: DebugPrintTimes
                                    • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                    • API String ID: 3446177414-3779518884
                                    • Opcode ID: d74102a85129055e15eadc6df378552a3a592aeb4b3cff804fd35453d29e9711
                                    • Instruction ID: dfe152c87e3930d7bb2acf3e762b0a3b5138ed610b873c449f55f8c1ebfcf02b
                                    • Opcode Fuzzy Hash: d74102a85129055e15eadc6df378552a3a592aeb4b3cff804fd35453d29e9711
                                    • Instruction Fuzzy Hash: E4412D32E003179EDB35AAD8C94BF397264AB543A4F05816ED48857191EF71AC81E382
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FBA309 Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 72%
                                    			E00FBA309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x1088a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E00FBA830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E00FBDF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E00F99373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E00F9A9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x1088748 - 1;
						if( *0x1088748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E00F9B150();
								} else {
									E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E00F9B150();
								__eflags =  *0x1087bc8;
								if( *0x1087bc8 == 0) {
									__eflags = 1;
									E01052073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x1088748 - 1;
							if( *0x1088748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E00FC174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E00FB7D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E010514FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E00F99373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E00F99819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x1088748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E00F9B150();
											} else {
												E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E00F9B150();
											_pop(_t491);
											__eflags =  *0x1087bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E01052073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E0105A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E00FBA830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E00FB7D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E00FB7D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E01051411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E00FB7D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E00FB7D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x1088748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E00F9B150();
							} else {
								E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E00F9B150();
							__eflags =  *0x1087bc8;
							if( *0x1087bc8 == 0) {
								__eflags = 0;
								E01052073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x1088748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E00F9B150();
												} else {
													E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E00F9B150();
												__eflags =  *0x1087bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E01052073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E0105A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E00FBA830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E00FBB73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E00FBA830(_t553, _v64, _v24);
								_t286 = E00FB7D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E00FB7D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E01051411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E00FB7D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E00FB7D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E01051411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E00FC174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E00FBB73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E00FB7D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E010514FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E00FB99BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E00FBA830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E00FCABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                    0x00fba309
                                    0x00fba316
                                    0x00fba319
                                    0x00fba31d
                                    0x00fba32d
                                    0x00fba331
                                    0x01001e0d
                                    0x01001e10
                                    0x00fba3cb
                                    0x00fba3cb
                                    0x00fba3bd
                                    0x00fba3c3
                                    0x00fba3c3
                                    0x00fba33a
                                    0x01001e17
                                    0x01001e1b
                                    0x01001e1d
                                    0x01001e2f
                                    0x01001e34
                                    0x01001e36
                                    0x01001e3c
                                    0x01001e3c
                                    0x01001e3c
                                    0x01001e3c
                                    0x01001e36
                                    0x01001e42
                                    0x01001e45
                                    0x01001e47
                                    0x00fba3f8
                                    0x00fba3f8
                                    0x00fba3fb
                                    0x00fba3fd
                                    0x01001e50
                                    0x00fba403
                                    0x00fba411
                                    0x00fba411
                                    0x00fba411
                                    0x00fba41e
                                    0x00fba420
                                    0x00fba424
                                    0x00fba427
                                    0x00fba7c9
                                    0x00fba7cd
                                    0x00fba7d2
                                    0x00fba7d9
                                    0x00fba7e0
                                    0x00fba7e3
                                    0x00fba7ed
                                    0x00fba7f3
                                    0x00fba7f9
                                    0x00fba7ff
                                    0x00fba802
                                    0x00fba807
                                    0x00fba809
                                    0x00fba809
                                    0x00fba809
                                    0x00fba80f
                                    0x00fba80f
                                    0x00fba812
                                    0x00fba81c
                                    0x00fba821
                                    0x00fba824
                                    0x00fba42d
                                    0x00fba42d
                                    0x00fba42d
                                    0x00fba42d
                                    0x00fba42d
                                    0x00fba436
                                    0x00fba43a
                                    0x00fba609
                                    0x00fba60d
                                    0x00fba612
                                    0x00fba616
                                    0x00fba61a
                                    0x01001e57
                                    0x01001e59
                                    0x00000000
                                    0x00000000
                                    0x01001e5f
                                    0x00fba620
                                    0x00fba627
                                    0x01001e64
                                    0x01001e66
                                    0x01001e6c
                                    0x01001e72
                                    0x01001e76
                                    0x01001e95
                                    0x01001e9a
                                    0x01001e78
                                    0x01001e8d
                                    0x01001e92
                                    0x01001ea0
                                    0x01001ea5
                                    0x01001eaa
                                    0x01001eb2
                                    0x01001eb6
                                    0x01001eb9
                                    0x01001eb9
                                    0x01001ebe
                                    0x01001ec2
                                    0x01001ec2
                                    0x01001e66
                                    0x00fba62d
                                    0x00fba633
                                    0x00fba636
                                    0x00fba63a
                                    0x00fba63c
                                    0x00fba640
                                    0x00fba642
                                    0x00fba644
                                    0x00fba644
                                    0x00fba644
                                    0x00fba64d
                                    0x00fba64d
                                    0x00fba651
                                    0x00fba655
                                    0x01001eca
                                    0x01001ed1
                                    0x00000000
                                    0x00000000
                                    0x01001ed7
                                    0x00000000
                                    0x00fba65b
                                    0x00fba669
                                    0x00fba66e
                                    0x00fba670
                                    0x00000000
                                    0x00000000
                                    0x00fba676
                                    0x00fba67b
                                    0x00fba680
                                    0x00fba682
                                    0x01001f1a
                                    0x00fba688
                                    0x00fba688
                                    0x00fba688
                                    0x00fba68a
                                    0x00fba68d
                                    0x01001f24
                                    0x01001f2a
                                    0x01001f31
                                    0x01001f43
                                    0x01001f43
                                    0x01001f31
                                    0x00fba693
                                    0x00fba697
                                    0x00fba69d
                                    0x00fba6a0
                                    0x00fba6a6
                                    0x00fba6a8
                                    0x00fba6a8
                                    0x00fba6a8
                                    0x00fba6a8
                                    0x00fba6b2
                                    0x00fba6b7
                                    0x00fba6c1
                                    0x00fba6c6
                                    0x00fba6d2
                                    0x00fba6d9
                                    0x00fba6e3
                                    0x00fba6e6
                                    0x00fba6eb
                                    0x00fba6ed
                                    0x00fba6ed
                                    0x00fba6ed
                                    0x00fba6ed
                                    0x00fba6f3
                                    0x00fba6f8
                                    0x00fba702
                                    0x00fba70a
                                    0x00fba70e
                                    0x00fba71a
                                    0x00fba71e
                                    0x01001fcb
                                    0x01001fcf
                                    0x01001fdd
                                    0x01001fe3
                                    0x01001fe3
                                    0x00fba724
                                    0x00fba728
                                    0x00fba72a
                                    0x00fba72d
                                    0x00fba737
                                    0x00fba73a
                                    0x00fba73c
                                    0x00fba742
                                    0x00fba748
                                    0x01001f4d
                                    0x01001f50
                                    0x01001f56
                                    0x01001f5c
                                    0x01001f5f
                                    0x01001f7e
                                    0x01001f83
                                    0x01001f61
                                    0x01001f76
                                    0x01001f7b
                                    0x01001f89
                                    0x01001f8e
                                    0x01001f93
                                    0x01001f94
                                    0x01001f9a
                                    0x01001f9c
                                    0x01001f9e
                                    0x01001fa1
                                    0x01001fa1
                                    0x01001fa6
                                    0x01001fa6
                                    0x01001f50
                                    0x00fba74e
                                    0x00fba751
                                    0x00fba754
                                    0x00fba75d
                                    0x00fba75e
                                    0x00fba762
                                    0x00fba767
                                    0x01001faf
                                    0x01001fb0
                                    0x01001fb9
                                    0x01001fbe
                                    0x01001fc2
                                    0x01001fc2
                                    0x00fba76d
                                    0x00fba76d
                                    0x00fba775
                                    0x00fba778
                                    0x00fba77d
                                    0x00fba77d
                                    0x00fba71e
                                    0x00fba782
                                    0x00fba787
                                    0x00fba789
                                    0x01001ff3
                                    0x00fba78f
                                    0x00fba78f
                                    0x00fba78f
                                    0x00fba791
                                    0x00fba794
                                    0x01001ffd
                                    0x01002006
                                    0x0100200c
                                    0x01002017
                                    0x01002019
                                    0x01002024
                                    0x01002024
                                    0x01002024
                                    0x01002047
                                    0x01002047
                                    0x0100200c
                                    0x00fba79a
                                    0x00fba79f
                                    0x00fba7a4
                                    0x00fba7a9
                                    0x00fba7ab
                                    0x0100205a
                                    0x00fba7b1
                                    0x00fba7b1
                                    0x00fba7b1
                                    0x00fba7b3
                                    0x00fba7b6
                                    0x00000000
                                    0x00fba7bc
                                    0x01002066
                                    0x01002068
                                    0x01002073
                                    0x01002073
                                    0x01002073
                                    0x01002078
                                    0x01002079
                                    0x0100207d
                                    0x00000000
                                    0x0100207d
                                    0x00fba7b6
                                    0x00fba440
                                    0x00fba440
                                    0x00fba440
                                    0x00fba446
                                    0x00fba44c
                                    0x00fba44f
                                    0x00fba453
                                    0x00fba455
                                    0x010020b3
                                    0x010020b9
                                    0x010020b9
                                    0x00fba45d
                                    0x00fba460
                                    0x00fba464
                                    0x00fba466
                                    0x00fba46b
                                    0x00fba46f
                                    0x00fba471
                                    0x00fba471
                                    0x00fba471
                                    0x00fba474
                                    0x00fba479
                                    0x00fba47d
                                    0x00fba47f
                                    0x01002229
                                    0x0100222f
                                    0x00fba3c8
                                    0x00fba3c8
                                    0x00fba3ca
                                    0x00fba3ca
                                    0x00000000
                                    0x00fba3ca
                                    0x01002235
                                    0x0100223a
                                    0x0100223a
                                    0x00000000
                                    0x00000000
                                    0x01002240
                                    0x01002246
                                    0x0100224a
                                    0x01002269
                                    0x0100226e
                                    0x0100224c
                                    0x01002261
                                    0x01002266
                                    0x01002274
                                    0x01002279
                                    0x0100227e
                                    0x01002286
                                    0x01002288
                                    0x0100228d
                                    0x0100228d
                                    0x01002292
                                    0x01002292
                                    0x01002295
                                    0x01002295
                                    0x00000000
                                    0x01002295
                                    0x00fba485
                                    0x00fba489
                                    0x00fba48b
                                    0x00fba48f
                                    0x00fba493
                                    0x00fba497
                                    0x00fba49b
                                    0x00fba4bb
                                    0x00fba4bb
                                    0x00fba4bd
                                    0x00fba4ff
                                    0x00fba4ff
                                    0x00fba501
                                    0x00fba505
                                    0x00fba50f
                                    0x00fba517
                                    0x00fba51b
                                    0x00fba527
                                    0x00fba52b
                                    0x01002182
                                    0x01002185
                                    0x01002193
                                    0x01002199
                                    0x01002199
                                    0x00fba531
                                    0x00fba535
                                    0x00fba538
                                    0x00fba548
                                    0x00fba54b
                                    0x00fba54d
                                    0x00fba553
                                    0x00fba559
                                    0x01002100
                                    0x01002103
                                    0x01002109
                                    0x0100210f
                                    0x01002112
                                    0x01002131
                                    0x01002136
                                    0x01002114
                                    0x01002129
                                    0x0100212e
                                    0x0100213c
                                    0x01002141
                                    0x01002147
                                    0x0100214d
                                    0x01002151
                                    0x01002154
                                    0x01002154
                                    0x01002159
                                    0x01002159
                                    0x01002103
                                    0x00fba55f
                                    0x00fba562
                                    0x00fba565
                                    0x00fba567
                                    0x01002162
                                    0x00fba56d
                                    0x00fba574
                                    0x00fba575
                                    0x00fba579
                                    0x00fba57e
                                    0x01002169
                                    0x0100216a
                                    0x01002170
                                    0x01002175
                                    0x01002179
                                    0x01002179
                                    0x00fba57e
                                    0x00fba584
                                    0x00fba58f
                                    0x00fba58f
                                    0x00fba52b
                                    0x00fba5ad
                                    0x00fba5bc
                                    0x00fba5c1
                                    0x00fba5c6
                                    0x00fba5cb
                                    0x00fba5cd
                                    0x010021a9
                                    0x00fba5d3
                                    0x00fba5d3
                                    0x00fba5d3
                                    0x00fba5d5
                                    0x00fba5d8
                                    0x010021b3
                                    0x010021bc
                                    0x010021c2
                                    0x010021cd
                                    0x010021cf
                                    0x010021da
                                    0x010021da
                                    0x010021da
                                    0x010021f7
                                    0x010021f7
                                    0x010021c2
                                    0x00fba5de
                                    0x00fba5e3
                                    0x00fba5e8
                                    0x00fba5ea
                                    0x0100220a
                                    0x00fba5f0
                                    0x00fba5f0
                                    0x00fba5f0
                                    0x00fba5f2
                                    0x00fba5f5
                                    0x01002219
                                    0x0100221b
                                    0x0100208c
                                    0x0100208c
                                    0x0100208c
                                    0x01002095
                                    0x01002096
                                    0x01002097
                                    0x01002098
                                    0x010020a4
                                    0x010020a5
                                    0x010020a9
                                    0x010020a9
                                    0x00000000
                                    0x00fba5f5
                                    0x00fba4bf
                                    0x00fba4d3
                                    0x00fba4d8
                                    0x00fba4da
                                    0x01001ede
                                    0x01001ede
                                    0x01001ee4
                                    0x01001ee9
                                    0x00000000
                                    0x00000000
                                    0x01001f07
                                    0x00000000
                                    0x01001f07
                                    0x00fba4e0
                                    0x00fba4e5
                                    0x00fba4e7
                                    0x010020cb
                                    0x00fba4ed
                                    0x00fba4ed
                                    0x00fba4ed
                                    0x00fba4f2
                                    0x00fba4f5
                                    0x010020d5
                                    0x010020de
                                    0x010020e4
                                    0x010020f6
                                    0x010020f6
                                    0x010020e4
                                    0x00fba4fb
                                    0x00000000
                                    0x00fba4fb
                                    0x00fba4a1
                                    0x00fba4a4
                                    0x00fba4a8
                                    0x00000000
                                    0x00000000
                                    0x00fba4aa
                                    0x00fba4ac
                                    0x00000000
                                    0x00000000
                                    0x00fba4b2
                                    0x00fba4b5
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fba4b5
                                    0x00fba43a
                                    0x00fba340
                                    0x00fba346
                                    0x00fba600
                                    0x00000000
                                    0x00fba600
                                    0x00fba34f
                                    0x00fba351
                                    0x00fba358
                                    0x00fba3c6
                                    0x00000000
                                    0x00fba371
                                    0x00fba37a
                                    0x00fba37f
                                    0x00fba382
                                    0x00fba384
                                    0x00fba394
                                    0x00000000
                                    0x00fba396
                                    0x00fba399
                                    0x00fba3a7
                                    0x00fba3b0
                                    0x00fba3b4
                                    0x00fba3bb
                                    0x00fba3d2
                                    0x00fba3da
                                    0x00fba3df
                                    0x00fba3e1
                                    0x00fba3e5
                                    0x00fba3ea
                                    0x00fba3f0
                                    0x00fba3f0
                                    0x00fba3e1
                                    0x00000000
                                    0x00fba3bb
                                    0x00fba394

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                    • API String ID: 0-523794902
                                    • Opcode ID: e8256b63e0dcbe337b818880b33179663b13219ffb4975d038cc4d1350ac5d66
                                    • Instruction ID: c81505e1502c0e4e316a6b1fc58c797cff2cb82679f3eac53de0d9e79ef46185
                                    • Opcode Fuzzy Hash: e8256b63e0dcbe337b818880b33179663b13219ffb4975d038cc4d1350ac5d66
                                    • Instruction Fuzzy Hash: 9C42E0316087419FD716DF29C884BAABBE5BF88304F18496DF8858B392D738D981DF52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FBB477 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 405COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 67%
                                    			E00FBB477(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				char _v28;
				signed int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t139;
				void* _t141;
				signed int* _t143;
				signed int* _t144;
				intOrPtr* _t147;
				char _t160;
				signed int* _t163;
				signed char* _t164;
				intOrPtr _t165;
				signed int* _t167;
				signed char* _t168;
				intOrPtr _t193;
				intOrPtr* _t195;
				signed int _t203;
				signed int _t209;
				signed int _t211;
				intOrPtr _t214;
				intOrPtr* _t231;
				intOrPtr* _t236;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t240;
				intOrPtr _t241;
				char _t243;
				signed int _t252;
				signed int _t254;
				signed char _t259;
				signed int _t264;
				signed int _t268;
				intOrPtr _t277;
				unsigned int _t279;
				signed int* _t283;
				intOrPtr* _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;

				_v8 =  *0x108d360 ^ _t293;
				_t223 = __edx;
				_v20 = __edx;
				_t291 = __ecx;
				_t276 =  *__edx;
				_t231 = E00FBB8E4( *__edx);
				_t292 = __ecx + 0x8c;
				_v16 = _t231;
				if(_t231 == __ecx + 0x8c) {
					L38:
					_t131 = 0;
					L34:
					return E00FDB640(_t131, _t223, _v8 ^ _t293, _t276, _t291, _t292);
				}
				if( *0x1088748 >= 1) {
					__eflags =  *((intOrPtr*)(_t231 + 0x14)) -  *__edx;
					if(__eflags < 0) {
						_t214 =  *[fs:0x30];
						__eflags =  *(_t214 + 0xc);
						if( *(_t214 + 0xc) == 0) {
							_push("HEAP: ");
							E00F9B150();
						} else {
							E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E00F9B150();
						__eflags =  *0x1087bc8;
						if(__eflags == 0) {
							__eflags = 1;
							E01052073(_t223, 1, _t291, 1);
						}
						_t231 = _v16;
					}
				}
				_t5 = _t231 - 8; // -8
				_t292 = _t5;
				_t134 =  *((intOrPtr*)(_t292 + 6));
				if(_t134 != 0) {
					_t223 = (_t292 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_t223 = _t291;
				}
				_t276 = _v20;
				_v28 =  *((intOrPtr*)(_t231 + 0x10));
				_t139 =  *(_t291 + 0xcc) ^  *0x1088a68;
				_v12 = _t139;
				if(_t139 != 0) {
					 *0x108b1e0(_t291,  &_v28, _t276);
					_t141 = _v12();
					goto L8;
				} else {
					_t203 =  *((intOrPtr*)(_t231 + 0x14));
					_v12 = _t203;
					if(_t203 -  *_t276 <=  *(_t291 + 0x6c) << 3) {
						_t264 = _v12;
						__eflags = _t264 -  *(_t291 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t276 = _t264;
						}
					}
					_t209 =  *(_t291 + 0x40) & 0x00040000;
					asm("sbb ecx, ecx");
					_t268 = ( ~_t209 & 0x0000003c) + 4;
					_v12 = _t268;
					if(_t209 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v48);
						_push(3);
						_push(_t291);
						_push(0xffffffff);
						_t211 = E00FD9730();
						__eflags = _t211;
						if(_t211 < 0) {
							L56:
							_push(_t268);
							_t276 = _t291;
							E0105A80D(_t291, 1, _v44, 0);
							_t268 = 4;
							goto L7;
						}
						__eflags = _v44 & 0x00000060;
						if((_v44 & 0x00000060) == 0) {
							goto L56;
						}
						__eflags = _v48 - _t291;
						if(__eflags != 0) {
							goto L56;
						}
						_t268 = _v12;
					}
					L7:
					_push(_t268);
					_push(0x1000);
					_push(_v20);
					_push(0);
					_push( &_v28);
					_push(0xffffffff);
					_t141 = E00FD9660();
					 *((intOrPtr*)(_t291 + 0x20c)) =  *((intOrPtr*)(_t291 + 0x20c)) + 1;
					L8:
					if(_t141 < 0) {
						 *((intOrPtr*)(_t291 + 0x214)) =  *((intOrPtr*)(_t291 + 0x214)) + 1;
						goto L38;
					}
					_t143 =  *( *[fs:0x30] + 0x50);
					if(_t143 != 0) {
						__eflags =  *_t143;
						if(__eflags == 0) {
							goto L10;
						}
						_t144 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L11:
						if( *_t144 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags != 0) {
								E0105138A(_t223, _t291, _v28,  *_v20, 2);
							}
						}
						if( *((intOrPtr*)(_t291 + 0x4c)) != 0) {
							_t287 =  *(_t291 + 0x50) ^  *_t292;
							 *_t292 = _t287;
							_t259 = _t287 >> 0x00000010 ^ _t287 >> 0x00000008 ^ _t287;
							if(_t287 >> 0x18 != _t259) {
								_push(_t259);
								E0104FA2B(_t223, _t291, _t292, _t291, _t292, __eflags);
							}
						}
						_t147 = _v16 + 8;
						 *((char*)(_t292 + 2)) = 0;
						 *((char*)(_t292 + 7)) = 0;
						_t236 =  *((intOrPtr*)(_t147 + 4));
						_t277 =  *_t147;
						_v24 = _t236;
						_t237 =  *_t236;
						_v12 = _t237;
						_t238 = _v16;
						if(_t237 !=  *((intOrPtr*)(_t277 + 4)) || _v12 != _t147) {
							_push(_t238);
							_push(_v12);
							E0105A80D(0, 0xd, _t147,  *((intOrPtr*)(_t277 + 4)));
							_t238 = _v16;
						} else {
							_t195 = _v24;
							 *_t195 = _t277;
							 *((intOrPtr*)(_t277 + 4)) = _t195;
						}
						if( *(_t238 + 0x14) == 0) {
							L22:
							_t223[0x30] = _t223[0x30] - 1;
							_t223[0x2c] = _t223[0x2c] - ( *(_t238 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t291 + 0x1e8)) =  *((intOrPtr*)(_t291 + 0x1e8)) +  *(_t238 + 0x14);
							 *((intOrPtr*)(_t291 + 0x1fc)) =  *((intOrPtr*)(_t291 + 0x1fc)) + 1;
							 *((intOrPtr*)(_t291 + 0x1f8)) =  *((intOrPtr*)(_t291 + 0x1f8)) - 1;
							_t279 =  *(_t238 + 0x14);
							if(_t279 >= 0x7f000) {
								 *((intOrPtr*)(_t291 + 0x1ec)) =  *((intOrPtr*)(_t291 + 0x1ec)) - _t279;
								_t279 =  *(_t238 + 0x14);
							}
							_t152 = _v20;
							_t240 =  *_v20;
							_v12 = _t240;
							_t241 = _v16;
							if(_t279 <= _t240) {
								__eflags =  *((intOrPtr*)(_t241 + 0x10)) + _t279 - _t223[0x28];
								if( *((intOrPtr*)(_t241 + 0x10)) + _t279 != _t223[0x28]) {
									 *_v20 = _v12 + ( *_t292 & 0x0000ffff) * 8;
									L26:
									_t243 = 0;
									 *((char*)(_t292 + 3)) = 0;
									_t276 = _t223[0x18];
									if(_t223[0x18] != _t223) {
										_t160 = (_t292 - _t223 >> 0x10) + 1;
										_v24 = _t160;
										__eflags = _t160 - 0xfe;
										if(_t160 >= 0xfe) {
											_push(0);
											_push(0);
											E0105A80D(_t276, 3, _t292, _t223);
											_t160 = _v24;
										}
										_t243 = _t160;
									}
									 *((char*)(_t292 + 6)) = _t243;
									_t163 =  *( *[fs:0x30] + 0x50);
									if(_t163 != 0) {
										__eflags =  *_t163;
										if( *_t163 == 0) {
											goto L28;
										}
										_t227 = 0x7ffe0380;
										_t164 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										goto L29;
									} else {
										L28:
										_t227 = 0x7ffe0380;
										_t164 = 0x7ffe0380;
										L29:
										if( *_t164 != 0) {
											_t165 =  *[fs:0x30];
											__eflags =  *(_t165 + 0x240) & 0x00000001;
											if(( *(_t165 + 0x240) & 0x00000001) != 0) {
												__eflags = E00FB7D50();
												if(__eflags != 0) {
													_t227 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t276 = _t292;
												E01051582(_t227, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t227 & 0x000000ff);
											}
										}
										_t223 = 0x7ffe038a;
										_t167 =  *( *[fs:0x30] + 0x50);
										if(_t167 != 0) {
											__eflags =  *_t167;
											if( *_t167 == 0) {
												goto L31;
											}
											_t168 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											goto L32;
										} else {
											L31:
											_t168 = _t223;
											L32:
											if( *_t168 != 0) {
												__eflags = E00FB7D50();
												if(__eflags != 0) {
													_t223 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												}
												_t276 = _t292;
												E01051582(_t223, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t223 & 0x000000ff);
											}
											_t131 = _t292;
											goto L34;
										}
									}
								}
								_t152 = _v20;
							}
							E00FBB73D(_t291, _t223,  *((intOrPtr*)(_t241 + 0x10)) + _v12 + 0xffffffe8, _t279 - _v12, _t292, _t152);
							 *_v20 =  *_v20 << 3;
							goto L26;
						} else {
							_t283 =  *(_t291 + 0xb8);
							if(_t283 != 0) {
								_t190 =  *(_t238 + 0x14) >> 0xc;
								while(1) {
									__eflags = _t190 - _t283[1];
									if(_t190 < _t283[1]) {
										break;
									}
									_t252 =  *_t283;
									__eflags = _t252;
									_v24 = _t252;
									_t238 = _v16;
									if(_t252 == 0) {
										_t190 = _t283[1] - 1;
										__eflags = _t283[1] - 1;
										L70:
										E00FBBC04(_t291, _t283, 0, _t238, _t190,  *(_t238 + 0x14));
										_t238 = _v16;
										goto L19;
									}
									_t283 = _v24;
								}
								goto L70;
							}
							L19:
							_t193 =  *_t238;
							_t284 =  *((intOrPtr*)(_t238 + 4));
							_t254 =  *((intOrPtr*)(_t193 + 4));
							_v24 = _t254;
							_t238 = _v16;
							if( *_t284 != _t254 ||  *_t284 != _t238) {
								_push(_t238);
								_push( *_t284);
								E0105A80D(0, 0xd, _t238, _v24);
								_t238 = _v16;
							} else {
								 *_t284 = _t193;
								 *((intOrPtr*)(_t193 + 4)) = _t284;
							}
							goto L22;
						}
					}
					L10:
					_t144 = 0x7ffe0380;
					goto L11;
				}
			}





















































                                    0x00fbb486
                                    0x00fbb48a
                                    0x00fbb48e
                                    0x00fbb491
                                    0x00fbb493
                                    0x00fbb49a
                                    0x00fbb49c
                                    0x00fbb4a2
                                    0x00fbb4a7
                                    0x00fbb6fc
                                    0x00fbb6fc
                                    0x00fbb6b3
                                    0x00fbb6c3
                                    0x00fbb6c3
                                    0x00fbb4b4
                                    0x0100294f
                                    0x01002951
                                    0x01002957
                                    0x0100295d
                                    0x01002961
                                    0x01002980
                                    0x01002985
                                    0x01002963
                                    0x01002978
                                    0x0100297d
                                    0x0100298b
                                    0x01002990
                                    0x01002995
                                    0x0100299d
                                    0x010029a1
                                    0x010029a2
                                    0x010029a2
                                    0x010029a7
                                    0x010029a7
                                    0x01002951
                                    0x00fbb4ba
                                    0x00fbb4ba
                                    0x00fbb4bd
                                    0x00fbb4c2
                                    0x00fbb6d4
                                    0x00fbb4c8
                                    0x00fbb4c8
                                    0x00fbb4c8
                                    0x00fbb4cd
                                    0x00fbb4d0
                                    0x00fbb4d9
                                    0x00fbb4df
                                    0x00fbb4e2
                                    0x010029b7
                                    0x010029bd
                                    0x00000000
                                    0x00fbb4e8
                                    0x00fbb4e8
                                    0x00fbb4ef
                                    0x00fbb4fa
                                    0x00fbb703
                                    0x00fbb709
                                    0x00fbb70b
                                    0x00fbb711
                                    0x00fbb711
                                    0x00fbb70b
                                    0x00fbb503
                                    0x00fbb50c
                                    0x00fbb511
                                    0x00fbb514
                                    0x00fbb519
                                    0x010029c5
                                    0x010029c7
                                    0x010029cc
                                    0x010029cd
                                    0x010029cf
                                    0x010029d0
                                    0x010029d2
                                    0x010029d7
                                    0x010029d9
                                    0x010029ee
                                    0x010029ee
                                    0x010029f4
                                    0x010029fa
                                    0x01002a01
                                    0x00000000
                                    0x01002a01
                                    0x010029db
                                    0x010029df
                                    0x00000000
                                    0x00000000
                                    0x010029e1
                                    0x010029e4
                                    0x00000000
                                    0x00000000
                                    0x010029e6
                                    0x010029e6
                                    0x00fbb51f
                                    0x00fbb51f
                                    0x00fbb520
                                    0x00fbb525
                                    0x00fbb52b
                                    0x00fbb52d
                                    0x00fbb52e
                                    0x00fbb530
                                    0x00fbb535
                                    0x00fbb53b
                                    0x00fbb53d
                                    0x01002a07
                                    0x00000000
                                    0x01002a07
                                    0x00fbb549
                                    0x00fbb54e
                                    0x01002a12
                                    0x01002a15
                                    0x00000000
                                    0x00000000
                                    0x01002a24
                                    0x00fbb559
                                    0x00fbb55c
                                    0x01002a34
                                    0x01002a3b
                                    0x01002a4d
                                    0x01002a4d
                                    0x01002a3b
                                    0x00fbb566
                                    0x00fbb56b
                                    0x00fbb56f
                                    0x00fbb57b
                                    0x00fbb582
                                    0x01002a57
                                    0x01002a5c
                                    0x01002a5c
                                    0x00fbb582
                                    0x00fbb58b
                                    0x00fbb58e
                                    0x00fbb592
                                    0x00fbb596
                                    0x00fbb599
                                    0x00fbb59b
                                    0x00fbb59e
                                    0x00fbb5a3
                                    0x00fbb5a6
                                    0x00fbb5a9
                                    0x01002a66
                                    0x01002a67
                                    0x01002a73
                                    0x01002a78
                                    0x00fbb5b8
                                    0x00fbb5b8
                                    0x00fbb5bb
                                    0x00fbb5bd
                                    0x00fbb5bd
                                    0x00fbb5c4
                                    0x00fbb5f7
                                    0x00fbb5f7
                                    0x00fbb600
                                    0x00fbb606
                                    0x00fbb60c
                                    0x00fbb612
                                    0x00fbb618
                                    0x00fbb621
                                    0x00fbb623
                                    0x00fbb629
                                    0x00fbb629
                                    0x00fbb62c
                                    0x00fbb62f
                                    0x00fbb633
                                    0x00fbb636
                                    0x00fbb639
                                    0x00fbb71d
                                    0x00fbb720
                                    0x00fbb736
                                    0x00fbb660
                                    0x00fbb660
                                    0x00fbb662
                                    0x00fbb665
                                    0x00fbb66a
                                    0x00fbb6e6
                                    0x00fbb6e7
                                    0x00fbb6ea
                                    0x00fbb6ef
                                    0x01002ad1
                                    0x01002ad2
                                    0x01002ad8
                                    0x01002add
                                    0x01002add
                                    0x00fbb6f5
                                    0x00fbb6f5
                                    0x00fbb672
                                    0x00fbb675
                                    0x00fbb67a
                                    0x01002ae5
                                    0x01002ae8
                                    0x00000000
                                    0x00000000
                                    0x01002af4
                                    0x01002afc
                                    0x00000000
                                    0x00fbb680
                                    0x00fbb680
                                    0x00fbb680
                                    0x00fbb685
                                    0x00fbb687
                                    0x00fbb68a
                                    0x01002b06
                                    0x01002b0c
                                    0x01002b13
                                    0x01002b1e
                                    0x01002b20
                                    0x01002b2b
                                    0x01002b2b
                                    0x01002b2b
                                    0x01002b34
                                    0x01002b45
                                    0x01002b45
                                    0x01002b13
                                    0x00fbb696
                                    0x00fbb69b
                                    0x00fbb6a0
                                    0x01002b4f
                                    0x01002b52
                                    0x00000000
                                    0x00000000
                                    0x01002b61
                                    0x00000000
                                    0x00fbb6a6
                                    0x00fbb6a6
                                    0x00fbb6a6
                                    0x00fbb6a8
                                    0x00fbb6ab
                                    0x01002b70
                                    0x01002b72
                                    0x01002b7d
                                    0x01002b7d
                                    0x01002b7d
                                    0x01002b86
                                    0x01002b97
                                    0x01002b97
                                    0x00fbb6b1
                                    0x00000000
                                    0x00fbb6b1
                                    0x00fbb6a0
                                    0x00fbb67a
                                    0x00fbb722
                                    0x00fbb722
                                    0x00fbb655
                                    0x00fbb65d
                                    0x00000000
                                    0x00fbb5c6
                                    0x00fbb5c6
                                    0x00fbb5ce
                                    0x01002a83
                                    0x01002a97
                                    0x01002a97
                                    0x01002a9a
                                    0x00000000
                                    0x00000000
                                    0x01002a88
                                    0x01002a8a
                                    0x01002a8c
                                    0x01002a8f
                                    0x01002a92
                                    0x01002aa1
                                    0x01002aa1
                                    0x01002aa2
                                    0x01002aab
                                    0x01002ab0
                                    0x00000000
                                    0x01002ab0
                                    0x01002a94
                                    0x01002a94
                                    0x00000000
                                    0x01002a9c
                                    0x00fbb5d4
                                    0x00fbb5d4
                                    0x00fbb5d6
                                    0x00fbb5d9
                                    0x00fbb5de
                                    0x00fbb5e1
                                    0x00fbb5e4
                                    0x01002ab8
                                    0x01002ab9
                                    0x01002ac4
                                    0x01002ac9
                                    0x00fbb5f2
                                    0x00fbb5f2
                                    0x00fbb5f4
                                    0x00fbb5f4
                                    0x00000000
                                    0x00fbb5e4
                                    0x00fbb5c4
                                    0x00fbb554
                                    0x00fbb554
                                    0x00000000
                                    0x00fbb554

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                    • API String ID: 0-4253913091
                                    • Opcode ID: c3a0dd14b18b0ae949d87f63e81689a11947e051354444c85af6c7c7fe9fc4bd
                                    • Instruction ID: d1a2f89605ad602d516f795edda826daf30e60d4b8def664a2df1a882ef9d2a7
                                    • Opcode Fuzzy Hash: c3a0dd14b18b0ae949d87f63e81689a11947e051354444c85af6c7c7fe9fc4bd
                                    • Instruction Fuzzy Hash: 0CE19D71A00205DFEB2ACF69C894BBAB7B5FB44300F244199E4469B391D774ED81DF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FA3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 96%
                                    			E00FA3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E00FA1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E00FA1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E00FA1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E00FA1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E00FA1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L00FB4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E00FDF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E00FE1370(_t276, 0xf74e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E00FDBB40(0,  &_v68, _t170);
									if(L00FA43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E00FDBB40(_t257,  &_v68, _t243);
								if(L00FA43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E00FE1370(_t278, 0xf74e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L00FB4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E00FDF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E00FE1370(_v16, 0xf74e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E00FDBB40(_t262,  &_v68, _t244);
								if(L00FA43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E00FE1370(_t282, 0xf74e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E00FDBB40(_t262,  &_v68, _t201);
							if(L00FA43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L00FB4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E00FDF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E00FE1370(_t280, 0xf74e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E00FDBB40(_t267,  &_v68, _t245);
							if(L00FA43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E00FE1370(_t284, 0xf74e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E00FDBB40(_t267,  &_v68, _t224);
						if(L00FA43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                    0x00fa3d3c
                                    0x00fa3d42
                                    0x00fa3d44
                                    0x00fa3d46
                                    0x00fa3d49
                                    0x00fa3d4c
                                    0x00fa3d4f
                                    0x00fa3d52
                                    0x00fa3d55
                                    0x00fa3d58
                                    0x00fa3d5b
                                    0x00fa3d5f
                                    0x00fa3d61
                                    0x00fa3d66
                                    0x00ff8213
                                    0x00ff8218
                                    0x00fa4085
                                    0x00fa4088
                                    0x00fa408e
                                    0x00fa4094
                                    0x00fa409a
                                    0x00fa40a0
                                    0x00fa40a6
                                    0x00fa40a9
                                    0x00fa40af
                                    0x00fa40b6
                                    0x00fa40bd
                                    0x00fa40bd
                                    0x00fa3d83
                                    0x00ff821f
                                    0x00ff8229
                                    0x00ff8238
                                    0x00ff8238
                                    0x00ff823d
                                    0x00ff823d
                                    0x00fa3da0
                                    0x00fa3daf
                                    0x00fa3db5
                                    0x00fa3dba
                                    0x00fa3dba
                                    0x00fa3dd4
                                    0x00fa3e94
                                    0x00fa3eab
                                    0x00fa3f6d
                                    0x00fa3f84
                                    0x00fa406b
                                    0x00fa406b
                                    0x00fa406e
                                    0x00fa406e
                                    0x00fa4070
                                    0x00fa4074
                                    0x00ff8351
                                    0x00ff8351
                                    0x00fa407a
                                    0x00fa407f
                                    0x00ff835d
                                    0x00ff8370
                                    0x00ff8377
                                    0x00ff8379
                                    0x00ff837c
                                    0x00ff837c
                                    0x00ff835d
                                    0x00000000
                                    0x00fa407f
                                    0x00fa3f8a
                                    0x00fa3f8d
                                    0x00fa3f90
                                    0x00fa3f95
                                    0x00ff830d
                                    0x00ff830f
                                    0x00fa3f9b
                                    0x00fa3fac
                                    0x00fa3fae
                                    0x00fa3fb1
                                    0x00fa3fb1
                                    0x00fa3fb6
                                    0x00ff8317
                                    0x00ff831a
                                    0x00000000
                                    0x00fa3fbc
                                    0x00fa3fc1
                                    0x00fa3fc9
                                    0x00fa3fd7
                                    0x00fa3fda
                                    0x00fa3fdd
                                    0x00fa4021
                                    0x00fa4021
                                    0x00fa4029
                                    0x00fa4030
                                    0x00fa4044
                                    0x00fa4046
                                    0x00fa4046
                                    0x00fa4044
                                    0x00fa4049
                                    0x00ff8327
                                    0x00ff8334
                                    0x00ff8339
                                    0x00ff833c
                                    0x00fa404f
                                    0x00fa404f
                                    0x00fa404f
                                    0x00fa4051
                                    0x00fa4056
                                    0x00fa4063
                                    0x00fa4063
                                    0x00fa4068
                                    0x00000000
                                    0x00fa4068
                                    0x00fa3fdf
                                    0x00fa3fe2
                                    0x00fa3fe4
                                    0x00fa3fe7
                                    0x00fa3fef
                                    0x00fa4003
                                    0x00fa4005
                                    0x00fa4005
                                    0x00fa400c
                                    0x00fa4013
                                    0x00fa4016
                                    0x00fa4017
                                    0x00fa401b
                                    0x00fa401e
                                    0x00000000
                                    0x00fa401e
                                    0x00fa3fb6
                                    0x00fa3eb1
                                    0x00fa3eb4
                                    0x00fa3eb7
                                    0x00fa3ebc
                                    0x00ff82a9
                                    0x00ff82ab
                                    0x00fa3ec2
                                    0x00fa3ed3
                                    0x00fa3ed5
                                    0x00fa3ed8
                                    0x00fa3ed8
                                    0x00fa3edd
                                    0x00ff82b3
                                    0x00ff82b6
                                    0x00000000
                                    0x00fa3ee3
                                    0x00fa3ee8
                                    0x00fa3eed
                                    0x00fa3ef0
                                    0x00fa3ef3
                                    0x00fa3f02
                                    0x00fa3f05
                                    0x00fa3f08
                                    0x00ff82c0
                                    0x00ff82c3
                                    0x00ff82c5
                                    0x00ff82c8
                                    0x00ff82d0
                                    0x00ff82e4
                                    0x00ff82e6
                                    0x00ff82e6
                                    0x00ff82ed
                                    0x00ff82f4
                                    0x00ff82f7
                                    0x00ff82f8
                                    0x00ff82fc
                                    0x00ff82ff
                                    0x00ff82ff
                                    0x00fa3f0e
                                    0x00fa3f11
                                    0x00fa3f16
                                    0x00fa3f1d
                                    0x00fa3f31
                                    0x00ff8307
                                    0x00ff8307
                                    0x00fa3f31
                                    0x00fa3f39
                                    0x00fa3f48
                                    0x00fa3f4d
                                    0x00fa3f50
                                    0x00fa3f50
                                    0x00fa3f53
                                    0x00fa3f58
                                    0x00fa3f65
                                    0x00fa3f65
                                    0x00fa3f6a
                                    0x00000000
                                    0x00fa3f6a
                                    0x00fa3edd
                                    0x00fa3dda
                                    0x00fa3ddd
                                    0x00fa3de0
                                    0x00fa3de5
                                    0x00ff8245
                                    0x00fa3deb
                                    0x00fa3df7
                                    0x00fa3dfc
                                    0x00fa3dfe
                                    0x00fa3e01
                                    0x00fa3e01
                                    0x00fa3e06
                                    0x00ff824d
                                    0x00ff824f
                                    0x00ff8254
                                    0x00000000
                                    0x00fa3e0c
                                    0x00fa3e11
                                    0x00fa3e16
                                    0x00fa3e19
                                    0x00fa3e29
                                    0x00fa3e2c
                                    0x00fa3e2f
                                    0x00ff825c
                                    0x00ff825f
                                    0x00ff8261
                                    0x00ff8264
                                    0x00ff826c
                                    0x00ff8280
                                    0x00ff8282
                                    0x00ff8282
                                    0x00ff8289
                                    0x00ff8290
                                    0x00ff8293
                                    0x00ff8294
                                    0x00ff8298
                                    0x00ff829b
                                    0x00ff829b
                                    0x00fa3e35
                                    0x00fa3e38
                                    0x00fa3e3d
                                    0x00fa3e44
                                    0x00fa3e58
                                    0x00ff82a3
                                    0x00ff82a3
                                    0x00fa3e58
                                    0x00fa3e60
                                    0x00fa3e6f
                                    0x00fa3e74
                                    0x00fa3e77
                                    0x00fa3e77
                                    0x00fa3e7a
                                    0x00fa3e7f
                                    0x00fa3e8c
                                    0x00fa3e8c
                                    0x00fa3e91
                                    0x00000000
                                    0x00fa3e91

                                    Strings
                                    • Kernel-MUI-Language-SKU, xrefs: 00FA3F70
                                    • Kernel-MUI-Language-Allowed, xrefs: 00FA3DC0
                                    • WindowsExcludedProcs, xrefs: 00FA3D6F
                                    • Kernel-MUI-Number-Allowed, xrefs: 00FA3D8C
                                    • Kernel-MUI-Language-Disallowed, xrefs: 00FA3E97
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                    • API String ID: 0-258546922
                                    • Opcode ID: 809785ebed0a1ad43e336a6d50dc9c9939e3939138f103c45feac28695f148ca
                                    • Instruction ID: 3876a627f3bfa6aaf563c21a24cc8f35136c8920c3cf58297af2830cce89a305
                                    • Opcode Fuzzy Hash: 809785ebed0a1ad43e336a6d50dc9c9939e3939138f103c45feac28695f148ca
                                    • Instruction Fuzzy Hash: 35F16DB2D00258EFCB11DF98C980AEEBBB9FF49750F15406AE505A7211D774AE01EB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0106E824 Relevance: 6.5, APIs: 4, Instructions: 493timeCOMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 50%
                                    			E0106E824(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t179;
				unsigned int _t202;
				signed char _t207;
				signed char _t210;
				signed int _t230;
				void* _t244;
				unsigned int _t247;
				signed int _t288;
				signed int _t289;
				signed int _t291;
				signed char _t293;
				signed char _t295;
				signed char _t298;
				intOrPtr* _t303;
				signed int _t310;
				signed char _t316;
				signed int _t319;
				signed char _t323;
				signed char _t330;
				signed int _t334;
				signed int _t337;
				signed int _t341;
				signed char _t345;
				signed char _t347;
				signed int _t353;
				signed char _t354;
				void* _t383;
				signed char _t385;
				signed char _t386;
				unsigned int _t392;
				signed int _t393;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t401;
				unsigned int _t403;
				void* _t404;
				unsigned int _t405;
				signed int _t406;
				signed char _t412;
				unsigned int _t413;
				unsigned int _t418;
				void* _t419;
				void* _t420;
				void* _t421;
				void* _t422;
				void* _t423;
				signed char* _t425;
				signed int _t426;
				signed int _t428;
				unsigned int _t430;
				signed int _t431;
				signed int _t433;

				_v8 =  *0x108d360 ^ _t433;
				_v40 = __ecx;
				_v16 = __edx;
				_t289 = 0x4cb2f;
				_t425 = __edx[1];
				_t403 =  *__edx << 2;
				if(_t403 < 8) {
					L3:
					_t404 = _t403 - 1;
					if(_t404 == 0) {
						L16:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						L17:
						_t426 = _v40;
						_v20 = _t426 + 0x1c;
						_t177 = L00FBFAD0(_t426 + 0x1c);
						_t385 = 0;
						while(1) {
							L18:
							_t405 =  *(_t426 + 4);
							_t179 = (_t177 | 0xffffffff) << (_t405 & 0x0000001f);
							_t316 = _t289 & _t179;
							_v24 = _t179;
							_v32 = _t316;
							_v12 = _t316 >> 0x18;
							_v36 = _t316 >> 0x10;
							_v28 = _t316 >> 8;
							if(_t385 != 0) {
								goto L21;
							}
							_t418 = _t405 >> 5;
							if(_t418 == 0) {
								_t406 = 0;
								L31:
								if(_t406 == 0) {
									L35:
									E00FBFA00(_t289, _t316, _t406, _t426 + 0x1c);
									 *0x108b1e0(0xc +  *_v16 * 4,  *((intOrPtr*)(_t426 + 0x28)));
									_t319 =  *((intOrPtr*)( *((intOrPtr*)(_t426 + 0x20))))();
									_v36 = _t319;
									if(_t319 != 0) {
										asm("stosd");
										asm("stosd");
										asm("stosd");
										_t408 = _v16;
										 *(_t319 + 8) =  *(_t319 + 8) & 0xff000001 | 0x00000001;
										 *((char*)(_t319 + 0xb)) =  *_v16;
										 *(_t319 + 4) = _t289;
										_t53 = _t319 + 0xc; // 0xc
										E00FB2280(E00FDF3E0(_t53,  *((intOrPtr*)(_v16 + 4)),  *_v16 << 2), _v20);
										_t428 = _v40;
										_t386 = 0;
										while(1) {
											L38:
											_t202 =  *(_t428 + 4);
											_v16 = _v16 | 0xffffffff;
											_v16 = _v16 << (_t202 & 0x0000001f);
											_t323 = _v16 & _t289;
											_v20 = _t323;
											_v20 = _v20 >> 0x18;
											_v28 = _t323;
											_v28 = _v28 >> 0x10;
											_v12 = _t323;
											_v12 = _v12 >> 8;
											_v32 = _t323;
											if(_t386 != 0) {
												goto L41;
											}
											_t247 = _t202 >> 5;
											_v24 = _t247;
											if(_t247 == 0) {
												_t412 = 0;
												L50:
												if(_t412 == 0) {
													L53:
													_t291 =  *(_t428 + 4);
													_v28 =  *((intOrPtr*)(_t428 + 0x28));
													_v44 =  *(_t428 + 0x24);
													_v32 =  *((intOrPtr*)(_t428 + 0x20));
													_t207 = _t291 >> 5;
													if( *_t428 < _t207 + _t207) {
														L74:
														_t430 = _t291 >> 5;
														_t293 = _v36;
														_t210 = (_t207 | 0xffffffff) << (_t291 & 0x0000001f) &  *(_t293 + 4);
														_v44 = _t210;
														_t159 = _t430 - 1; // 0xffffffdf
														_t428 = _v40;
														_t330 =  *(_t428 + 8);
														_t386 = _t159 & (_v44 >> 0x00000018) + ((_v44 >> 0x00000010 & 0x000000ff) + ((_t210 >> 0x00000008 & 0x000000ff) + ((_t210 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
														_t412 = _t293;
														 *_t293 =  *(_t330 + _t386 * 4);
														 *(_t330 + _t386 * 4) = _t293;
														 *_t428 =  *_t428 + 1;
														_t289 = 0;
														L75:
														E00FAFFB0(_t289, _t412, _t428 + 0x1c);
														if(_t289 != 0) {
															_t428 =  *(_t428 + 0x24);
															 *0x108b1e0(_t289,  *((intOrPtr*)(_t428 + 0x28)));
															 *_t428();
														}
														L77:
														return E00FDB640(_t412, _t289, _v8 ^ _t433, _t386, _t412, _t428);
													}
													_t334 = 2;
													_t207 = E00FCF3D5( &_v24, _t207 * _t334, _t207 * _t334 >> 0x20);
													if(_t207 < 0) {
														goto L74;
													}
													_t413 = _v24;
													if(_t413 < 4) {
														_t413 = 4;
													}
													 *0x108b1e0(_t413 << 2, _v28);
													_t207 =  *_v32();
													_t386 = _t207;
													_v16 = _t386;
													if(_t386 == 0) {
														_t291 =  *(_t428 + 4);
														if(_t291 >= 0x20) {
															goto L74;
														}
														_t289 = _v36;
														_t412 = 0;
														goto L75;
													} else {
														_t108 = _t413 - 1; // 0x3
														_t337 = _t108;
														if((_t413 & _t337) == 0) {
															L62:
															if(_t413 > 0x4000000) {
																_t413 = 0x4000000;
															}
															_t295 = _t386;
															_v24 = _v24 & 0x00000000;
															_t392 = _t413 << 2;
															_t230 = _t428 | 0x00000001;
															_t393 = _t392 >> 2;
															asm("sbb ecx, ecx");
															_t341 =  !(_v16 + _t392) & _t393;
															if(_t341 <= 0) {
																L67:
																_t395 = (_t393 | 0xffffffff) << ( *(_t428 + 4) & 0x0000001f);
																_v32 = _t395;
																_v20 = 0;
																if(( *(_t428 + 4) & 0xffffffe0) <= 0) {
																	L72:
																	_t345 =  *(_t428 + 8);
																	_t207 = _v16;
																	_t291 =  *(_t428 + 4) & 0x0000001f | _t413 << 0x00000005;
																	 *(_t428 + 8) = _t207;
																	 *(_t428 + 4) = _t291;
																	if(_t345 != 0) {
																		 *0x108b1e0(_t345, _v28);
																		_t207 =  *_v44();
																		_t291 =  *(_t428 + 4);
																	}
																	goto L74;
																} else {
																	goto L68;
																}
																do {
																	L68:
																	_t298 =  *(_t428 + 8);
																	_t431 = _v20;
																	_v12 = _t298;
																	while(1) {
																		_t347 =  *(_t298 + _t431 * 4);
																		_v24 = _t347;
																		if((_t347 & 0x00000001) != 0) {
																			goto L71;
																		}
																		 *(_t298 + _t431 * 4) =  *_t347;
																		_t300 =  *(_t347 + 4) & _t395;
																		_t398 = _v16;
																		_t353 = _t413 - 0x00000001 & (( *(_t347 + 4) & _t395) >> 0x00000018) + ((( *(_t347 + 4) & _t395) >> 0x00000010 & 0x000000ff) + ((( *(_t347 + 4) & _t395) >> 0x00000008 & 0x000000ff) + ((_t300 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																		_t303 = _v24;
																		 *_t303 =  *((intOrPtr*)(_t398 + _t353 * 4));
																		 *((intOrPtr*)(_t398 + _t353 * 4)) = _t303;
																		_t395 = _v32;
																		_t298 = _v12;
																	}
																	L71:
																	_v20 = _t431 + 1;
																	_t428 = _v40;
																} while (_v20 <  *(_t428 + 4) >> 5);
																goto L72;
															} else {
																_t399 = _v24;
																do {
																	_t399 = _t399 + 1;
																	 *_t295 = _t230;
																	_t295 = _t295 + 4;
																} while (_t399 < _t341);
																goto L67;
															}
														}
														_t354 = _t337 | 0xffffffff;
														if(_t413 == 0) {
															L61:
															_t413 = 1 << _t354;
															goto L62;
														} else {
															goto L60;
														}
														do {
															L60:
															_t354 = _t354 + 1;
															_t413 = _t413 >> 1;
														} while (_t413 != 0);
														goto L61;
													}
												}
												_t89 = _t412 + 8; // 0x8
												_t244 = E0106E7A8(_t89);
												_t289 = _v36;
												if(_t244 == 0) {
													_t412 = 0;
												}
												goto L75;
											}
											_t386 =  *(_t428 + 8) + (_v24 - 0x00000001 & (_v20 & 0x000000ff) + 0x164b2f3f + (((_t323 & 0x000000ff) * 0x00000025 + (_v12 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
											_t323 = _v32;
											while(1) {
												L41:
												_t386 =  *_t386;
												_v12 = _t386;
												if((_t386 & 0x00000001) != 0) {
													break;
												}
												if(_t323 == ( *(_t386 + 4) & _v16)) {
													L45:
													if(_t386 == 0) {
														goto L53;
													}
													if(E0106E7EB(_t386, _t408) != 0) {
														_t412 = _v12;
														goto L50;
													}
													_t386 = _v12;
													goto L38;
												}
											}
											_t386 = 0;
											_v12 = 0;
											goto L45;
										}
									}
									_t412 = 0;
									goto L77;
								}
								_t38 = _t406 + 8; // 0x8
								_t364 = _t38;
								if(E0106E7A8(_t38) == 0) {
									_t406 = 0;
								}
								E00FBFA00(_t289, _t364, _t406, _v20);
								goto L77;
							}
							_t24 = _t418 - 1; // -1
							_t385 =  *((intOrPtr*)(_t426 + 8)) + (_t24 & (_v12 & 0x000000ff) + 0x164b2f3f + (((_t316 & 0x000000ff) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025 + (_v36 & 0x000000ff)) * 0x00000025) * 4;
							_t316 = _v32;
							L21:
							_t406 = _v24;
							while(1) {
								_t385 =  *_t385;
								_v12 = _t385;
								if((_t385 & 0x00000001) != 0) {
									break;
								}
								if(_t316 == ( *(_t385 + 4) & _t406)) {
									L26:
									if(_t385 == 0) {
										goto L35;
									}
									_t177 = E0106E7EB(_t385, _v16);
									if(_t177 != 0) {
										_t406 = _v12;
										goto L31;
									}
									_t385 = _v12;
									goto L18;
								}
							}
							_t385 = 0;
							_v12 = 0;
							goto L26;
						}
					}
					_t419 = _t404 - 1;
					if(_t419 == 0) {
						L15:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L16;
					}
					_t420 = _t419 - 1;
					if(_t420 == 0) {
						L14:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L15;
					}
					_t421 = _t420 - 1;
					if(_t421 == 0) {
						L13:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L14;
					}
					_t422 = _t421 - 1;
					if(_t422 == 0) {
						L12:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L13;
					}
					_t423 = _t422 - 1;
					if(_t423 == 0) {
						L11:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L12;
					}
					if(_t423 != 1) {
						goto L17;
					} else {
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L11;
					}
				} else {
					_t401 = _t403 >> 3;
					_t403 = _t403 + _t401 * 0xfffffff8;
					do {
						_t383 = ((((((_t425[1] & 0x000000ff) * 0x25 + (_t425[2] & 0x000000ff)) * 0x25 + (_t425[3] & 0x000000ff)) * 0x25 + (_t425[4] & 0x000000ff)) * 0x25 + (_t425[5] & 0x000000ff)) * 0x25 + (_t425[6] & 0x000000ff)) * 0x25 - _t289 * 0x2fe8ed1f;
						_t310 = ( *_t425 & 0x000000ff) * 0x1a617d0d;
						_t288 = _t425[7] & 0x000000ff;
						_t425 =  &(_t425[8]);
						_t289 = _t310 + _t383 + _t288;
						_t401 = _t401 - 1;
					} while (_t401 != 0);
					goto L3;
				}
			}






































































                                    0x0106e833
                                    0x0106e839
                                    0x0106e83e
                                    0x0106e841
                                    0x0106e848
                                    0x0106e84b
                                    0x0106e851
                                    0x0106e8b2
                                    0x0106e8b2
                                    0x0106e8b5
                                    0x0106e90b
                                    0x0106e911
                                    0x0106e913
                                    0x0106e913
                                    0x0106e91a
                                    0x0106e91d
                                    0x0106e922
                                    0x0106e924
                                    0x0106e924
                                    0x0106e924
                                    0x0106e92f
                                    0x0106e933
                                    0x0106e935
                                    0x0106e93a
                                    0x0106e940
                                    0x0106e948
                                    0x0106e950
                                    0x0106e955
                                    0x00000000
                                    0x00000000
                                    0x0106e957
                                    0x0106e95c
                                    0x0106e9cb
                                    0x0106e9d2
                                    0x0106e9d4
                                    0x0106e9f2
                                    0x0106e9f6
                                    0x0106ea10
                                    0x0106ea18
                                    0x0106ea1a
                                    0x0106ea1f
                                    0x0106ea2c
                                    0x0106ea2d
                                    0x0106ea2e
                                    0x0106ea32
                                    0x0106ea3d
                                    0x0106ea42
                                    0x0106ea45
                                    0x0106ea51
                                    0x0106ea60
                                    0x0106ea65
                                    0x0106ea68
                                    0x0106ea6a
                                    0x0106ea6a
                                    0x0106ea6a
                                    0x0106ea6f
                                    0x0106ea76
                                    0x0106ea7c
                                    0x0106ea7e
                                    0x0106ea81
                                    0x0106ea85
                                    0x0106ea88
                                    0x0106ea8c
                                    0x0106ea8f
                                    0x0106ea93
                                    0x0106ea98
                                    0x00000000
                                    0x00000000
                                    0x0106ea9a
                                    0x0106ea9d
                                    0x0106eaa2
                                    0x0106eb0e
                                    0x0106eb15
                                    0x0106eb17
                                    0x0106eb33
                                    0x0106eb36
                                    0x0106eb39
                                    0x0106eb3f
                                    0x0106eb45
                                    0x0106eb4a
                                    0x0106eb52
                                    0x0106ecb1
                                    0x0106ecb9
                                    0x0106ecbe
                                    0x0106ecc3
                                    0x0106ecc6
                                    0x0106eceb
                                    0x0106ecee
                                    0x0106ecf9
                                    0x0106ecfe
                                    0x0106ed00
                                    0x0106ed05
                                    0x0106ed07
                                    0x0106ed0a
                                    0x0106ed0c
                                    0x0106ed0e
                                    0x0106ed12
                                    0x0106ed19
                                    0x0106ed1e
                                    0x0106ed24
                                    0x0106ed2a
                                    0x0106ed2a
                                    0x0106ed2c
                                    0x0106ed3e
                                    0x0106ed3e
                                    0x0106eb5a
                                    0x0106eb62
                                    0x0106eb69
                                    0x00000000
                                    0x00000000
                                    0x0106eb6f
                                    0x0106eb75
                                    0x0106eb79
                                    0x0106eb79
                                    0x0106eb88
                                    0x0106eb8e
                                    0x0106eb90
                                    0x0106eb92
                                    0x0106eb97
                                    0x0106ed3f
                                    0x0106ed45
                                    0x00000000
                                    0x00000000
                                    0x0106ed4b
                                    0x0106ed4e
                                    0x00000000
                                    0x0106eb9d
                                    0x0106eb9d
                                    0x0106eb9d
                                    0x0106eba2
                                    0x0106ebb5
                                    0x0106ebbc
                                    0x0106ebbe
                                    0x0106ebbe
                                    0x0106ebc3
                                    0x0106ebc5
                                    0x0106ebcb
                                    0x0106ebd2
                                    0x0106ebd5
                                    0x0106ebdb
                                    0x0106ebdf
                                    0x0106ebe1
                                    0x0106ebf0
                                    0x0106ebf9
                                    0x0106ec04
                                    0x0106ec07
                                    0x0106ec0a
                                    0x0106ec82
                                    0x0106ec85
                                    0x0106ec8b
                                    0x0106ec91
                                    0x0106ec93
                                    0x0106ec96
                                    0x0106ec9b
                                    0x0106eca6
                                    0x0106ecac
                                    0x0106ecae
                                    0x0106ecae
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0106ec0c
                                    0x0106ec0c
                                    0x0106ec0c
                                    0x0106ec0f
                                    0x0106ec12
                                    0x0106ec15
                                    0x0106ec15
                                    0x0106ec18
                                    0x0106ec1e
                                    0x00000000
                                    0x00000000
                                    0x0106ec22
                                    0x0106ec28
                                    0x0106ec4b
                                    0x0106ec5b
                                    0x0106ec5d
                                    0x0106ec63
                                    0x0106ec65
                                    0x0106ec68
                                    0x0106ec6b
                                    0x0106ec6b
                                    0x0106ec70
                                    0x0106ec71
                                    0x0106ec74
                                    0x0106ec7d
                                    0x00000000
                                    0x0106ebe3
                                    0x0106ebe3
                                    0x0106ebe6
                                    0x0106ebe6
                                    0x0106ebe7
                                    0x0106ebe9
                                    0x0106ebec
                                    0x00000000
                                    0x0106ebe6
                                    0x0106ebe1
                                    0x0106eba4
                                    0x0106eba9
                                    0x0106ebb0
                                    0x0106ebb3
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0106ebab
                                    0x0106ebab
                                    0x0106ebab
                                    0x0106ebac
                                    0x0106ebac
                                    0x00000000
                                    0x0106ebab
                                    0x0106eb97
                                    0x0106eb19
                                    0x0106eb1c
                                    0x0106eb21
                                    0x0106eb26
                                    0x0106eb2c
                                    0x0106eb2c
                                    0x00000000
                                    0x0106eb26
                                    0x0106ead6
                                    0x0106ead9
                                    0x0106eadc
                                    0x0106eadc
                                    0x0106eadc
                                    0x0106eade
                                    0x0106eae4
                                    0x00000000
                                    0x00000000
                                    0x0106eaee
                                    0x0106eaf7
                                    0x0106eaf9
                                    0x00000000
                                    0x00000000
                                    0x0106eb04
                                    0x0106eb12
                                    0x00000000
                                    0x0106eb12
                                    0x0106eb06
                                    0x00000000
                                    0x0106eb06
                                    0x0106eaf0
                                    0x0106eaf2
                                    0x0106eaf4
                                    0x00000000
                                    0x0106eaf4
                                    0x0106ea6a
                                    0x0106ea21
                                    0x00000000
                                    0x0106ea21
                                    0x0106e9d6
                                    0x0106e9d6
                                    0x0106e9e0
                                    0x0106e9e2
                                    0x0106e9e2
                                    0x0106e9e8
                                    0x00000000
                                    0x0106e9e8
                                    0x0106e987
                                    0x0106e98f
                                    0x0106e992
                                    0x0106e995
                                    0x0106e995
                                    0x0106e998
                                    0x0106e998
                                    0x0106e99a
                                    0x0106e9a0
                                    0x00000000
                                    0x00000000
                                    0x0106e9a9
                                    0x0106e9b2
                                    0x0106e9b4
                                    0x00000000
                                    0x00000000
                                    0x0106e9ba
                                    0x0106e9c1
                                    0x0106e9cf
                                    0x00000000
                                    0x0106e9cf
                                    0x0106e9c3
                                    0x00000000
                                    0x0106e9c3
                                    0x0106e9ab
                                    0x0106e9ad
                                    0x0106e9af
                                    0x00000000
                                    0x0106e9af
                                    0x0106e924
                                    0x0106e8b7
                                    0x0106e8ba
                                    0x0106e902
                                    0x0106e908
                                    0x0106e90a
                                    0x00000000
                                    0x0106e90a
                                    0x0106e8bc
                                    0x0106e8bf
                                    0x0106e8f9
                                    0x0106e8ff
                                    0x0106e901
                                    0x00000000
                                    0x0106e901
                                    0x0106e8c1
                                    0x0106e8c4
                                    0x0106e8f0
                                    0x0106e8f6
                                    0x0106e8f8
                                    0x00000000
                                    0x0106e8f8
                                    0x0106e8c6
                                    0x0106e8c9
                                    0x0106e8e7
                                    0x0106e8ed
                                    0x0106e8ef
                                    0x00000000
                                    0x0106e8ef
                                    0x0106e8cb
                                    0x0106e8ce
                                    0x0106e8de
                                    0x0106e8e4
                                    0x0106e8e6
                                    0x00000000
                                    0x0106e8e6
                                    0x0106e8d3
                                    0x00000000
                                    0x0106e8d5
                                    0x0106e8db
                                    0x0106e8dd
                                    0x00000000
                                    0x0106e8dd
                                    0x0106e853
                                    0x0106e855
                                    0x0106e85b
                                    0x0106e85d
                                    0x0106e897
                                    0x0106e89c
                                    0x0106e8a2
                                    0x0106e8a6
                                    0x0106e8ab
                                    0x0106e8ad
                                    0x0106e8ad
                                    0x00000000
                                    0x0106e85d

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: DebugPrintTimes
                                    • String ID:
                                    • API String ID: 3446177414-0
                                    • Opcode ID: 7d7fea54115839316bfe818cb456400fea66afadc195274e7ac01644bea445cf
                                    • Instruction ID: 737c64235922c29b5c3a7ce33fbbf419cd9724b6419ee18678cc0d4eb271a951
                                    • Opcode Fuzzy Hash: 7d7fea54115839316bfe818cb456400fea66afadc195274e7ac01644bea445cf
                                    • Instruction Fuzzy Hash: 8F02C276E007158FCB58CF6DC8916BEBBFAEF88200B19816DD496EB381D634E901CB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F940E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 29%
                                    			E00F940E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E00F9B150();
					} else {
						E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00F9B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E00F9B150(", passed to %s", _t29);
					}
					_push("\n");
					E00F9B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1086378 = 1;
						asm("int3");
						 *0x1086378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                    0x00f940e6
                                    0x00f940e8
                                    0x00f940f1
                                    0x00ff042d
                                    0x00ff044c
                                    0x00ff0451
                                    0x00ff042f
                                    0x00ff0444
                                    0x00ff0449
                                    0x00ff045d
                                    0x00ff0466
                                    0x00ff046e
                                    0x00ff0474
                                    0x00ff0475
                                    0x00ff047a
                                    0x00ff048a
                                    0x00ff048c
                                    0x00ff0493
                                    0x00ff0494
                                    0x00ff0494
                                    0x00000000
                                    0x00ff049b
                                    0x00000000

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                    • API String ID: 0-188067316
                                    • Opcode ID: accf5805cba5c60d38e414f05998ef39ebf064a0967b988c83605b5881aa1bf8
                                    • Instruction ID: b362e8448d46a3317f90608739c9b0a1743289c4e94088004daa1b09e389e1f9
                                    • Opcode Fuzzy Hash: accf5805cba5c60d38e414f05998ef39ebf064a0967b988c83605b5881aa1bf8
                                    • Instruction Fuzzy Hash: 80012D325086449EE625D768A91EF6577A4DF42F30F15C06AF108876B3CFEED880F512
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FB5600 Relevance: 6.2, Strings: 3, Instructions: 2418COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 94%
                                    			E00FB5600(signed char __ecx, signed int __edx, signed int _a4, unsigned int _a8, intOrPtr* _a12, signed char* _a16) {
				signed char _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				char _v53;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char _v69;
				char _v70;
				signed char _v71;
				char _v72;
				char _v73;
				signed int _v80;
				signed int _v88;
				signed short _v92;
				signed char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				char _v109;
				char _v110;
				signed int _v111;
				char _v112;
				signed char _v116;
				signed int _v120;
				signed char _v128;
				signed short _v132;
				signed short _v134;
				signed short _v136;
				signed short _v138;
				signed int _v144;
				signed char _v148;
				signed char _v152;
				signed short _v156;
				signed int _v160;
				signed short _v164;
				signed short _v166;
				signed int _v172;
				signed char _v176;
				signed char _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed char _v200;
				char _v204;
				signed int _v206;
				signed char _v212;
				intOrPtr _v216;
				signed int _v220;
				unsigned int* _v224;
				intOrPtr _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed char _v248;
				unsigned int* _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed char _v276;
				signed char _v280;
				intOrPtr _v284;
				signed int* _v288;
				signed int _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed short _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				intOrPtr _v340;
				signed char _v344;
				signed char _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				unsigned int _v372;
				unsigned int _v380;
				unsigned int _v388;
				unsigned int _v396;
				unsigned int _v404;
				unsigned int _v412;
				unsigned int _v420;
				unsigned int _v428;
				unsigned int _v436;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t1068;
				signed char _t1072;
				signed int _t1073;
				intOrPtr _t1075;
				signed int _t1078;
				char* _t1079;
				signed int _t1097;
				signed char* _t1100;
				intOrPtr _t1101;
				signed int _t1102;
				signed char* _t1105;
				intOrPtr _t1106;
				signed int _t1107;
				signed char* _t1110;
				signed char* _t1112;
				signed int _t1120;
				void* _t1127;
				signed char* _t1137;
				intOrPtr* _t1145;
				signed int _t1147;
				intOrPtr _t1148;
				void* _t1149;
				signed int _t1151;
				signed char _t1153;
				signed int _t1158;
				signed int _t1159;
				signed char _t1179;
				signed char _t1180;
				unsigned int _t1182;
				signed char _t1192;
				signed char _t1193;
				char _t1205;
				signed char _t1209;
				signed short _t1211;
				void* _t1212;
				signed int _t1217;
				signed int _t1218;
				signed char _t1219;
				signed int _t1221;
				intOrPtr* _t1227;
				intOrPtr* _t1228;
				signed int _t1235;
				signed int _t1236;
				intOrPtr* _t1244;
				intOrPtr* _t1246;
				signed int _t1249;
				signed int _t1253;
				signed int _t1255;
				intOrPtr _t1261;
				signed int _t1267;
				signed int _t1269;
				intOrPtr* _t1281;
				intOrPtr* _t1282;
				signed int _t1285;
				signed int* _t1289;
				signed int* _t1291;
				intOrPtr _t1294;
				signed int _t1295;
				signed int _t1301;
				signed int* _t1302;
				signed int _t1303;
				intOrPtr _t1308;
				signed short _t1309;
				intOrPtr _t1315;
				signed int _t1316;
				intOrPtr _t1318;
				signed int* _t1319;
				signed int _t1320;
				signed int* _t1323;
				signed int _t1324;
				unsigned int* _t1333;
				signed int _t1336;
				signed int _t1338;
				signed int _t1341;
				signed int _t1347;
				signed int* _t1348;
				signed int _t1349;
				signed short _t1352;
				signed short _t1358;
				signed short _t1364;
				signed int _t1373;
				intOrPtr _t1379;
				intOrPtr _t1384;
				intOrPtr* _t1392;
				signed int _t1393;
				signed int _t1396;
				signed int _t1397;
				intOrPtr _t1399;
				signed int _t1401;
				signed char _t1403;
				signed int _t1405;
				signed int _t1406;
				intOrPtr _t1408;
				signed int* _t1410;
				signed int _t1411;
				signed short _t1414;
				signed int* _t1424;
				signed int _t1425;
				signed int* _t1428;
				signed int _t1429;
				signed int _t1432;
				signed int _t1434;
				signed int _t1438;
				signed short _t1440;
				signed short _t1447;
				signed short _t1453;
				intOrPtr* _t1459;
				signed char _t1460;
				void* _t1461;
				signed int _t1465;
				signed int _t1466;
				intOrPtr _t1469;
				signed int _t1471;
				signed char _t1473;
				signed int _t1475;
				signed int _t1476;
				signed char _t1477;
				intOrPtr _t1479;
				signed int* _t1481;
				signed int _t1482;
				signed short _t1485;
				signed int _t1496;
				signed int _t1504;
				signed int _t1506;
				signed int _t1518;
				unsigned int _t1521;
				intOrPtr _t1522;
				signed int _t1523;
				signed int _t1524;
				signed int _t1525;
				signed char _t1526;
				signed short _t1527;
				signed int _t1529;
				unsigned int _t1535;
				signed int _t1538;
				signed short _t1539;
				signed int _t1559;
				signed int _t1564;
				signed char _t1565;
				signed char _t1566;
				signed char _t1567;
				signed char _t1569;
				signed int _t1571;
				signed char _t1576;
				signed short* _t1577;
				signed char _t1579;
				intOrPtr* _t1581;
				signed int _t1583;
				intOrPtr* _t1586;
				intOrPtr _t1590;
				signed int _t1594;
				signed char _t1599;
				intOrPtr* _t1601;
				signed int _t1604;
				signed int _t1605;
				signed int _t1606;
				signed int _t1608;
				signed char _t1614;
				signed short _t1617;
				signed int _t1619;
				signed short _t1620;
				signed int _t1622;
				unsigned int _t1628;
				signed short _t1632;
				signed int _t1634;
				signed char _t1638;
				signed char _t1643;
				signed char _t1648;
				intOrPtr _t1651;
				signed int _t1654;
				signed int _t1656;
				signed int _t1657;
				signed char _t1658;
				signed char _t1660;
				signed char _t1668;
				signed short _t1671;
				intOrPtr _t1673;
				signed short _t1674;
				intOrPtr _t1676;
				signed int _t1678;
				signed int _t1681;
				signed int _t1682;
				signed int _t1686;
				signed short _t1689;
				signed int _t1691;
				signed char _t1695;
				signed char _t1700;
				signed char _t1705;
				signed int _t1707;
				intOrPtr _t1708;
				signed int _t1709;
				signed int _t1710;
				signed char _t1712;
				signed char _t1719;
				signed int* _t1723;
				signed int _t1724;
				signed int _t1725;
				unsigned int _t1728;
				signed int _t1729;
				signed int _t1730;
				signed char* _t1734;
				signed int _t1736;
				intOrPtr* _t1738;
				signed int _t1740;
				signed int _t1743;
				unsigned int _t1744;
				intOrPtr _t1753;
				signed char _t1754;
				signed short* _t1755;
				signed short* _t1757;
				unsigned int _t1760;
				intOrPtr _t1763;
				signed int _t1765;
				signed short _t1766;
				signed short _t1768;
				void* _t1769;
				signed int _t1771;
				signed int _t1773;
				signed int _t1775;
				unsigned int _t1781;
				signed int _t1784;
				signed int _t1785;
				signed int _t1787;
				signed int _t1789;
				unsigned int _t1791;
				unsigned int _t1795;
				unsigned int _t1799;
				signed int _t1802;
				intOrPtr* _t1803;
				signed short* _t1805;
				signed int _t1807;
				intOrPtr _t1809;
				signed short _t1811;
				signed short _t1813;
				intOrPtr _t1814;
				signed char _t1820;
				void* _t1821;
				signed int _t1825;
				signed char _t1829;
				unsigned int _t1831;
				unsigned int* _t1836;
				unsigned int _t1838;
				unsigned int _t1842;
				unsigned int _t1846;
				signed int _t1852;
				signed int _t1858;
				unsigned int _t1861;
				signed int _t1866;
				intOrPtr _t1868;
				signed char _t1871;
				void* _t1873;
				signed int _t1876;
				signed int _t1877;
				signed int _t1880;
				signed char _t1881;
				signed int _t1882;
				signed int _t1883;
				signed short _t1885;
				signed short* _t1886;
				signed char _t1887;
				signed char _t1888;
				signed int* _t1889;
				intOrPtr _t1890;
				signed int _t1892;
				intOrPtr* _t1893;
				signed int _t1894;
				signed int _t1895;
				signed int _t1896;
				signed int _t1897;
				signed int _t1900;
				signed int _t1904;
				signed int _t1905;
				signed int _t1906;
				intOrPtr _t1907;
				signed int _t1908;
				signed int _t1910;
				signed int _t1911;
				signed int _t1912;
				unsigned int _t1916;
				signed int _t1917;
				void* _t1921;
				intOrPtr _t1922;
				intOrPtr _t1923;
				signed int _t1924;
				signed int _t1926;
				signed int _t1927;
				signed int _t1928;
				unsigned int _t1931;
				signed int _t1932;
				signed int* _t1933;
				intOrPtr _t1934;
				signed int _t1935;
				void* _t1936;
				void* _t1937;
				void* _t1940;
				void* _t1941;
				signed int _t1946;
				void* _t1952;

				_t1725 = __edx;
				_t1540 = __ecx;
				_push(0xfffffffe);
				_push(0x106fc88);
				_push(0xfe17f0);
				_push( *[fs:0x0]);
				_t1937 = _t1936 - 0x1a0;
				_push(_t1873);
				_t1068 =  *0x108d360;
				_v12 = _v12 ^ _t1068;
				_push(_t1068 ^ _t1935);
				 *[fs:0x0] =  &_v20;
				_v96 = __edx;
				_t1871 = __ecx;
				_v280 = __ecx;
				_v196 = 0;
				_v104 = 1;
				_v53 = 0;
				_v80 = 0;
				_v60 = 0;
				_v180 = 0;
				_t1518 = _a8 >> 3;
				if((__edx & 0x7d010f60) != 0 || _a4 >= 0x80000000) {
					_v104 = 0;
					 *_a16 = 4;
					_t1072 = _a4;
					__eflags = _t1072 - 0x7fffffff;
					if(_t1072 > 0x7fffffff) {
						_t1073 = 0;
						goto L157;
					}
					__eflags = _t1725 & 0x61000000;
					if((_t1725 & 0x61000000) != 0) {
						__eflags = _t1725 & 0x10000000;
						if(__eflags != 0) {
							goto L287;
						}
						_t1073 = E01052D82(_t1518, _t1540, _t1725, _t1871, _t1873, __eflags, _t1072);
						goto L157;
					}
					L287:
					__eflags = _t1072;
					if(_t1072 == 0) {
						_t1072 = 1;
					}
					_t1728 =  *((intOrPtr*)(_t1871 + 0x94)) + _t1072 &  *(_t1871 + 0x98);
					__eflags = _t1728 - 0x10;
					if(_t1728 < 0x10) {
						_t1728 = 0x10;
					}
					_a8 = _t1728;
					_t1074 = _v96;
					_t1546 = _t1074 >> 0x00000004 & 0xffffffe1 | 0x00000001;
					_v64 = _t1546;
					__eflags = _t1074 & 0x3c000100;
					if((_t1074 & 0x3c000100) == 0) {
						__eflags =  *(_t1871 + 0xbc);
						if( *(_t1871 + 0xbc) == 0) {
							goto L291;
						}
						goto L290;
					} else {
						L290:
						_t1546 = _t1546 | 0x00000002;
						_v64 = _t1546;
						_t1728 = _t1728 + 8;
						__eflags = _t1728;
						_a8 = _t1728;
						L291:
						_t1729 = _t1728 >> 3;
						_v52 = _t1729;
						goto L4;
					}
				} else {
					_t1546 = 1;
					_v64 = 1;
					_t1729 = _t1518;
					_v52 = _t1729;
					if(_t1729 < 2) {
						_a8 = _a8 + 8;
						_t1729 = 2;
						_v52 = 2;
					}
					 *_a16 = 3;
					_t1074 = _v96;
					L4:
					_t1876 = _t1074 & 0x00800000;
					if(_t1876 != 0) {
						_t1075 =  *[fs:0x30];
						__eflags =  *(_t1075 + 0x68) & 0x00000800;
						_t1074 = _v96;
						if(( *(_t1075 + 0x68) & 0x00000800) == 0) {
							_t1546 = _t1546 | 0x00000008;
							_v64 = _t1546;
						}
					}
					_v8 = 0;
					_t1946 = _t1074 & 0x00000001;
					if(_t1946 != 0) {
						L11:
						if(_t1729 >  *((intOrPtr*)(_t1871 + 0x5c))) {
							__eflags =  *(_t1871 + 0x40) & 0x00000002;
							if(( *(_t1871 + 0x40) & 0x00000002) == 0) {
								_v148 = 0xc0000023;
								L363:
								_v80 = 0;
								goto L153;
							}
							_t1521 = _a8 + 0x18;
							_a8 = _t1521;
							_a8 = _t1521;
							_t1880 = (E00FC1164(_t1546) & 0x0000000f) << 0xc;
							_v352 = _t1880;
							_v200 = 0;
							_v204 = _a8 + 0x1000 + _t1880;
							_t1732 = 1;
							_t1546 = _t1871;
							_t1518 = E00FC0678(_t1871, 1);
							_v356 = _t1518;
							_push(_t1518);
							_push(0x2000);
							_push( &_v204);
							_push(0);
							_push( &_v200);
							_push(0xffffffff);
							_t1074 = E00FD9660();
							_v148 = _t1074;
							__eflags = _t1074;
							if(_t1074 < 0) {
								goto L153;
							}
							_v60 = _v200 + _t1880;
							_push(_t1518);
							_push(0x1000);
							_push( &_a8);
							_push(0);
							_push( &_v60);
							_push(0xffffffff);
							_t1074 = E00FD9660();
							_v148 = _t1074;
							__eflags = _t1074;
							if(_t1074 < 0) {
								_v60 = 0;
								 *((intOrPtr*)(_t1871 + 0x214)) =  *((intOrPtr*)(_t1871 + 0x214)) + 1;
								goto L363;
							}
							 *((short*)(_v60 + 0x18)) = _a8 - _a4;
							 *(_v60 + 0x1a) = _v64 | 0x00000002;
							 *(_v60 + 0x10) = _a8;
							 *((intOrPtr*)(_v60 + 0x14)) = _v204;
							 *((char*)(_v60 + 0x1f)) = 4;
							 *((intOrPtr*)(_t1871 + 0x1f0)) =  *((intOrPtr*)(_t1871 + 0x1f0)) + _a8;
							_t1097 = E00FB7D50();
							__eflags = _t1097;
							if(_t1097 != 0) {
								_t1100 =  *( *[fs:0x30] + 0x50) + 0x226;
							} else {
								_t1100 = 0x7ffe0380;
							}
							__eflags =  *_t1100;
							if( *_t1100 != 0) {
								_t1101 =  *[fs:0x30];
								__eflags =  *(_t1101 + 0x240) & 0x00000001;
								if(( *(_t1101 + 0x240) & 0x00000001) != 0) {
									_t1732 = _v60;
									E0105138A(_t1518, _t1871, _v60, _a8, 9);
								}
							}
							_t1102 = E00FB7D50();
							__eflags = _t1102;
							if(_t1102 != 0) {
								_t1105 =  *( *[fs:0x30] + 0x50) + 0x226;
							} else {
								_t1105 = 0x7ffe0380;
							}
							__eflags =  *_t1105;
							if( *_t1105 != 0) {
								_t1106 =  *[fs:0x30];
								__eflags =  *(_t1106 + 0x240) & 0x00000001;
								if(( *(_t1106 + 0x240) & 0x00000001) != 0) {
									__eflags = E00FB7D50();
									if(__eflags == 0) {
										_t1137 = 0x7ffe0380;
									} else {
										_t1137 =  *( *[fs:0x30] + 0x50) + 0x226;
									}
									_t1732 = _v60;
									E01051582(_t1518, _t1871, _v60, __eflags, _a8,  *(_t1871 + 0x74) << 3,  *_t1137 & 0x000000ff);
								}
							}
							_t1107 = E00FB7D50();
							__eflags = _t1107;
							if(_t1107 != 0) {
								_t1110 =  *( *[fs:0x30] + 0x50) + 0x230;
							} else {
								_t1110 = 0x7ffe038a;
							}
							__eflags =  *_t1110;
							if( *_t1110 != 0) {
								__eflags = E00FB7D50();
								if(__eflags == 0) {
									_t1112 = 0x7ffe038a;
								} else {
									_t1112 =  *( *[fs:0x30] + 0x50) + 0x230;
								}
								_t1732 = _v60;
								E01051582(_t1518, _t1871, _v60, __eflags, _a8,  *(_t1871 + 0x74) << 3,  *_t1112 & 0x000000ff);
							}
							__eflags =  *(_t1871 + 0x40) & 0x08000000;
							if(( *(_t1871 + 0x40) & 0x08000000) != 0) {
								_t1559 = E00FC16C7(1, _t1732) & 0x0000ffff;
								_v206 = _t1559;
								 *(_v60 + 8) = _t1559;
							}
							_t1120 =  *( *[fs:0x30] + 0x68);
							_v360 = _t1120;
							__eflags = _t1120 & 0x00000800;
							if((_t1120 & 0x00000800) != 0) {
								 *((short*)(_v60 + 0xa)) = E0103E9F0(_t1871, _v96 >> 0x00000012 & 0x000000ff, 0,  *(_v60 + 0x10) >> 3, 1);
							}
							_t1546 = _v60;
							__eflags =  *(_t1871 + 0x4c);
							if( *(_t1871 + 0x4c) != 0) {
								 *(_t1546 + 0x1b) =  *(_t1546 + 0x1a) ^  *(_t1546 + 0x19) ^  *(_t1546 + 0x18);
								_t737 = _t1546 + 0x18;
								 *_t737 =  *(_t1546 + 0x18) ^  *(_t1871 + 0x50);
								__eflags =  *_t737;
								_t1546 = _v60;
							}
							_t1127 = _t1871 + 0x9c;
							_t1734 =  *(_t1127 + 4);
							_t1881 =  *_t1734;
							__eflags = _t1881 - _t1127;
							if(_t1881 != _t1127) {
								_push(_t1546);
								_t1546 = 0xd;
								E0105A80D(0, _t1127, 0, _t1881);
							} else {
								 *_t1546 = _t1127;
								 *(_t1546 + 4) = _t1734;
								 *_t1734 = _t1546;
								 *(_t1127 + 4) = _t1546;
							}
							_t1074 = _v60 + 0x20;
							_v80 = _v60 + 0x20;
							goto L153;
						}
						if(_t1876 != 0) {
							L21:
							_t1145 = _a12;
							if(_t1145 == 0) {
								L23:
								_v228 = _t1871 + 0xc0;
								_t1564 =  *(_t1871 + 0xb4);
								_v36 = _t1564;
								while(1) {
									_t1522 =  *((intOrPtr*)(_t1564 + 4));
									if(_t1729 < _t1522) {
										_t1523 = _t1729;
										goto L26;
									}
									_t1147 =  *_t1564;
									__eflags = _t1147;
									if(_t1147 == 0) {
										_t1523 = _t1522 - 1;
										while(1) {
											L26:
											_v144 = _t1523;
											_t1524 = _t1523 -  *(_t1564 + 0x14);
											_t1882 = 0;
											_t1736 =  *(_t1564 + 0x18);
											_v40 = _t1736;
											_t1148 =  *((intOrPtr*)(_t1736 + 4));
											if(_t1736 == _t1148) {
												goto L311;
											}
											_t1424 = _t1148 + 0xfffffff8;
											_v32 = _t1424;
											_t1425 =  *_t1424;
											_v380 = _t1425;
											_t1671 = _t1425 & 0x0000ffff;
											if( *(_t1871 + 0x4c) != 0) {
												_t1846 =  *(_t1871 + 0x50) ^ _t1425;
												_v380 = _t1846;
												_t1453 = _t1846 & 0x0000ffff;
												_v44 = _t1453;
												_v68 = _t1453 & 0x0000ffff;
												_t1705 = _t1846 >> 0x00000010 ^ _t1846 >> 0x00000008 ^ _t1846;
												if(_t1846 >> 0x18 != _t1705) {
													_push(_t1705);
													E0105A80D(_t1871, _v32, 0, 0);
													_t1671 = _v44 & 0x0000ffff;
												} else {
													_t1671 = _v68;
												}
												_t1736 = _v40;
											}
											_t1673 = _v52 - (_t1671 & 0x0000ffff);
											_v300 = _t1673;
											if(_t1673 > 0) {
												_t1882 = _t1736;
												goto L48;
											} else {
												_t1428 =  *_t1736 + 0xfffffff8;
												_v32 = _t1428;
												_t1429 =  *_t1428;
												_v388 = _t1429;
												_t1674 = _t1429 & 0x0000ffff;
												if( *(_t1871 + 0x4c) != _t1882) {
													_t1842 =  *(_t1871 + 0x50) ^ _t1429;
													_v388 = _t1842;
													_t1447 = _t1842 & 0x0000ffff;
													_v44 = _t1447;
													_v68 = _t1447 & 0x0000ffff;
													_t1700 = _t1842 >> 0x00000010 ^ _t1842 >> 0x00000008 ^ _t1842;
													if(_t1842 >> 0x18 != _t1700) {
														_push(_t1700);
														E0105A80D(_t1871, _v32, 0, 0);
														_t1674 = _v44 & 0x0000ffff;
													} else {
														_t1674 = _v68;
													}
													_t1736 = _v40;
												}
												_t1676 = _v52 - (_t1674 & 0x0000ffff);
												_v304 = _t1676;
												_t1564 = _v36;
												if(_t1676 <= 0) {
													_t1882 =  *_t1736;
													goto L49;
												} else {
													if( *_t1564 != _t1882 || _v144 !=  *((intOrPtr*)(_t1564 + 4)) - 1) {
														_t1432 = _t1524 >> 5;
														_t1921 = ( *((intOrPtr*)(_t1564 + 4)) -  *(_t1564 + 0x14) >> 5) - 1;
														_t1836 =  *((intOrPtr*)(_t1564 + 0x1c)) + _t1432 * 4;
														_v32 = _t1524 & 0x0000001f;
														_t1535 =  !((1 << _v32) - 1) &  *_t1836;
														while(1) {
															_v224 = _t1836;
															_v184 = _t1432;
															if(_t1535 != 0) {
																break;
															}
															if(_t1432 > _t1921) {
																__eflags = _t1535;
																if(_t1535 != 0) {
																	break;
																}
																_t1564 = _v36;
																goto L167;
															} else {
																_t1836 =  &(_t1836[1]);
																_t1535 =  *_t1836;
																_t1432 = _t1432 + 1;
																continue;
															}
														}
														__eflags = _t1535;
														if(_t1535 != 0) {
															_t1678 = _t1535 & 0x000000ff;
															__eflags = _t1535;
															if(_t1535 == 0) {
																_t1681 = ( *((_t1535 >> 0x00000008 & 0x000000ff) + 0xf784d0) & 0x000000ff) + 8;
															} else {
																_t1681 =  *(_t1678 + 0xf784d0) & 0x000000ff;
															}
														} else {
															_t1686 = _t1535 >> 0x00000010 & 0x000000ff;
															__eflags = _t1686;
															if(_t1686 != 0) {
																_t1681 = ( *(_t1686 + 0xf784d0) & 0x000000ff) + 0x10;
															} else {
																_t97 = (_t1535 >> 0x18) + 0xf784d0; // 0x10008
																_t1681 = ( *_t97 & 0x000000ff) + 0x18;
																__eflags = _t1681;
															}
														}
														_t1434 = (_t1432 << 5) + _t1681;
														_v184 = _t1434;
														_t1682 = _v36;
														__eflags =  *(_t1682 + 8);
														if( *(_t1682 + 8) != 0) {
															_t1434 = _t1434 + _t1434;
														}
														_t1882 =  *( *((intOrPtr*)(_t1682 + 0x20)) + _t1434 * 4);
														goto L48;
													} else {
														__eflags =  *((intOrPtr*)(_t1564 + 8)) - _t1882;
														if( *((intOrPtr*)(_t1564 + 8)) != _t1882) {
															_t1524 = _t1524 + _t1524;
														}
														_t1538 =  *( *((intOrPtr*)(_t1564 + 0x20)) + _t1524 * 4);
														while(1) {
															__eflags = _t1736 - _t1538;
															if(_t1736 == _t1538) {
																break;
															}
															_t1438 =  *(_t1538 - 8);
															_v396 = _t1438;
															_t1689 = _t1438 & 0x0000ffff;
															__eflags =  *(_t1871 + 0x4c) - _t1882;
															if( *(_t1871 + 0x4c) != _t1882) {
																_t1838 =  *(_t1871 + 0x50) ^ _t1438;
																_v396 = _t1838;
																_t1440 = _t1838 & 0x0000ffff;
																_v32 = _t1440;
																_v44 = _t1440 & 0x0000ffff;
																_t1695 = _t1838 >> 0x00000010 ^ _t1838 >> 0x00000008 ^ _t1838;
																__eflags = _t1838 >> 0x18 - _t1695;
																if(_t1838 >> 0x18 != _t1695) {
																	_push(_t1695);
																	E0105A80D(_t1871, _t1538 - 8, 0, 0);
																	_t1689 = _v32 & 0x0000ffff;
																} else {
																	_t1689 = _v44;
																}
																_t1736 = _v40;
															}
															_t1691 = _v52 - (_t1689 & 0x0000ffff);
															_v308 = _t1691;
															__eflags = _t1691;
															if(_t1691 > 0) {
																_t1538 =  *_t1538;
																continue;
															} else {
																_t1882 = _t1538;
																break;
															}
														}
														L48:
														_t1564 = _v36;
														L49:
														__eflags = _t1882;
														if(_t1882 == 0) {
															L167:
															_t1564 =  *_t1564;
															_v36 = _t1564;
															_t1523 =  *(_t1564 + 0x14);
															continue;
														}
														_v312 = _t1882;
														__eflags = _v228 - _t1882;
														if(_v228 == _t1882) {
															L248:
															_t1546 = _t1871;
															_t1518 = E00FBB236(_t1871, _a8);
															_v100 = _t1518;
															__eflags = _t1518;
															if(_t1518 == 0) {
																_v148 = 0xc0000017;
																goto L363;
															}
															_t540 = _t1518 + 8; // 0x8
															_t1738 = _t540;
															_t1883 =  *_t1738;
															_v32 = _t1883;
															_t1565 =  *(_t1518 + 0xc);
															_v88 = _t1565;
															_t1149 =  *_t1565;
															_t1566 =  *(_t1883 + 4);
															_v44 = _t1566;
															__eflags = _t1149 - _t1566;
															_t1567 = _v88;
															if(_t1149 != _t1566) {
																L536:
																_push(_t1567);
																_t1546 = 0xd;
																_t1074 = E0105A80D(_t1871, _t1738, _v44, _t1149);
																_v73 = 0;
																goto L153;
															}
															__eflags = _t1149 - _t1738;
															if(_t1149 != _t1738) {
																goto L536;
															}
															 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - ( *_t1518 & 0x0000ffff);
															_t1740 =  *(_t1871 + 0xb4);
															__eflags = _t1740;
															if(_t1740 == 0) {
																L258:
																 *_t1567 = _t1883;
																 *(_t1883 + 4) = _t1567;
																__eflags =  *(_t1518 + 2) & 0x00000008;
																if(( *(_t1518 + 2) & 0x00000008) != 0) {
																	_t1151 = E00FBA229(_t1871, _t1518);
																	__eflags = _t1151;
																	if(_t1151 != 0) {
																		goto L259;
																	}
																	_t1546 = _t1871;
																	_t1074 = E00FBA309(_t1871, _t1518,  *_t1518 & 0x0000ffff, 1);
																	_v73 = 0;
																	goto L153;
																}
																L259:
																_v73 = 1;
																L76:
																_t1569 =  *(_t1518 + 2);
																_v71 = _t1569;
																__eflags = _v104;
																if(_v104 == 0) {
																	__eflags = _t1569 & 0x00000004;
																	if((_t1569 & 0x00000004) != 0) {
																		_t1905 = ( *_t1518 & 0x0000ffff) * 8 - 0x10;
																		_v244 = _t1905;
																		__eflags = _t1569 & 0x00000002;
																		if((_t1569 & 0x00000002) != 0) {
																			__eflags = _t1905 - 4;
																			if(_t1905 > 4) {
																				_t1905 = _t1905 - 4;
																				__eflags = _t1905;
																				_v244 = _t1905;
																			}
																		}
																		_t872 = _t1518 + 0x10; // 0x10
																		_t1373 = E00FED540(_t872, _t1905, 0xfeeefeee);
																		_v32 = _t1373;
																		__eflags = _t1373 - _t1905;
																		if(_t1373 != _t1905) {
																			_t1651 =  *[fs:0x30];
																			__eflags =  *(_t1651 + 0xc);
																			if( *(_t1651 + 0xc) == 0) {
																				_push("HEAP: ");
																				E00F9B150();
																				_t1941 = _t1937 + 4;
																			} else {
																				E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																				_t1941 = _t1937 + 8;
																			}
																			_t1569 = _v100;
																			_push(_v32 + 0x10 + _t1569);
																			E00F9B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1569);
																			_t1937 = _t1941 + 0xc;
																			_t1379 =  *[fs:0x30];
																			__eflags =  *((char*)(_t1379 + 2));
																			if( *((char*)(_t1379 + 2)) == 0) {
																				_t1518 = _v100;
																			} else {
																				 *0x1086378 = 1;
																				_t1518 = _v100;
																				 *0x10860c0 = _t1518;
																				asm("int3");
																				 *0x1086378 = 0;
																			}
																		}
																	}
																}
																_v120 = _t1518;
																__eflags =  *(_t1518 + 2) & 0x00000001;
																if(( *(_t1518 + 2) & 0x00000001) != 0) {
																	_push(_t1569);
																	_t1546 = 3;
																	_t1074 = E0105A80D(_t1871, _t1518, 0, 0);
																	goto L153;
																} else {
																	 *(_t1518 + 2) = _v64;
																	_t1571 = _v52;
																	_t1885 = ( *_t1518 & 0x0000ffff) - _t1571;
																	_v320 = _t1885;
																	 *_t1518 = _t1571;
																	_t1743 = _a4;
																	_t1153 = _a8 - _t1743;
																	_v44 = _t1153;
																	__eflags = _t1153 - 0x3f;
																	if(_t1153 >= 0x3f) {
																		 *(_t1518 + _t1571 * 8 - 4) = _t1153;
																		 *(_t1518 + 7) = 0x3f;
																	} else {
																		 *(_t1518 + 7) = _t1153;
																	}
																	 *(_t1518 + 3) = 0;
																	__eflags = _t1885;
																	if(_t1885 == 0) {
																		L137:
																		_t1886 = _v120;
																		_v80 =  &(_t1886[4]);
																		_t1518 = ( *_t1886 & 0x0000ffff) * 8;
																		_v196 = _t1518;
																		__eflags = (_t1886[3] & 0x0000003f) - 0x3f;
																		if((_t1886[3] & 0x0000003f) == 0x3f) {
																			_t1158 = 1;
																		} else {
																			_t1158 = 0;
																			__eflags = 0;
																		}
																		_t1546 = _t1518;
																		__eflags = _t1158;
																		if(_t1158 != 0) {
																			_t1007 = _t1518 - 4; // -4
																			_t1546 = _t1007;
																			_t1518 = _t1546;
																			_v196 = _t1518;
																		}
																		__eflags = _v104;
																		if(_v104 == 0) {
																			_t1744 = _v96;
																			__eflags = _t1744 & 0x00000008;
																			if((_t1744 & 0x00000008) == 0) {
																				__eflags =  *(_t1871 + 0x40) & 0x00000040;
																				if(( *(_t1871 + 0x40) & 0x00000040) == 0) {
																					L296:
																					_t1525 = _a4;
																					L297:
																					__eflags =  *(_t1871 + 0x40) & 0x00000020;
																					if(( *(_t1871 + 0x40) & 0x00000020) != 0) {
																						_t1159 = _v80;
																						 *((intOrPtr*)(_t1159 + _t1525)) = 0xabababab;
																						 *((intOrPtr*)(_t1159 + _t1525 + 4)) = 0xabababab;
																						 *(_v120 + 2) =  *(_v120 + 2) | 0x00000004;
																					}
																					_t1887 = _v120;
																					 *(_t1887 + 3) = 0;
																					__eflags =  *(_t1887 + 2) & 0x00000002;
																					if(( *(_t1887 + 2) & 0x00000002) == 0) {
																						_t1074 =  *( *[fs:0x30] + 0x68);
																						_v348 = _t1074;
																						__eflags = _t1074 & 0x00000800;
																						if((_t1074 & 0x00000800) == 0) {
																							goto L301;
																						}
																						_t1518 = _v120;
																						_t1546 = _t1871;
																						 *(_t1887 + 3) = E0103E9F0(_t1871, _t1744 >> 0x00000012 & 0x000000ff, 0,  *_t1518 & 0x0000ffff, 0);
																						goto L302;
																					} else {
																						_t1546 = _t1887;
																						_t1526 = E00F91F5B(_t1887);
																						_v276 = _t1526;
																						 *_t1526 = 0;
																						 *((intOrPtr*)(_t1526 + 4)) = 0;
																						__eflags =  *(_t1871 + 0x40) & 0x08000000;
																						if(( *(_t1871 + 0x40) & 0x08000000) != 0) {
																							_t1546 = 1;
																							 *_t1526 = E00FC16C7(1, _t1744);
																							_t1744 = _v96;
																						}
																						_t1074 =  *( *[fs:0x30] + 0x68);
																						_v344 = _t1074;
																						__eflags = _t1074 & 0x00000800;
																						if((_t1074 & 0x00000800) != 0) {
																							_t1518 = _v120;
																							_t1074 = E0103E9F0(_t1871, _t1744 >> 0x00000012 & 0x00000fff, 0,  *_t1518 & 0x0000ffff, 0);
																							_t1546 = _v276;
																							 *(_v276 + 2) = _t1074;
																							goto L302;
																						} else {
																							L301:
																							_t1518 = _v120;
																							L302:
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) != 0) {
																								 *(_t1887 + 3) =  *(_t1518 + 1) ^  *_t1518 ^  *(_t1887 + 2);
																								_t1074 =  *(_t1871 + 0x50);
																								 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
																							}
																							goto L153;
																						}
																					}
																				}
																				_t1525 = _a4;
																				E00FED5E0(_v80, _t1525 & 0xfffffffc, 0xbaadf00d);
																				_t1744 = _v96;
																				goto L297;
																			}
																			_t618 = _t1546 - 8; // -8
																			E00FDFA60(_v80, 0, _t618);
																			_t1744 = _v96;
																			goto L296;
																		} else {
																			__eflags =  *(_t1871 + 0x4c);
																			if( *(_t1871 + 0x4c) != 0) {
																				_t1889 = _v120;
																				_t1889[0] = _t1889[0] ^ _t1889[0] ^  *_t1889;
																				 *_t1889 =  *_t1889 ^  *(_t1871 + 0x50);
																				__eflags =  *_t1889;
																			}
																			__eflags = _v53;
																			if(_v53 == 0) {
																				L152:
																				_t1074 = _v96;
																				__eflags = _t1074 & 0x00000008;
																				if((_t1074 & 0x00000008) != 0) {
																					_t398 = _t1518 - 8; // -8
																					_t1074 = E00FDFA60(_v80, 0, _t398);
																				}
																				goto L153;
																			} else {
																				__eflags =  *(_t1871 + 0x44) & 0x01000000;
																				if(( *(_t1871 + 0x44) & 0x01000000) != 0) {
																					L149:
																					_t1888 =  *(_t1871 + 0xc8);
																					_t360 = _t1888 + 8;
																					 *_t360 =  *(_t1888 + 8) + 0xffffffff;
																					__eflags =  *_t360;
																					if( *_t360 != 0) {
																						L151:
																						_v53 = 0;
																						goto L152;
																					}
																					 *(_t1888 + 0xc) = 0;
																					_t1546 = _t1546 | 0xffffffff;
																					asm("lock cmpxchg [edx], ecx");
																					_t1750 = 0xfffffffe;
																					_v104 = 0xfffffffe;
																					__eflags = 0xfffffffe - 0xfffffffe;
																					if(0xfffffffe != 0xfffffffe) {
																						__eflags =  *(_t1888 + 4) & 0x00000001;
																						if(__eflags != 0) {
																							_push(_t1888);
																							E0102FF10(_t1518, 0xfffffffe, _t1871, _t1888, __eflags);
																							_t1750 = _v104;
																						}
																						while(1) {
																							__eflags = _t1750 & 0x00000002;
																							if((_t1750 & 0x00000002) == 0) {
																								_t1179 = 1;
																							} else {
																								_t1179 = 3;
																							}
																							_v88 = _t1179;
																							_t1546 = _t1179 + _t1750;
																							_t1180 = _t1750;
																							asm("lock cmpxchg [edx], ecx");
																							__eflags = _t1180 - _v104;
																							if(_t1180 == _v104) {
																								break;
																							}
																							_t1750 = _t1180;
																							_v104 = _t1750;
																						}
																						__eflags = _v88 & 0x00000002;
																						if((_v88 & 0x00000002) != 0) {
																							E00F94DC0(_t1546, _t1888);
																						}
																					}
																					goto L151;
																				}
																				 *(_t1871 + 0x21c) =  *(_t1871 + 0x21c) + 1;
																				_t1546 =  *(_t1871 + 0x224);
																				__eflags =  *(_t1871 + 0x21c) - _t1546;
																				if( *(_t1871 + 0x21c) > _t1546) {
																					 *(_t1871 + 0x21c) = 0;
																					_t1753 =  *((intOrPtr*)(_t1871 + 0x1e8)) - ( *(_t1871 + 0x74) << 3);
																					__eflags = _t1753 -  *((intOrPtr*)(_t1871 + 0x238));
																					if(_t1753 >  *((intOrPtr*)(_t1871 + 0x238))) {
																						 *((intOrPtr*)(_t1871 + 0x238)) = _t1753;
																					}
																					 *((intOrPtr*)(_t1871 + 0x23c)) = _t1753;
																				}
																				 *(_t1871 + 0x228) =  *(_t1871 + 0x228) + 1;
																				__eflags =  *(_t1871 + 0x228) - 0x1000;
																				if( *(_t1871 + 0x228) >= 0x1000) {
																					__eflags =  *((char*)(_t1871 + 0xda)) - 2;
																					if( *((char*)(_t1871 + 0xda)) != 2) {
																						L364:
																						_t1182 = 0x10;
																						L360:
																						__eflags =  *(_t1871 + 0x220) - _t1182;
																						if( *(_t1871 + 0x220) > _t1182) {
																							__eflags = _t1546 - 0x10000;
																							if(_t1546 < 0x10000) {
																								 *(_t1871 + 0x224) = _t1546 + _t1546;
																							}
																						}
																						 *(_t1871 + 0x220) = 0;
																						 *(_t1871 + 0x228) = 0;
																						goto L149;
																					}
																					__eflags =  *((intOrPtr*)(_t1871 + 0x22c)) - 0x10;
																					if( *((intOrPtr*)(_t1871 + 0x22c)) <= 0x10) {
																						goto L364;
																					}
																					_t1182 = 0x100;
																					goto L360;
																				} else {
																					goto L149;
																				}
																			}
																		}
																	} else {
																		__eflags = _t1885 - 1;
																		if(_t1885 == 1) {
																			 *_t1518 =  *_t1518 + 1;
																			_t1192 = _a8 - _t1743 + 8;
																			_v68 = _t1192;
																			__eflags = _t1192 - 0x3f;
																			if(_t1192 >= 0x3f) {
																				 *(_t1518 + 4 + _t1571 * 8) = _t1192;
																				 *(_t1518 + 7) = 0x3f;
																			} else {
																				 *(_t1518 + 7) = _t1192;
																			}
																			goto L137;
																		}
																		__eflags = _v104;
																		if(_v104 == 0) {
																			_t1754 = 1;
																		} else {
																			_t1754 = 0;
																			__eflags = 0;
																		}
																		_v116 = _t1754;
																		_t1193 =  *((intOrPtr*)(_t1518 + 6));
																		__eflags = _t1193;
																		if(_t1193 != 0) {
																			_t1576 = (1 - (_t1193 & 0x000000ff) << 0x10) + (_t1518 & 0xffff0000);
																			_v48 = 1;
																		} else {
																			_t1576 = _t1871;
																			_v48 = _t1871;
																		}
																		_v248 = _t1576;
																		_v32 = _t1885;
																		_t1518 = _t1518 + _v52 * 8;
																		_v88 = 0;
																		 *(_t1518 + 2) = _v71;
																		 *(_t1518 + 7) = 0;
																		 *(_t1518 + 4) =  *(_t1871 + 0x54) ^ _v52;
																		__eflags =  *((intOrPtr*)(_t1576 + 0x18)) - _v48;
																		if( *((intOrPtr*)(_t1576 + 0x18)) != _v48) {
																			_t1205 = (_t1518 - _v48 >> 0x10) + 1;
																			_v32 = _t1205;
																			_v108 = _t1205;
																			__eflags = _t1205 - 0xfe;
																			if(_t1205 >= 0xfe) {
																				_push(_t1576);
																				E0105A80D( *((intOrPtr*)(_t1576 + 0x18)), _t1518, _t1576, 0);
																				_t1754 = _v116;
																				_t1205 = _v32;
																			}
																		} else {
																			_t1205 = 0;
																			__eflags = 0;
																		}
																		_v110 = _t1205;
																		 *((char*)(_t1518 + 6)) = _t1205;
																		 *(_t1518 + 3) = 0;
																		 *_t1518 = _t1885;
																		while(1) {
																			_t1577 = _t1518 + _t1885 * 8;
																			_t1209 =  *(_t1871 + 0x4c) >> 0x00000014 &  *(_t1871 + 0x52) ^ _t1577[1];
																			__eflags = _t1209 & 0x00000001;
																			if((_t1209 & 0x00000001) != 0) {
																				break;
																			}
																			__eflags =  *(_t1871 + 0x4c);
																			if( *(_t1871 + 0x4c) != 0) {
																				_t1760 =  *(_t1871 + 0x50) ^  *_t1577;
																				 *_t1577 = _t1760;
																				_t1599 = _t1760 >> 0x00000010 ^ _t1760 >> 0x00000008 ^ _t1760;
																				__eflags = _t1760 >> 0x18 - _t1599;
																				if(__eflags != 0) {
																					_push(_t1599);
																					E0104FA2B(_t1518, _t1871, _t1518 + _t1885 * 8, _t1871, _t1885, __eflags);
																				}
																				_t1577 = _t1518 + _t1885 * 8;
																			}
																			_t762 =  &(_t1577[4]); // 0xfb47f1
																			_t1755 = _t762;
																			_v32 = _t1755;
																			_v48 =  *_t1755;
																			_t765 =  &(_t1577[6]); // 0x18a164ff
																			_t1211 =  *_t765;
																			_v44 = _t1211;
																			_t1212 =  *_t1211;
																			_t768 = _v48 + 4; // 0x1475ffec
																			__eflags = _t1212 -  *_t768;
																			_t769 =  &(_t1577[4]); // 0xfb47f1
																			_t1757 = _t769;
																			if(_t1212 !=  *_t768) {
																				L523:
																				_push(_t1577);
																				_t998 = _v48 + 4; // 0x1475ffec
																				_t1546 = 0xd;
																				E0105A80D(_t1871, _t1757,  *_t998, _t1212);
																				goto L524;
																			} else {
																				__eflags = _t1212 - _t1757;
																				if(_t1212 != _t1757) {
																					goto L523;
																				}
																				 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - ( *_t1577 & 0x0000ffff);
																				_t1802 =  *(_t1871 + 0xb4);
																				__eflags = _t1802;
																				if(_t1802 == 0) {
																					L381:
																					_t1217 = _v48;
																					_t1803 = _v44;
																					 *_t1803 = _t1217;
																					 *((intOrPtr*)(_t1217 + 4)) = _t1803;
																					__eflags = _t1577[1] & 0x00000008;
																					if((_t1577[1] & 0x00000008) != 0) {
																						_t1218 = E00FBA229(_t1871, _t1577);
																						__eflags = _t1218;
																						if(_t1218 != 0) {
																							goto L382;
																						}
																						_t1546 = _t1871;
																						E00FBA309(_t1871, _t1518 + _t1885 * 8,  *(_t1518 + _t1885 * 8) & 0x0000ffff, 1);
																						L524:
																						_v72 = 0;
																						__eflags = _v88;
																						if(_v88 != 0) {
																							_v112 = 0;
																							 *( *[fs:0x18] + 0xbf4) = 0xc000003c;
																							_t1890 =  *[fs:0x18];
																							_v340 = _t1890;
																							 *((intOrPtr*)(_t1890 + 0x34)) = E00F9CCC0(0xc000003c);
																							goto L153;
																						}
																						_v88 = 1;
																						_t1754 = _v116;
																						continue;
																					}
																					L382:
																					_v72 = 1;
																					_t1579 = _v116;
																					_t1805 = _t1518 + _t1885 * 8;
																					__eflags = _t1579;
																					if(_t1579 != 0) {
																						_t1219 = _t1805[1];
																						_v111 = _t1219;
																						__eflags = _t1219 & 0x00000004;
																						if((_t1219 & 0x00000004) != 0) {
																							_t1589 = _t1518 + _t1885 * 8;
																							_t1253 = ( *(_t1518 + _t1885 * 8) & 0x0000ffff) * 8 - 0x10;
																							_v192 = _t1253;
																							__eflags = _v111 & 0x00000002;
																							if((_v111 & 0x00000002) != 0) {
																								__eflags = _t1253 - 4;
																								if(_t1253 > 4) {
																									_t1253 = _t1253 - 4;
																									__eflags = _t1253;
																									_v192 = _t1253;
																								}
																							}
																							_t1255 = E00FED540( &(_t1589[8]), _t1253, 0xfeeefeee);
																							_v32 = _t1255;
																							__eflags = _t1255 - _v192;
																							if(_t1255 == _v192) {
																								_t1805 = _t1518 + _t1885 * 8;
																							} else {
																								_t1590 =  *[fs:0x30];
																								__eflags =  *(_t1590 + 0xc);
																								if( *(_t1590 + 0xc) == 0) {
																									_push("HEAP: ");
																									E00F9B150();
																									_t1940 = _t1937 + 4;
																								} else {
																									E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																									_t1940 = _t1937 + 8;
																								}
																								_push(_v32 + 0x10 + _t1518 + _t1885 * 8);
																								E00F9B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1518 + _t1885 * 8);
																								_t1937 = _t1940 + 0xc;
																								_t1261 =  *[fs:0x30];
																								_t1805 = _t1518 + _t1885 * 8;
																								__eflags =  *((char*)(_t1261 + 2));
																								if( *((char*)(_t1261 + 2)) != 0) {
																									 *0x1086378 = 1;
																									 *0x10860c0 = _t1805;
																									asm("int3");
																									 *0x1086378 = 0;
																								}
																							}
																							_t1579 = _v116;
																						}
																					}
																					 *(_t1518 + 2) = _t1805[1];
																					_t1807 = ( *_t1805 & 0x0000ffff) + _t1885;
																					_v32 = _t1807;
																					_t1221 = _t1807 & 0x0000ffff;
																					_v32 = _t1807 & 0x0000ffff;
																					__eflags = _t1807 - 0xfe00;
																					if(_t1807 > 0xfe00) {
																						E00FBA830(_t1871, _t1518, _t1807);
																						goto L136;
																					} else {
																						 *_t1518 = _t1807;
																						_t1892 = _t1221;
																						 *(_t1518 + 4 + _t1807 * 8) =  *(_t1871 + 0x54) ^ _v32;
																						__eflags = _t1579;
																						if(_t1579 != 0) {
																							 *(_t1518 + 2) =  *(_t1518 + 2) & 0x000000f0;
																							 *(_t1518 + 7) = 0;
																							__eflags =  *(_t1871 + 0x40) & 0x00000040;
																							if(( *(_t1871 + 0x40) & 0x00000040) != 0) {
																								_t969 = _t1518 + 0x10; // 0x10
																								E00FED5E0(_t969, _t1892 * 8 - 0x10, 0xfeeefeee);
																								_t970 = _t1518 + 2;
																								 *_t970 =  *(_t1518 + 2) | 0x00000004;
																								__eflags =  *_t970;
																							}
																							_t1227 = _t1871 + 0xc0;
																							__eflags =  *(_t1871 + 0xb4);
																							if( *(_t1871 + 0xb4) == 0) {
																								_t1581 =  *_t1227;
																							} else {
																								_t1581 = E00FBE12C(_t1871, _t1892);
																								_t1227 = _t1871 + 0xc0;
																							}
																							while(1) {
																								__eflags = _t1227 - _t1581;
																								if(_t1227 == _t1581) {
																									break;
																								}
																								__eflags =  *(_t1871 + 0x4c);
																								if( *(_t1871 + 0x4c) == 0) {
																									_t1811 =  *(_t1581 - 8);
																								} else {
																									_t1811 =  *(_t1581 - 8);
																									_v132 = _t1811;
																									__eflags =  *(_t1871 + 0x4c) & _t1811;
																									if(( *(_t1871 + 0x4c) & _t1811) != 0) {
																										_t1811 = _t1811 ^  *(_t1871 + 0x50);
																										_v132 = _t1811;
																									}
																								}
																								_v136 = _t1811;
																								__eflags = _t1892 - (_t1811 & 0x0000ffff);
																								if(_t1892 <= (_t1811 & 0x0000ffff)) {
																									break;
																								} else {
																									_t1581 =  *_t1581;
																									_t1227 = _t1871 + 0xc0;
																									continue;
																								}
																							}
																							_t986 = _t1518 + 8; // 0x8
																							_t1893 = _t986;
																							_t1228 =  *((intOrPtr*)(_t1581 + 4));
																							_t1809 =  *_t1228;
																							__eflags = _t1809 - _t1581;
																							if(_t1809 != _t1581) {
																								_push(_t1581);
																								__eflags = 0;
																								E0105A80D(0, _t1581, 0, _t1809);
																							} else {
																								 *_t1893 = _t1581;
																								 *((intOrPtr*)(_t1893 + 4)) = _t1228;
																								 *_t1228 = _t1893;
																								 *((intOrPtr*)(_t1581 + 4)) = _t1893;
																							}
																							 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																							_t1765 =  *(_t1871 + 0xb4);
																							__eflags = _t1765;
																							if(_t1765 == 0) {
																								L134:
																								__eflags =  *(_t1871 + 0x4c);
																								if( *(_t1871 + 0x4c) != 0) {
																									 *(_t1518 + 3) =  *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518;
																									 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
																									__eflags =  *_t1518;
																								}
																								L136:
																								_v112 = 1;
																								_v71 = 0;
																								goto L137;
																							} else {
																								_t1583 =  *_t1518 & 0x0000ffff;
																								while(1) {
																									__eflags = _t1583 -  *((intOrPtr*)(_t1765 + 4));
																									if(_t1583 <  *((intOrPtr*)(_t1765 + 4))) {
																										break;
																									}
																									_t1235 =  *_t1765;
																									__eflags = _t1235;
																									if(_t1235 != 0) {
																										_t1765 = _t1235;
																										continue;
																									}
																									_t1236 =  *((intOrPtr*)(_t1765 + 4)) - 1;
																									__eflags = _t1236;
																									L520:
																									_v272 = _t1236;
																									L329:
																									E00FBE4A0(_t1871, _t1765, 1, _t1893, _t1236, _t1583);
																									goto L134;
																								}
																								_t1236 = _t1583;
																								goto L520;
																							}
																						}
																						 *(_t1518 + 2) = _t1579;
																						 *(_t1518 + 7) = _t1579;
																						_t1244 = _t1871 + 0xc0;
																						__eflags =  *(_t1871 + 0xb4);
																						if( *(_t1871 + 0xb4) == 0) {
																							_t1586 =  *_t1244;
																						} else {
																							_t1586 = E00FBE12C(_t1871, _t1892);
																							_t1244 = _t1871 + 0xc0;
																						}
																						while(1) {
																							__eflags = _t1244 - _t1586;
																							if(_t1244 == _t1586) {
																								break;
																							}
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) == 0) {
																								_t1813 =  *(_t1586 - 8);
																							} else {
																								_t1813 =  *(_t1586 - 8);
																								_v92 = _t1813;
																								__eflags =  *(_t1871 + 0x4c) & _t1813;
																								if(( *(_t1871 + 0x4c) & _t1813) != 0) {
																									_t1813 = _t1813 ^  *(_t1871 + 0x50);
																									_v92 = _t1813;
																								}
																							}
																							_v138 = _t1813;
																							__eflags = _t1892 - (_t1813 & 0x0000ffff);
																							if(_t1892 <= (_t1813 & 0x0000ffff)) {
																								break;
																							} else {
																								_t1586 =  *_t1586;
																								_t1244 = _t1871 + 0xc0;
																								continue;
																							}
																						}
																						_t803 = _t1518 + 8; // 0x8
																						_t1893 = _t803;
																						_t1246 =  *((intOrPtr*)(_t1586 + 4));
																						_t1814 =  *_t1246;
																						__eflags = _t1814 - _t1586;
																						if(_t1814 != _t1586) {
																							_push(_t1586);
																							E0105A80D(0, _t1586, 0, _t1814);
																						} else {
																							 *_t1893 = _t1586;
																							 *((intOrPtr*)(_t1893 + 4)) = _t1246;
																							 *_t1246 = _t1893;
																							 *((intOrPtr*)(_t1586 + 4)) = _t1893;
																						}
																						 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																						_t1765 =  *(_t1871 + 0xb4);
																						__eflags = _t1765;
																						if(_t1765 == 0) {
																							goto L134;
																						} else {
																							_t1583 =  *_t1518 & 0x0000ffff;
																							while(1) {
																								__eflags = _t1583 -  *((intOrPtr*)(_t1765 + 4));
																								if(_t1583 <  *((intOrPtr*)(_t1765 + 4))) {
																									break;
																								}
																								_t1249 =  *_t1765;
																								__eflags = _t1249;
																								if(_t1249 != 0) {
																									_t1765 = _t1249;
																									continue;
																								}
																								_t1236 =  *((intOrPtr*)(_t1765 + 4)) - 1;
																								__eflags = _t1236;
																								L395:
																								_v268 = _t1236;
																								goto L329;
																							}
																							_t1236 = _t1583;
																							goto L395;
																						}
																					}
																				}
																				_t1594 =  *_t1577 & 0x0000ffff;
																				while(1) {
																					__eflags = _t1594 -  *((intOrPtr*)(_t1802 + 4));
																					if(_t1594 <  *((intOrPtr*)(_t1802 + 4))) {
																						break;
																					}
																					_t1269 =  *_t1802;
																					__eflags = _t1269;
																					if(_t1269 != 0) {
																						_t1802 = _t1269;
																						continue;
																					}
																					_t1267 =  *((intOrPtr*)(_t1802 + 4)) - 1;
																					__eflags = _t1267;
																					L380:
																					_v264 = _t1267;
																					E00FBBC04(_t1871, _t1802, 1, _v32, _t1267, _t1594);
																					_t1577 = _t1518 + _t1885 * 8;
																					goto L381;
																				}
																				_t1267 = _t1594;
																				goto L380;
																			}
																		}
																		_t1894 = _t1885 & 0x0000ffff;
																		_v48 = _t1894;
																		_t1577[2] =  *(_t1871 + 0x54) ^ _t1894;
																		__eflags = _t1754;
																		if(_t1754 != 0) {
																			 *(_t1518 + 2) =  *(_t1518 + 2) & 0x000000f0;
																			 *(_t1518 + 7) = 0;
																			__eflags =  *(_t1871 + 0x40) & 0x00000040;
																			if(( *(_t1871 + 0x40) & 0x00000040) != 0) {
																				_t911 = _t1518 + 0x10; // 0x10
																				E00FED5E0(_t911, _t1894 * 8 - 0x10, 0xfeeefeee);
																				 *(_t1518 + 2) =  *(_t1518 + 2) | 0x00000004;
																			}
																			_t1281 = _t1871 + 0xc0;
																			__eflags =  *(_t1871 + 0xb4);
																			if( *(_t1871 + 0xb4) == 0) {
																				_t1601 =  *_t1281;
																			} else {
																				_t1601 = E00FBE12C(_t1871, _t1894);
																				_t1281 = _t1871 + 0xc0;
																			}
																			while(1) {
																				__eflags = _t1281 - _t1601;
																				if(_t1281 == _t1601) {
																					break;
																				}
																				__eflags =  *(_t1871 + 0x4c);
																				if( *(_t1871 + 0x4c) == 0) {
																					_t1766 =  *(_t1601 - 8);
																				} else {
																					_t1766 =  *(_t1601 - 8);
																					_v156 = _t1766;
																					__eflags =  *(_t1871 + 0x4c) & _t1766;
																					if(( *(_t1871 + 0x4c) & _t1766) != 0) {
																						_t1766 = _t1766 ^  *(_t1871 + 0x50);
																						__eflags = _t1766;
																						_v156 = _t1766;
																					}
																				}
																				_v134 = _t1766;
																				__eflags = _t1894 - (_t1766 & 0x0000ffff);
																				if(_t1894 > (_t1766 & 0x0000ffff)) {
																					_t1601 =  *_t1601;
																					_t1281 = _t1871 + 0xc0;
																					continue;
																				} else {
																					break;
																				}
																			}
																			_t674 = _t1518 + 8; // 0x8
																			_t1893 = _t674;
																			_t1282 =  *((intOrPtr*)(_t1601 + 4));
																			_t1763 =  *_t1282;
																			__eflags = _t1763 - _t1601;
																			if(_t1763 != _t1601) {
																				_push(_t1601);
																				E0105A80D(0, _t1601, 0, _t1763);
																			} else {
																				 *_t1893 = _t1601;
																				 *((intOrPtr*)(_t1893 + 4)) = _t1282;
																				 *_t1282 = _t1893;
																				 *((intOrPtr*)(_t1601 + 4)) = _t1893;
																			}
																			 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																			_t1765 =  *(_t1871 + 0xb4);
																			__eflags = _t1765;
																			if(_t1765 == 0) {
																				goto L134;
																			} else {
																				_t1583 =  *_t1518 & 0x0000ffff;
																				while(1) {
																					__eflags = _t1583 -  *((intOrPtr*)(_t1765 + 4));
																					if(_t1583 <  *((intOrPtr*)(_t1765 + 4))) {
																						break;
																					}
																					_t1285 =  *_t1765;
																					__eflags = _t1285;
																					if(_t1285 == 0) {
																						_t1236 =  *((intOrPtr*)(_t1765 + 4)) - 1;
																						L328:
																						_v260 = _t1236;
																						goto L329;
																					}
																					_t1765 = _t1285;
																				}
																				_t1236 = _t1583;
																				goto L328;
																			}
																		}
																		 *(_t1518 + 2) = _t1754;
																		 *(_t1518 + 7) = _t1754;
																		_t1289 = _t1871 + 0xc0;
																		_t1604 =  *(_t1871 + 0xb4);
																		_v36 = _t1604;
																		__eflags = _t1604;
																		if(_t1604 == 0) {
																			_t1895 =  *_t1289;
																			goto L119;
																		} else {
																			while(1) {
																				_t1315 =  *((intOrPtr*)(_t1604 + 4));
																				__eflags = _t1894 - _t1315;
																				if(_t1894 < _t1315) {
																					_v172 = _t1894;
																					_t1316 = _t1894;
																					break;
																				}
																				_t1784 =  *_t1604;
																				__eflags = _t1784;
																				if(_t1784 == 0) {
																					_t1316 = _t1315 - 1;
																					__eflags = _t1316;
																					L201:
																					_v172 = _t1316;
																					break;
																				} else {
																					_t1604 = _t1784;
																					_v36 = _t1604;
																					continue;
																				}
																			}
																			_v64 = _t1316;
																			_v52 = _t1316 -  *(_t1604 + 0x14);
																			_t1785 =  *(_t1604 + 0x18);
																			_v40 = _t1785;
																			_t1318 =  *((intOrPtr*)(_t1785 + 4));
																			__eflags = _t1785 - _t1318;
																			if(_t1785 == _t1318) {
																				_t1895 = _t1785;
																			} else {
																				_t1319 = _t1318 + 0xfffffff8;
																				_v32 = _t1319;
																				_t1320 =  *_t1319;
																				_v412 = _t1320;
																				_t1617 = _t1320 & 0x0000ffff;
																				__eflags =  *(_t1871 + 0x4c);
																				if( *(_t1871 + 0x4c) != 0) {
																					_t1799 =  *(_t1871 + 0x50) ^ _t1320;
																					_v412 = _t1799;
																					_t1364 = _t1799 & 0x0000ffff;
																					_v44 = _t1364;
																					_v68 = _t1364 & 0x0000ffff;
																					_t1648 = _t1799 >> 0x00000010 ^ _t1799 >> 0x00000008 ^ _t1799;
																					__eflags = _t1799 >> 0x18 - _t1648;
																					if(_t1799 >> 0x18 != _t1648) {
																						_push(_t1648);
																						E0105A80D(_t1871, _v32, 0, 0);
																						_t1617 = _v44 & 0x0000ffff;
																					} else {
																						_t1617 = _v68;
																					}
																					_t1785 = _v40;
																				}
																				_t1619 = _v48 - (_t1617 & 0x0000ffff);
																				_v324 = _t1619;
																				__eflags = _t1619;
																				if(_t1619 > 0) {
																					_t1895 = _t1785;
																					L116:
																					_t1604 = _v36;
																				} else {
																					_t1323 =  *_t1785 + 0xfffffff8;
																					_v32 = _t1323;
																					_t1324 =  *_t1323;
																					_v420 = _t1324;
																					_t1620 = _t1324 & 0x0000ffff;
																					__eflags =  *(_t1871 + 0x4c);
																					if( *(_t1871 + 0x4c) != 0) {
																						_t1795 =  *(_t1871 + 0x50) ^ _t1324;
																						_v420 = _t1795;
																						_t1358 = _t1795 & 0x0000ffff;
																						_v44 = _t1358;
																						_v68 = _t1358 & 0x0000ffff;
																						_t1643 = _t1795 >> 0x00000010 ^ _t1795 >> 0x00000008 ^ _t1795;
																						__eflags = _t1795 >> 0x18 - _t1643;
																						if(_t1795 >> 0x18 != _t1643) {
																							_push(_t1643);
																							E0105A80D(_t1871, _v32, 0, 0);
																							_t1620 = _v44 & 0x0000ffff;
																						} else {
																							_t1620 = _v68;
																						}
																						_t1785 = _v40;
																					}
																					_t1622 = _v48 - (_t1620 & 0x0000ffff);
																					_v328 = _t1622;
																					__eflags = _t1622;
																					_t1604 = _v36;
																					if(_t1622 <= 0) {
																						_t1895 =  *_t1785;
																						L117:
																						__eflags = _t1895;
																						if(_t1895 == 0) {
																							L211:
																							_t1604 =  *_t1604;
																							_v36 = _t1604;
																							_t1316 =  *(_t1604 + 0x14);
																							goto L201;
																						}
																						_t1289 = _t1871 + 0xc0;
																						L119:
																						_t1605 = _v48;
																						while(1) {
																							__eflags = _t1289 - _t1895;
																							if(_t1289 == _t1895) {
																								break;
																							}
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) == 0) {
																								_t1768 =  *(_t1895 - 8);
																							} else {
																								_t1768 =  *(_t1895 - 8);
																								_v164 = _t1768;
																								__eflags =  *(_t1871 + 0x4c) & _t1768;
																								if(( *(_t1871 + 0x4c) & _t1768) != 0) {
																									_t1768 = _t1768 ^  *(_t1871 + 0x50);
																									__eflags = _t1768;
																									_v164 = _t1768;
																								}
																							}
																							_v166 = _t1768;
																							__eflags = _t1605 - (_t1768 & 0x0000ffff);
																							if(_t1605 <= (_t1768 & 0x0000ffff)) {
																								break;
																							} else {
																								_t1895 =  *_t1895;
																								_t1289 = _t1871 + 0xc0;
																								continue;
																							}
																						}
																						_t283 = _t1518 + 8; // 0x8
																						_t1291 = _t283;
																						_t1606 =  *(_t1895 + 4);
																						_t1769 =  *_t1606;
																						__eflags = _t1769 - _t1895;
																						if(_t1769 != _t1895) {
																							_push(_t1606);
																							E0105A80D(0, _t1895, 0, _t1769);
																						} else {
																							 *_t1291 = _t1895;
																							_t1291[1] = _t1606;
																							 *_t1606 = _t1291;
																							 *(_t1895 + 4) = _t1291;
																						}
																						 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																						_t1608 =  *(_t1871 + 0xb4);
																						_v48 = _t1608;
																						__eflags = _t1608;
																						if(_t1608 == 0) {
																							goto L134;
																						} else {
																							_t1896 =  *_t1518 & 0x0000ffff;
																							while(1) {
																								_t1294 =  *((intOrPtr*)(_t1608 + 4));
																								__eflags = _t1896 - _t1294;
																								if(_t1896 < _t1294) {
																									break;
																								}
																								_t1771 =  *_t1608;
																								__eflags = _t1771;
																								if(_t1771 == 0) {
																									_t1295 = _t1294 - 1;
																									_v256 = _t1295;
																									L127:
																									_v88 = _t1295;
																									_t1773 = _t1295 -  *((intOrPtr*)(_t1608 + 0x14));
																									_v40 = _t1773;
																									__eflags =  *(_t1608 + 8);
																									if( *(_t1608 + 8) != 0) {
																										_v36 = _t1773 + _t1773;
																									} else {
																										_v36 = _t1773;
																									}
																									 *((intOrPtr*)(_t1608 + 0xc)) =  *((intOrPtr*)(_t1608 + 0xc)) + 1;
																									_v128 =  *( *((intOrPtr*)(_t1608 + 0x20)) + _v36 * 4);
																									__eflags = _v88 -  *((intOrPtr*)(_t1608 + 4)) - 1;
																									_t1775 = _v40;
																									if(_v88 ==  *((intOrPtr*)(_t1608 + 4)) - 1) {
																										 *((intOrPtr*)(_t1608 + 0x10)) =  *((intOrPtr*)(_t1608 + 0x10)) + 1;
																									}
																									_t1301 = _v128;
																									__eflags = _t1301;
																									if(_t1301 != 0) {
																										_t1302 = _t1301 + 0xfffffff8;
																										_v32 = _t1302;
																										_t1303 =  *_t1302;
																										_v436 = _t1303;
																										_v64 = _t1303 & 0x0000ffff;
																										__eflags =  *(_t1871 + 0x4c);
																										_t1775 = _v40;
																										if( *(_t1871 + 0x4c) != 0) {
																											_t1781 =  *(_t1871 + 0x50) ^ _t1303;
																											_v436 = _t1781;
																											_t1309 = _t1781 & 0x0000ffff;
																											_v44 = _t1309;
																											_v64 = _t1309 & 0x0000ffff;
																											_t1614 = _t1781 >> 0x00000010 ^ _t1781 >> 0x00000008 ^ _t1781;
																											__eflags = _t1781 >> 0x18 - _t1614;
																											if(_t1781 >> 0x18 != _t1614) {
																												_push(_t1614);
																												E0105A80D(_t1871, _v32, 0, 0);
																												_v64 = _v44 & 0x0000ffff;
																											}
																											_t1775 = _v40;
																											_t1608 = _v48;
																										}
																										_t1897 = _t1896 - (_v64 & 0x0000ffff);
																										_v336 = _t1897;
																										__eflags = _t1897;
																										if(_t1897 <= 0) {
																											goto L131;
																										} else {
																											goto L132;
																										}
																									} else {
																										L131:
																										_t310 = _t1518 + 8; // 0x8
																										 *( *((intOrPtr*)(_t1608 + 0x20)) + _v36 * 4) = _t310;
																										L132:
																										__eflags = _v128;
																										if(_v128 == 0) {
																											_t1900 = _t1775 >> 5;
																											_v40 = _t1775 & 0x0000001f;
																											_t318 = _v48 + 0x1c; // 0xffffbba0
																											_t1308 =  *_t318;
																											_t319 = _t1308 + _t1900 * 4;
																											 *_t319 =  *(_t1308 + _t1900 * 4) | 0x00000001 << _v40;
																											__eflags =  *_t319;
																										}
																										goto L134;
																									}
																								}
																								_t1608 = _t1771;
																								_v48 = _t1608;
																							}
																							_v256 = _t1896;
																							_t1295 = _t1896;
																							goto L127;
																						}
																					}
																					__eflags =  *_t1604;
																					if( *_t1604 == 0) {
																						__eflags = _v64 -  *((intOrPtr*)(_t1604 + 4)) - 1;
																						if(_v64 !=  *((intOrPtr*)(_t1604 + 4)) - 1) {
																							goto L107;
																						}
																						__eflags =  *(_t1604 + 8);
																						if( *(_t1604 + 8) != 0) {
																							_v52 = _v52 + _v52;
																						}
																						_t1347 =  *((intOrPtr*)( *((intOrPtr*)(_t1604 + 0x20)) + _v52 * 4));
																						while(1) {
																							_v64 = _t1347;
																							__eflags = _t1785 - _t1347;
																							if(_t1785 == _t1347) {
																								goto L116;
																							}
																							_t1348 = _t1347 + 0xfffffff8;
																							_v32 = _t1348;
																							_t1349 =  *_t1348;
																							_v428 = _t1349;
																							_t1632 = _t1349 & 0x0000ffff;
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) != 0) {
																								_t1791 =  *(_t1871 + 0x50) ^ _t1349;
																								_v428 = _t1791;
																								_t1352 = _t1791 & 0x0000ffff;
																								_v44 = _t1352;
																								_v68 = _t1352 & 0x0000ffff;
																								_t1638 = _t1791 >> 0x00000010 ^ _t1791 >> 0x00000008 ^ _t1791;
																								__eflags = _t1791 >> 0x18 - _t1638;
																								if(_t1791 >> 0x18 != _t1638) {
																									_push(_t1638);
																									E0105A80D(_t1871, _v32, 0, 0);
																									_t1632 = _v44 & 0x0000ffff;
																								} else {
																									_t1632 = _v68;
																								}
																								_t1785 = _v40;
																							}
																							_t1634 = _v48 - (_t1632 & 0x0000ffff);
																							_v332 = _t1634;
																							__eflags = _t1634;
																							if(_t1634 > 0) {
																								_t1347 =  *_v64;
																								continue;
																							} else {
																								_t1895 = _v64;
																								_t1604 = _v36;
																								goto L117;
																							}
																						}
																						goto L116;
																					}
																					L107:
																					_t1787 = _v52 >> 5;
																					_v44 = ( *((intOrPtr*)(_t1604 + 4)) -  *(_t1604 + 0x14) >> 5) - 1;
																					_t1333 =  *((intOrPtr*)(_t1604 + 0x1c)) + _t1787 * 4;
																					_v32 = 1;
																					_t1628 =  !((1 << (_v52 & 0x0000001f)) - 1) &  *_t1333;
																					__eflags = _t1628;
																					_t1904 = _v44;
																					while(1) {
																						_v252 = _t1333;
																						_v188 = _t1787;
																						__eflags = _t1628;
																						if(_t1628 != 0) {
																							break;
																						}
																						__eflags = _t1787 - _t1904;
																						if(_t1787 > _t1904) {
																							__eflags = _t1628;
																							if(_t1628 != 0) {
																								break;
																							}
																							_t1604 = _v36;
																							goto L211;
																						} else {
																							_t1333 =  &(_t1333[1]);
																							_t1628 =  *_t1333;
																							_t1787 = _t1787 + 1;
																							continue;
																						}
																					}
																					__eflags = _t1628;
																					if(_t1628 == 0) {
																						_t1336 = _t1628 >> 0x00000010 & 0x000000ff;
																						__eflags = _t1336;
																						if(_t1336 != 0) {
																							_t1338 = ( *(_t1336 + 0xf784d0) & 0x000000ff) + 0x10;
																						} else {
																							_t424 = (_t1628 >> 0x18) + 0xf784d0; // 0x10008
																							_t1338 = ( *_t424 & 0x000000ff) + 0x18;
																						}
																					} else {
																						_t1341 = _t1628 & 0x000000ff;
																						__eflags = _t1628;
																						if(_t1628 == 0) {
																							_t1338 = ( *((_t1628 >> 0x00000008 & 0x000000ff) + 0xf784d0) & 0x000000ff) + 8;
																						} else {
																							_t1338 =  *(_t1341 + 0xf784d0) & 0x000000ff;
																						}
																					}
																					_t1789 = (_t1787 << 5) + _t1338;
																					_v188 = _t1789;
																					_t1604 = _v36;
																					__eflags =  *(_t1604 + 8);
																					if( *(_t1604 + 8) != 0) {
																						_t1789 = _t1789 + _t1789;
																					}
																					_t1895 =  *( *((intOrPtr*)(_t1604 + 0x20)) + _t1789 * 4);
																				}
																			}
																			goto L117;
																		}
																	}
																}
															}
															_t1654 =  *_t1518 & 0x0000ffff;
															while(1) {
																_t550 = _t1740 + 4; // 0x0
																_t1384 =  *_t550;
																__eflags = _t1654 - _t1384;
																if(_t1654 < _t1384) {
																	break;
																}
																_t1906 =  *_t1740;
																_v44 = _t1906;
																__eflags = _t1906;
																_t1883 = _v32;
																if(_t1906 == 0) {
																	_t554 = _t1384 - 1; // -1
																	_t1654 = _t554;
																	break;
																}
																_t1740 = _v44;
															}
															_v240 = _t1654;
															_t556 = _t1518 + 8; // 0x8
															E00FBBC04(_t1871, _t1740, 1, _t556, _t1654,  *_t1518 & 0x0000ffff);
															_t1567 = _v88;
															goto L258;
														}
														_t1518 = _t1882 - 8;
														_v100 = _t1518;
														__eflags =  *(_t1871 + 0x4c);
														if( *(_t1871 + 0x4c) != 0) {
															 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
															__eflags =  *(_t1518 + 3) - ( *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518);
															if(__eflags != 0) {
																_push(_t1564);
																E0104FA2B(_t1518, _t1871, _t1518, _t1871, _t1882, __eflags);
															}
														}
														_t1656 =  *_t1518 & 0x0000ffff;
														__eflags = _t1656 - _v52;
														if(_t1656 < _v52) {
															__eflags =  *(_t1871 + 0x4c);
															if( *(_t1871 + 0x4c) != 0) {
																 *(_t1518 + 3) =  *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518;
																 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
															}
															goto L248;
														}
														_t115 = _t1518 + 8; // 0x8
														_t1392 = _t115;
														_v44 = _t1392;
														_t1393 =  *_t1392;
														_v160 = _t1393;
														_t1820 =  *(_t1518 + 0xc);
														_v152 = _t1820;
														_t1821 =  *_t1820;
														_t1907 =  *((intOrPtr*)(_t1393 + 4));
														__eflags = _t1821 - _t1907;
														if(_t1821 != _t1907) {
															L440:
															_push(_t1656);
															_t858 = _t1518 + 8; // 0x8
															_t1546 = 0xd;
															_t1074 = E0105A80D(_t1871, _t858, _t1907, _t1821);
															_v70 = 0;
															goto L153;
														}
														_t121 = _t1518 + 8; // 0x8
														__eflags = _t1821 - _t121;
														if(_t1821 != _t121) {
															goto L440;
														}
														 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - _t1656;
														_t1657 =  *(_t1871 + 0xb4);
														_v36 = _t1657;
														__eflags = _t1657;
														if(_t1657 == 0) {
															L74:
															_t1396 = _v160;
															_t1658 = _v152;
															 *_t1658 = _t1396;
															 *(_t1396 + 4) = _t1658;
															__eflags =  *(_t1518 + 2) & 0x00000008;
															if(( *(_t1518 + 2) & 0x00000008) != 0) {
																_t1397 = E00FBA229(_t1871, _t1518);
																__eflags = _t1397;
																if(_t1397 != 0) {
																	goto L75;
																}
																_t1546 = _t1871;
																_t1074 = E00FBA309(_t1871, _t1518,  *_t1518 & 0x0000ffff, 1);
																_v70 = 0;
																goto L153;
															}
															L75:
															_v70 = 1;
															goto L76;
														} else {
															_t1825 =  *_t1518 & 0x0000ffff;
															while(1) {
																_t1399 =  *((intOrPtr*)(_t1657 + 4));
																__eflags = _t1825 - _t1399;
																if(_t1825 < _t1399) {
																	break;
																}
																_t1908 =  *_t1657;
																__eflags = _t1908;
																if(_t1908 == 0) {
																	_t427 = _t1399 - 1; // -1
																	_t1825 = _t427;
																	break;
																} else {
																	_t1657 = _t1908;
																	_v36 = _t1657;
																	continue;
																}
															}
															_v232 = _t1825;
															_v108 =  *_t1518 & 0x0000ffff;
															_t1910 = _t1825 -  *((intOrPtr*)(_t1657 + 0x14));
															_v40 = _t1910;
															__eflags =  *(_t1657 + 8);
															if( *(_t1657 + 8) != 0) {
																_t1401 = _t1910 + _t1910;
															} else {
																_t1401 = _t1910;
															}
															_t1911 = _t1401 * 4;
															_v88 = _t1911;
															_t1403 =  *((intOrPtr*)(_t1657 + 0x20)) + _t1911;
															_v128 = _t1403;
															_v32 =  *_t1403;
															 *((intOrPtr*)(_t1657 + 0xc)) =  *((intOrPtr*)(_t1657 + 0xc)) - 1;
															_t1405 =  *((intOrPtr*)(_t1657 + 4));
															_t140 = _t1405 - 1; // -1
															_t1912 = _t140;
															_v68 = _t1912;
															__eflags = _t1825 - _t1912;
															if(_t1825 == _t1912) {
																 *((intOrPtr*)(_t1657 + 0x10)) =  *((intOrPtr*)(_t1657 + 0x10)) - 1;
															}
															__eflags = _v32 - _v44;
															if(_v32 != _v44) {
																goto L74;
															} else {
																_v236 = _t1405;
																__eflags =  *_t1657;
																if( *_t1657 == 0) {
																	_t1405 = _v68;
																	_v236 = _t1405;
																}
																_v48 =  *(_t1518 + 8);
																_v32 =  *((intOrPtr*)(_t1657 + 0x18));
																__eflags = _t1825 - _t1405;
																_t1916 = _v40;
																if(_t1825 >= _t1405) {
																	_t1406 = _v48;
																	_t1660 = _v128;
																	__eflags = _t1406 - _v32;
																	if(_t1406 != _v32) {
																		 *_t1660 = _t1406;
																		goto L74;
																	}
																	 *_t1660 = 0;
																	L73:
																	_t1917 = _t1916 >> 5;
																	_t1408 =  *((intOrPtr*)(_v36 + 0x1c));
																	_t172 = _t1408 + _t1917 * 4;
																	 *_t172 =  *(_t1408 + _t1917 * 4) &  !(1 << (_v40 & 0x0000001f));
																	__eflags =  *_t172;
																	goto L74;
																}
																_t1829 = _v48;
																__eflags = _t1829 -  *((intOrPtr*)(_t1657 + 0x18));
																if(_t1829 ==  *((intOrPtr*)(_t1657 + 0x18))) {
																	L72:
																	 *(_v88 +  *((intOrPtr*)(_t1657 + 0x20))) = 0;
																	goto L73;
																}
																_t1410 = _t1829 - 8;
																_v32 = _t1410;
																_t1411 =  *_t1410;
																_v404 = _t1411;
																_t1527 = _t1411 & 0x0000ffff;
																__eflags =  *(_t1871 + 0x4c);
																if( *(_t1871 + 0x4c) != 0) {
																	_t1831 =  *(_t1871 + 0x50) ^ _t1411;
																	_v404 = _t1831;
																	_t1414 = _t1831 & 0x0000ffff;
																	_v44 = _t1414;
																	_t1527 = _t1414 & 0x0000ffff;
																	_t1668 = _t1831 >> 0x00000010 ^ _t1831 >> 0x00000008 ^ _t1831;
																	__eflags = _t1831 >> 0x18 - _t1668;
																	if(_t1831 >> 0x18 != _t1668) {
																		_push(_t1668);
																		E0105A80D(_t1871, _v32, 0, 0);
																		_t1527 = _v44 & 0x0000ffff;
																	}
																	_t1829 = _v48;
																	_t1657 = _v36;
																}
																_t1529 = _v108 - (_t1527 & 0x0000ffff);
																__eflags = _t1529;
																_v316 = _t1529;
																if(_t1529 == 0) {
																	 *(_v88 +  *((intOrPtr*)(_t1657 + 0x20))) = _t1829;
																	_t1518 = _v100;
																	goto L74;
																} else {
																	_t1518 = _v100;
																	goto L72;
																}
															}
														}
													}
												}
											}
											L311:
											_t1882 = _t1736;
											goto L49;
										}
									}
									_t1564 = _t1147;
									_v36 = _t1147;
								}
								goto L26;
							}
							_t1922 =  *_t1145;
							if(_t1922 != 0) {
								_t1518 = _t1922 - 8;
								_v100 = _t1518;
								__eflags =  *(_t1871 + 0x4c);
								if( *(_t1871 + 0x4c) != 0) {
									 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
									__eflags =  *(_t1518 + 3) - ( *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518);
									if(__eflags != 0) {
										_push(_t1546);
										E0104FA2B(_t1518, _t1871, _t1518, _t1871, _t1922, __eflags);
									}
								}
								_t460 = _t1518 + 8; // 0xddeeddf6
								_t1459 = _t460;
								_v160 = _t1459;
								_t1707 =  *_t1459;
								_v44 = _t1707;
								_t1460 =  *(_t1518 + 0xc);
								_v32 = _t1460;
								_t1461 =  *_t1460;
								_t1708 =  *((intOrPtr*)(_t1707 + 4));
								__eflags = _t1461 - _t1708;
								if(_t1461 != _t1708) {
									L429:
									_push(_t1708);
									_t1546 = 0xd;
									E0105A80D(_t1871, _t1922, _t1708, _t1461);
									goto L430;
								} else {
									__eflags = _t1461 - _t1922;
									if(_t1461 != _t1922) {
										goto L429;
									}
									 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - ( *_t1518 & 0x0000ffff);
									_t1709 =  *(_t1871 + 0xb4);
									_v36 = _t1709;
									__eflags = _t1709;
									if(_t1709 == 0) {
										L235:
										_t1465 = _v44;
										_t1710 = _v32;
										 *_t1710 = _t1465;
										 *(_t1465 + 4) = _t1710;
										__eflags =  *(_t1518 + 2) & 0x00000008;
										if(( *(_t1518 + 2) & 0x00000008) != 0) {
											_t1466 = E00FBA229(_t1871, _t1518);
											__eflags = _t1466;
											if(_t1466 != 0) {
												goto L236;
											}
											_t1546 = _t1871;
											E00FBA309(_t1871, _t1518,  *_t1518 & 0x0000ffff, 1);
											L430:
											_v69 = 0;
											 *( *[fs:0x18] + 0xbf4) = 0xc0000017;
											_t1923 =  *[fs:0x18];
											_v296 = _t1923;
											 *((intOrPtr*)(_t1923 + 0x34)) = E00F9CCC0(0xc0000017);
											goto L153;
										}
										L236:
										_v69 = 1;
										goto L76;
									}
									_t1852 =  *_t1518 & 0x0000ffff;
									while(1) {
										_t1469 =  *((intOrPtr*)(_t1709 + 4));
										__eflags = _t1852 - _t1469;
										if(_t1852 < _t1469) {
											break;
										}
										_t1924 =  *_t1709;
										__eflags = _t1924;
										if(_t1924 == 0) {
											_t838 = _t1469 - 1; // -1
											_t1852 = _t838;
											break;
										}
										_t1709 = _t1924;
										_v36 = _t1709;
									}
									_v220 = _t1852;
									_v68 =  *_t1518 & 0x0000ffff;
									_t1926 = _t1852 -  *((intOrPtr*)(_t1709 + 0x14));
									_v40 = _t1926;
									__eflags =  *(_t1709 + 8);
									if( *(_t1709 + 8) != 0) {
										_t1471 = _t1926 + _t1926;
									} else {
										_t1471 = _t1926;
									}
									_t1927 = _t1471 * 4;
									_v128 = _t1927;
									_t1473 =  *((intOrPtr*)(_t1709 + 0x20)) + _t1927;
									_v88 = _t1473;
									_v152 =  *_t1473;
									 *((intOrPtr*)(_t1709 + 0xc)) =  *((intOrPtr*)(_t1709 + 0xc)) - 1;
									_t1475 =  *((intOrPtr*)(_t1709 + 4));
									_v48 = _t1475;
									_t485 = _t1475 - 1; // -1
									_t1928 = _t485;
									_v108 = _t1928;
									__eflags = _t1852 - _t1928;
									if(_t1852 == _t1928) {
										 *((intOrPtr*)(_t1709 + 0x10)) =  *((intOrPtr*)(_t1709 + 0x10)) - 1;
									}
									__eflags = _v152 - _v160;
									if(_v152 != _v160) {
										goto L235;
									} else {
										_v216 = _t1475;
										__eflags =  *_t1709;
										if( *_t1709 == 0) {
											_t1476 = _v108;
											_v48 = _t1476;
											_v216 = _t1476;
										}
										_t1477 =  *(_t1518 + 8);
										_v152 = _t1477;
										_v108 =  *((intOrPtr*)(_t1709 + 0x18));
										__eflags = _t1852 - _v48;
										_t1931 = _v40;
										if(_t1852 >= _v48) {
											_t1712 = _v88;
											__eflags = _t1477 - _v108;
											if(_t1477 == _v108) {
												 *_t1712 = 0;
												goto L234;
											}
											 *_t1712 = _t1477;
											goto L235;
										} else {
											__eflags = _t1477 -  *((intOrPtr*)(_t1709 + 0x18));
											if(_t1477 ==  *((intOrPtr*)(_t1709 + 0x18))) {
												L233:
												 *(_v128 +  *((intOrPtr*)(_t1709 + 0x20))) = 0;
												L234:
												_t1932 = _t1931 >> 5;
												_t1479 =  *((intOrPtr*)(_v36 + 0x1c));
												_t513 = _t1479 + _t1932 * 4;
												 *_t513 =  *(_t1479 + _t1932 * 4) &  !(1 << (_v40 & 0x0000001f));
												__eflags =  *_t513;
												goto L235;
											}
											_t1481 = _t1477 + 0xfffffff8;
											_v108 = _t1481;
											_t1482 =  *_t1481;
											_v372 = _t1482;
											_t1539 = _t1482 & 0x0000ffff;
											__eflags =  *(_t1871 + 0x4c);
											if( *(_t1871 + 0x4c) != 0) {
												_t1861 =  *(_t1871 + 0x50) ^ _t1482;
												_v372 = _t1861;
												_t1485 = _t1861 & 0x0000ffff;
												_v160 = _t1485;
												_t1539 = _t1485 & 0x0000ffff;
												_t1719 = _t1861 >> 0x00000010 ^ _t1861 >> 0x00000008 ^ _t1861;
												__eflags = _t1861 >> 0x18 - _t1719;
												if(_t1861 >> 0x18 != _t1719) {
													_push(_t1719);
													E0105A80D(_t1871, _v108, 0, 0);
													_t1539 = _v160 & 0x0000ffff;
												}
												_t1709 = _v36;
											}
											_t1858 = _v68 - (_t1539 & 0x0000ffff);
											__eflags = _t1858;
											_v292 = _t1858;
											if(_t1858 == 0) {
												 *(_v128 +  *((intOrPtr*)(_t1709 + 0x20))) = _v152;
												_t1518 = _v100;
												goto L235;
											} else {
												_t1518 = _v100;
												goto L233;
											}
										}
									}
								}
							}
							goto L23;
						}
						_t1496 = _a4;
						if(_t1518 >= ( *(_t1871 + 0xe0) & 0x0000ffff)) {
							__eflags = _t1496 -  *0x1085cb4; // 0x4000
							if(__eflags > 0) {
								goto L21;
							}
							__eflags =  *((char*)(_t1871 + 0xda)) - 2;
							if( *((char*)(_t1871 + 0xda)) == 2) {
								__eflags =  *(_t1871 + 0xd4);
								if( *(_t1871 + 0xd4) != 0) {
									goto L21;
								}
							}
							__eflags =  *((char*)(_t1871 + 0xdb)) - 2;
							if( *((char*)(_t1871 + 0xdb)) == 2) {
								 *(_t1871 + 0x48) =  *(_t1871 + 0x48) | 0x20000000;
							}
							goto L21;
						}
						_t1952 = _t1496 -  *0x1085cb4; // 0x4000
						if(_t1952 > 0) {
							goto L21;
						}
						_t1723 = _t1871 + 0xe2 + (_t1518 >> 3);
						_v88 = _t1723;
						_t1546 = _t1518 & 7;
						_v128 = _t1546;
						if(( *_t1723 & 0x00000001 << _t1546) != 0) {
							L20:
							_t1729 = _v52;
							goto L21;
						}
						_t1933 =  *((intOrPtr*)(_t1871 + 0xdc)) + _t1518 * 2;
						_v288 = _t1933;
						 *_t1933 =  *_t1933 + 0x21;
						_t1546 =  *_t1933;
						if(_v180 != 0) {
							L275:
							_t1504 = _a4;
							__eflags = _t1504;
							if(_t1504 == 0) {
								_t1866 = 1;
							} else {
								_t1866 = _t1504;
							}
							__eflags =  *((char*)(_t1871 + 0xda)) - 2;
							if( *((char*)(_t1871 + 0xda)) != 2) {
								_t1724 = 0;
							} else {
								_t1724 =  *(_t1871 + 0xd4);
							}
							_t1506 = E00FCF4A7(_t1724, _t1866) & 0x0000ffff;
							_t1546 = 0xffff;
							__eflags = _t1506 - 0xffff;
							if(_t1506 == 0xffff) {
								__eflags =  *((char*)(_t1871 + 0xda)) - 2;
								if( *((char*)(_t1871 + 0xda)) == 2) {
									__eflags =  *(_t1871 + 0xd4);
									if( *(_t1871 + 0xd4) != 0) {
										goto L20;
									}
								}
								 *(_t1871 + 0x48) =  *(_t1871 + 0x48) | 0x20000000;
							} else {
								 *_t1933 = _t1506;
								_t1546 = _v88;
								asm("bts eax, edx");
								 *_t1546 =  *_t1546 & 0x000000ff;
								 *((intOrPtr*)(_t1871 + 0x22c)) =  *((intOrPtr*)(_t1871 + 0x22c)) + 1;
							}
							goto L20;
						}
						if((_t1546 & 0x0000001f) > 0x10 || _t1546 > 0xff00) {
							_v212 = 1;
							goto L275;
						} else {
							_v212 = 0;
							goto L20;
						}
					} else {
						_t1546 =  *(_t1871 + 0xc8);
						_t1868 =  *[fs:0x18];
						asm("lock btr dword [eax], 0x0");
						if(_t1946 >= 0) {
							_t1074 =  *(_t1546 + 0xc);
							__eflags =  *(_t1546 + 0xc) -  *(_t1868 + 0x24);
							if( *(_t1546 + 0xc) ==  *(_t1868 + 0x24)) {
								 *(_t1546 + 8) =  *(_t1546 + 8) + 1;
								goto L8;
							}
							_v176 = 0;
							__eflags =  *0x1087bc8;
							if( *0x1087bc8 != 0) {
								_v109 = 0;
								 *( *[fs:0x18] + 0xbf4) = 0xc0000194;
								_t1934 =  *[fs:0x18];
								_v284 = _t1934;
								 *((intOrPtr*)(_t1934 + 0x34)) = E00F9CCC0(0xc0000194);
								L153:
								_v8 = 0xfffffffe;
								E00FB6DF6(_t1074, _t1546, _t1871);
								_t1078 =  *( *[fs:0x30] + 0x50);
								__eflags = _t1078;
								if(_t1078 != 0) {
									__eflags =  *_t1078;
									if( *_t1078 == 0) {
										goto L154;
									}
									_t1079 =  *( *[fs:0x30] + 0x50) + 0x22e;
									L155:
									_t1877 = _v80;
									__eflags =  *_t1079;
									if( *_t1079 != 0) {
										__eflags = _t1877;
										if(_t1877 != 0) {
											_t1730 = _v60;
											__eflags = _t1730;
											if(_t1730 != 0) {
												E0104FEC0(_t1518, _t1871, _t1730 & 0xffff0000,  *((intOrPtr*)(_t1730 + 0x14)));
											}
										}
									}
									_t1073 = _t1877;
									L157:
									 *[fs:0x0] = _v20;
									return _t1073;
								}
								L154:
								_t1079 = 0x7ffe0388;
								goto L155;
							}
							_v180 = 1;
							E00FAEEF0( *(_t1871 + 0xc8));
							_t1546 = _t1871;
							_t1074 = E00FD4032(_t1546, 1);
							goto L9;
						} else {
							_t1074 =  *(_t1868 + 0x24);
							 *(_t1546 + 0xc) =  *(_t1868 + 0x24);
							 *(_t1546 + 8) = 1;
							L8:
							_v176 = 1;
							 *((intOrPtr*)(_t1871 + 0x204)) =  *((intOrPtr*)(_t1871 + 0x204)) + 1;
							L9:
							_v109 = 1;
							_v53 = 1;
							if(( *(_t1871 + 0x48) & 0x30000000) != 0) {
								_t1546 = _t1871;
								_t1074 = E00FC5640(_t1518);
							}
							_t1729 = _v52;
							goto L11;
						}
					}
				}
			}





















































































































































































































































































































































































































                                    0x00fb5600
                                    0x00fb5600
                                    0x00fb5605
                                    0x00fb5607
                                    0x00fb560c
                                    0x00fb5617
                                    0x00fb5618
                                    0x00fb561f
                                    0x00fb5621
                                    0x00fb5626
                                    0x00fb562b
                                    0x00fb562f
                                    0x00fb5635
                                    0x00fb5638
                                    0x00fb563a
                                    0x00fb5640
                                    0x00fb564a
                                    0x00fb5651
                                    0x00fb5655
                                    0x00fb565c
                                    0x00fb5663
                                    0x00fb5670
                                    0x00fb5679
                                    0x00fb672c
                                    0x00fb6736
                                    0x00fb673c
                                    0x00fb673f
                                    0x00fb6744
                                    0x00ffebaf
                                    0x00000000
                                    0x00ffebaf
                                    0x00fb674a
                                    0x00fb6750
                                    0x00ffebb6
                                    0x00ffebbc
                                    0x00000000
                                    0x00000000
                                    0x00ffebc3
                                    0x00000000
                                    0x00ffebc3
                                    0x00fb6756
                                    0x00fb6756
                                    0x00fb6758
                                    0x00ffebcd
                                    0x00ffebcd
                                    0x00fb6766
                                    0x00fb676c
                                    0x00fb676f
                                    0x00ffebd7
                                    0x00ffebd7
                                    0x00fb6775
                                    0x00fb6778
                                    0x00fb6783
                                    0x00fb6786
                                    0x00fb6789
                                    0x00fb678e
                                    0x00ffebe1
                                    0x00ffebe8
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fb6794
                                    0x00fb6794
                                    0x00fb6794
                                    0x00fb6797
                                    0x00fb679a
                                    0x00fb679a
                                    0x00fb679d
                                    0x00fb67a0
                                    0x00fb67a0
                                    0x00fb67a3
                                    0x00000000
                                    0x00fb67a3
                                    0x00fb568c
                                    0x00fb568c
                                    0x00fb568e
                                    0x00fb5691
                                    0x00fb5693
                                    0x00fb5699
                                    0x00ffeb9e
                                    0x00ffeba2
                                    0x00ffeba7
                                    0x00ffeba7
                                    0x00fb56a2
                                    0x00fb56a8
                                    0x00fb56ab
                                    0x00fb56ad
                                    0x00fb56b3
                                    0x00fb64d1
                                    0x00fb64d7
                                    0x00fb64de
                                    0x00fb64e1
                                    0x00fb64e7
                                    0x00fb64ea
                                    0x00fb64ea
                                    0x00fb64e1
                                    0x00fb56b9
                                    0x00fb56c0
                                    0x00fb56c2
                                    0x00fb5714
                                    0x00fb5717
                                    0x00fb69d8
                                    0x00fb69dc
                                    0x00fff55f
                                    0x00fb6be2
                                    0x00fb6be2
                                    0x00000000
                                    0x00fb6be2
                                    0x00fb69e5
                                    0x00fb69e8
                                    0x00fb69eb
                                    0x00fb69f8
                                    0x00fb69fb
                                    0x00fb6a01
                                    0x00fb6a16
                                    0x00fb6a1c
                                    0x00fb6a21
                                    0x00fb6a28
                                    0x00fb6a2a
                                    0x00fb6a30
                                    0x00fb6a31
                                    0x00fb6a3c
                                    0x00fb6a3d
                                    0x00fb6a45
                                    0x00fb6a46
                                    0x00fb6a48
                                    0x00fb6a4d
                                    0x00fb6a53
                                    0x00fb6a55
                                    0x00000000
                                    0x00000000
                                    0x00fb6a63
                                    0x00fb6a66
                                    0x00fb6a67
                                    0x00fb6a6f
                                    0x00fb6a70
                                    0x00fb6a75
                                    0x00fb6a76
                                    0x00fb6a78
                                    0x00fb6a7d
                                    0x00fb6a83
                                    0x00fb6a85
                                    0x00fff54d
                                    0x00fff554
                                    0x00000000
                                    0x00fff554
                                    0x00fb6a94
                                    0x00fb6aa1
                                    0x00fb6aaa
                                    0x00fb6ab6
                                    0x00fb6abc
                                    0x00fb6ac3
                                    0x00fb6ac9
                                    0x00fb6ace
                                    0x00fb6ad0
                                    0x00fff40f
                                    0x00fb6ad6
                                    0x00fb6ad6
                                    0x00fb6ad6
                                    0x00fb6adb
                                    0x00fb6ade
                                    0x00fff419
                                    0x00fff41f
                                    0x00fff426
                                    0x00fff431
                                    0x00fff436
                                    0x00fff436
                                    0x00fff426
                                    0x00fb6ae4
                                    0x00fb6ae9
                                    0x00fb6aeb
                                    0x00fff449
                                    0x00fb6af1
                                    0x00fb6af1
                                    0x00fb6af1
                                    0x00fb6af6
                                    0x00fb6af9
                                    0x00fff453
                                    0x00fff459
                                    0x00fff460
                                    0x00fff46b
                                    0x00fff46d
                                    0x00fff47f
                                    0x00fff46f
                                    0x00fff478
                                    0x00fff478
                                    0x00fff492
                                    0x00fff497
                                    0x00fff497
                                    0x00fff460
                                    0x00fb6aff
                                    0x00fb6b04
                                    0x00fb6b06
                                    0x00fff4aa
                                    0x00fb6b0c
                                    0x00fb6b0c
                                    0x00fb6b0c
                                    0x00fb6b11
                                    0x00fb6b14
                                    0x00fff4b9
                                    0x00fff4bb
                                    0x00fff4cd
                                    0x00fff4bd
                                    0x00fff4c6
                                    0x00fff4c6
                                    0x00fff4e0
                                    0x00fff4e5
                                    0x00fff4e5
                                    0x00fb6b1a
                                    0x00fb6b21
                                    0x00fff4f9
                                    0x00fff4fc
                                    0x00fff506
                                    0x00fff506
                                    0x00fb6b2d
                                    0x00fb6b30
                                    0x00fb6b36
                                    0x00fb6b3b
                                    0x00fff530
                                    0x00fff530
                                    0x00fb6b41
                                    0x00fb6b44
                                    0x00fb6b48
                                    0x00fb6b53
                                    0x00fb6b59
                                    0x00fb6b59
                                    0x00fb6b59
                                    0x00fb6b5c
                                    0x00fb6b5c
                                    0x00fb6b5f
                                    0x00fb6b65
                                    0x00fb6b68
                                    0x00fb6b6a
                                    0x00fb6b6c
                                    0x00fff539
                                    0x00fff540
                                    0x00fff543
                                    0x00fb6b72
                                    0x00fb6b72
                                    0x00fb6b74
                                    0x00fb6b77
                                    0x00fb6b79
                                    0x00fb6b79
                                    0x00fb6b7f
                                    0x00fb6b82
                                    0x00000000
                                    0x00fb6b82
                                    0x00fb571f
                                    0x00fb57b0
                                    0x00fb57b0
                                    0x00fb57b5
                                    0x00fb57c1
                                    0x00fb57c7
                                    0x00fb57cd
                                    0x00fb57d3
                                    0x00fb57e0
                                    0x00fb57e0
                                    0x00fb57e5
                                    0x00fb57eb
                                    0x00fb57eb
                                    0x00fb57eb
                                    0x00fb61b6
                                    0x00fb61b8
                                    0x00fb61ba
                                    0x00fb6503
                                    0x00fb57ed
                                    0x00fb57ed
                                    0x00fb57ed
                                    0x00fb57f3
                                    0x00fb57f6
                                    0x00fb57f8
                                    0x00fb57fb
                                    0x00fb57fe
                                    0x00fb5803
                                    0x00000000
                                    0x00000000
                                    0x00fb5809
                                    0x00fb580c
                                    0x00fb580f
                                    0x00fb5811
                                    0x00fb5817
                                    0x00fb581d
                                    0x00fb5822
                                    0x00fb5824
                                    0x00fb582a
                                    0x00fb582d
                                    0x00fb5833
                                    0x00fb5842
                                    0x00fb5849
                                    0x00ffed03
                                    0x00ffed12
                                    0x00ffed1a
                                    0x00fb584f
                                    0x00fb584f
                                    0x00fb584f
                                    0x00fb5852
                                    0x00fb5852
                                    0x00fb585b
                                    0x00fb585d
                                    0x00fb5865
                                    0x00fb65de
                                    0x00000000
                                    0x00fb586b
                                    0x00fb586d
                                    0x00fb5870
                                    0x00fb5873
                                    0x00fb5875
                                    0x00fb587b
                                    0x00fb5881
                                    0x00fb5886
                                    0x00fb5888
                                    0x00fb588e
                                    0x00fb5891
                                    0x00fb5897
                                    0x00fb58a6
                                    0x00fb58ad
                                    0x00ffed22
                                    0x00ffed31
                                    0x00ffed39
                                    0x00fb58b3
                                    0x00fb58b3
                                    0x00fb58b3
                                    0x00fb58b6
                                    0x00fb58b6
                                    0x00fb58bf
                                    0x00fb58c1
                                    0x00fb58c9
                                    0x00fb58cc
                                    0x00fb6300
                                    0x00000000
                                    0x00fb58d2
                                    0x00fb58d4
                                    0x00fb58e8
                                    0x00fb58f4
                                    0x00fb58f8
                                    0x00fb58fe
                                    0x00fb590e
                                    0x00fb5910
                                    0x00fb5910
                                    0x00fb5916
                                    0x00fb591e
                                    0x00000000
                                    0x00000000
                                    0x00fb5922
                                    0x00fb605f
                                    0x00fb6061
                                    0x00000000
                                    0x00000000
                                    0x00fb6067
                                    0x00000000
                                    0x00fb5928
                                    0x00fb5928
                                    0x00fb592b
                                    0x00fb592d
                                    0x00000000
                                    0x00fb592d
                                    0x00fb5922
                                    0x00fb5930
                                    0x00fb5933
                                    0x00fb6077
                                    0x00fb607a
                                    0x00fb607c
                                    0x00fb61d7
                                    0x00fb6082
                                    0x00fb6082
                                    0x00fb6082
                                    0x00fb5939
                                    0x00fb593e
                                    0x00fb5941
                                    0x00fb5943
                                    0x00fb61e6
                                    0x00fb5949
                                    0x00fb594c
                                    0x00fb5953
                                    0x00fb5953
                                    0x00fb5953
                                    0x00fb5943
                                    0x00fb5959
                                    0x00fb595b
                                    0x00fb5961
                                    0x00fb5964
                                    0x00fb5968
                                    0x00ffed68
                                    0x00ffed68
                                    0x00fb5971
                                    0x00000000
                                    0x00fb661c
                                    0x00fb661c
                                    0x00fb661f
                                    0x00ffed41
                                    0x00ffed41
                                    0x00fb6628
                                    0x00fb6630
                                    0x00fb6630
                                    0x00fb6632
                                    0x00000000
                                    0x00000000
                                    0x00fb6638
                                    0x00fb663b
                                    0x00fb6641
                                    0x00fb6644
                                    0x00fb6647
                                    0x00fb664c
                                    0x00fb664e
                                    0x00fb6654
                                    0x00fb6657
                                    0x00fb665d
                                    0x00fb666c
                                    0x00fb6671
                                    0x00fb6673
                                    0x00ffed48
                                    0x00ffed58
                                    0x00ffed60
                                    0x00fb6679
                                    0x00fb6679
                                    0x00fb6679
                                    0x00fb667c
                                    0x00fb667c
                                    0x00fb6685
                                    0x00fb6687
                                    0x00fb668d
                                    0x00fb668f
                                    0x00fb6711
                                    0x00000000
                                    0x00fb6695
                                    0x00fb6695
                                    0x00000000
                                    0x00fb6695
                                    0x00fb668f
                                    0x00fb5974
                                    0x00fb5974
                                    0x00fb5977
                                    0x00fb5977
                                    0x00fb5979
                                    0x00fb606a
                                    0x00fb606a
                                    0x00fb606c
                                    0x00fb606f
                                    0x00000000
                                    0x00fb606f
                                    0x00fb597f
                                    0x00fb5985
                                    0x00fb598b
                                    0x00fb653b
                                    0x00fb653e
                                    0x00fb6545
                                    0x00fb6547
                                    0x00fb654a
                                    0x00fb654c
                                    0x00fb6bd8
                                    0x00000000
                                    0x00fb6bd8
                                    0x00fb6552
                                    0x00fb6552
                                    0x00fb6555
                                    0x00fb6557
                                    0x00fb655a
                                    0x00fb655d
                                    0x00fb6560
                                    0x00fb6562
                                    0x00fb6565
                                    0x00fb6568
                                    0x00fb656a
                                    0x00fb656d
                                    0x00fff3eb
                                    0x00fff3eb
                                    0x00fff3f3
                                    0x00fff3f8
                                    0x00fff3fd
                                    0x00000000
                                    0x00fff3fd
                                    0x00fb6573
                                    0x00fb6575
                                    0x00000000
                                    0x00000000
                                    0x00fb657e
                                    0x00fb6581
                                    0x00fb6587
                                    0x00fb6589
                                    0x00fb65c6
                                    0x00fb65c6
                                    0x00fb65c8
                                    0x00fb65cb
                                    0x00fb65cf
                                    0x00ffedfc
                                    0x00ffee01
                                    0x00ffee03
                                    0x00000000
                                    0x00000000
                                    0x00ffee11
                                    0x00ffee13
                                    0x00ffee18
                                    0x00000000
                                    0x00ffee18
                                    0x00fb65d5
                                    0x00fb65d5
                                    0x00fb5b42
                                    0x00fb5b42
                                    0x00fb5b45
                                    0x00fb5b48
                                    0x00fb5b4c
                                    0x00fb67ab
                                    0x00fb67ae
                                    0x00ffee24
                                    0x00ffee2b
                                    0x00ffee31
                                    0x00ffee34
                                    0x00ffee36
                                    0x00ffee39
                                    0x00ffee3b
                                    0x00ffee3b
                                    0x00ffee3e
                                    0x00ffee3e
                                    0x00ffee39
                                    0x00ffee4a
                                    0x00ffee4e
                                    0x00ffee53
                                    0x00ffee56
                                    0x00ffee58
                                    0x00ffee5e
                                    0x00ffee65
                                    0x00ffee69
                                    0x00ffee8b
                                    0x00ffee90
                                    0x00ffee95
                                    0x00ffee6b
                                    0x00ffee81
                                    0x00ffee86
                                    0x00ffee86
                                    0x00ffee98
                                    0x00ffeea3
                                    0x00ffeeaa
                                    0x00ffeeaf
                                    0x00ffeeb2
                                    0x00ffeeb8
                                    0x00ffeebc
                                    0x00ffeedb
                                    0x00ffeebe
                                    0x00ffeebe
                                    0x00ffeec5
                                    0x00ffeec8
                                    0x00ffeece
                                    0x00ffeecf
                                    0x00ffeecf
                                    0x00ffeebc
                                    0x00ffee58
                                    0x00fb67ae
                                    0x00fb5b52
                                    0x00fb5b55
                                    0x00fb5b59
                                    0x00ffeee3
                                    0x00ffeeeb
                                    0x00ffeef0
                                    0x00000000
                                    0x00fb5b5f
                                    0x00fb5b62
                                    0x00fb5b68
                                    0x00fb5b6b
                                    0x00fb5b6d
                                    0x00fb5b73
                                    0x00fb5b79
                                    0x00fb5b7c
                                    0x00fb5b7e
                                    0x00fb5b81
                                    0x00fb5b84
                                    0x00ffeefa
                                    0x00ffeefe
                                    0x00fb5b8a
                                    0x00fb5b8a
                                    0x00fb5b8a
                                    0x00fb5b8d
                                    0x00fb5b91
                                    0x00fb5b93
                                    0x00fb5ed4
                                    0x00fb5ed4
                                    0x00fb5eda
                                    0x00fb5ee0
                                    0x00fb5ee7
                                    0x00fb5ef2
                                    0x00fb5ef4
                                    0x00fff311
                                    0x00fb5efa
                                    0x00fb5efa
                                    0x00fb5efa
                                    0x00fb5efa
                                    0x00fb5efc
                                    0x00fb5efe
                                    0x00fb5f00
                                    0x00fff318
                                    0x00fff318
                                    0x00fff31b
                                    0x00fff31d
                                    0x00fff31d
                                    0x00fb5f06
                                    0x00fb5f0a
                                    0x00fb67b9
                                    0x00fb67bc
                                    0x00fb67bf
                                    0x00fb68b1
                                    0x00fb68b5
                                    0x00fb67d9
                                    0x00fb67d9
                                    0x00fb67dc
                                    0x00fb67dc
                                    0x00fb67e0
                                    0x00fff354
                                    0x00fff357
                                    0x00fff35e
                                    0x00fff369
                                    0x00fff369
                                    0x00fb67e6
                                    0x00fb67e9
                                    0x00fb67ed
                                    0x00fb67f1
                                    0x00fff3b7
                                    0x00fff3ba
                                    0x00fff3c0
                                    0x00fff3c5
                                    0x00000000
                                    0x00000000
                                    0x00fff3cd
                                    0x00fff3dc
                                    0x00fff3e3
                                    0x00000000
                                    0x00fb67f7
                                    0x00fb67f7
                                    0x00fb67fe
                                    0x00fb6800
                                    0x00fb6808
                                    0x00fb680a
                                    0x00fb680d
                                    0x00fb6814
                                    0x00fff372
                                    0x00fff37c
                                    0x00fff37f
                                    0x00fff37f
                                    0x00fb6820
                                    0x00fb6823
                                    0x00fb6829
                                    0x00fb682e
                                    0x00fff389
                                    0x00fff39d
                                    0x00fff3a2
                                    0x00fff3a8
                                    0x00000000
                                    0x00fb6834
                                    0x00fb6834
                                    0x00fb6834
                                    0x00fb6837
                                    0x00fb6837
                                    0x00fb683b
                                    0x00fb6849
                                    0x00fb684c
                                    0x00fb684f
                                    0x00fb684f
                                    0x00000000
                                    0x00fb683b
                                    0x00fb682e
                                    0x00fb67f1
                                    0x00fff33b
                                    0x00fff347
                                    0x00fff34c
                                    0x00000000
                                    0x00fff34c
                                    0x00fb67c5
                                    0x00fb67ce
                                    0x00fb67d6
                                    0x00000000
                                    0x00fb5f10
                                    0x00fb5f10
                                    0x00fb5f14
                                    0x00fb5f16
                                    0x00fb5f21
                                    0x00fb5f27
                                    0x00fb5f27
                                    0x00fb5f27
                                    0x00fb5f29
                                    0x00fb5f2d
                                    0x00fb5fc4
                                    0x00fb5fc4
                                    0x00fb5fc7
                                    0x00fb5fc9
                                    0x00fb6109
                                    0x00fb6112
                                    0x00fb6117
                                    0x00000000
                                    0x00fb5f33
                                    0x00fb5f33
                                    0x00fb5f3a
                                    0x00fb5f90
                                    0x00fb5f90
                                    0x00fb5f96
                                    0x00fb5f96
                                    0x00fb5f96
                                    0x00fb5f9a
                                    0x00fb5fc0
                                    0x00fb5fc0
                                    0x00000000
                                    0x00fb5fc0
                                    0x00fb5f9c
                                    0x00fb5fa6
                                    0x00fb5fae
                                    0x00fb5fb2
                                    0x00fb5fb4
                                    0x00fb5fb7
                                    0x00fb5fba
                                    0x00fb6db9
                                    0x00fb6dbd
                                    0x00fff328
                                    0x00fff329
                                    0x00fff32e
                                    0x00fff32e
                                    0x00fb6dc3
                                    0x00fb6dc3
                                    0x00fb6dc6
                                    0x00fb6e18
                                    0x00fb6dc8
                                    0x00fb6dc8
                                    0x00fb6dc8
                                    0x00fb6dcd
                                    0x00fb6dd0
                                    0x00fb6dd3
                                    0x00fb6dd8
                                    0x00fb6ddc
                                    0x00fb6ddf
                                    0x00000000
                                    0x00000000
                                    0x00fb6e1f
                                    0x00fb6e21
                                    0x00fb6e21
                                    0x00fb6de1
                                    0x00fb6de5
                                    0x00fb6dec
                                    0x00fb6dec
                                    0x00fb6de5
                                    0x00000000
                                    0x00fb5fba
                                    0x00fb5f3c
                                    0x00fb5f42
                                    0x00fb5f48
                                    0x00fb5f4e
                                    0x00fb5f50
                                    0x00fb5f66
                                    0x00fb5f68
                                    0x00fb5f6e
                                    0x00fb625a
                                    0x00fb625a
                                    0x00fb5f74
                                    0x00fb5f74
                                    0x00fb5f7a
                                    0x00fb5f80
                                    0x00fb5f8a
                                    0x00fb6ba0
                                    0x00fb6ba7
                                    0x00fb6bee
                                    0x00fb6bee
                                    0x00fb6bb7
                                    0x00fb6bb7
                                    0x00fb6bbd
                                    0x00fb6c13
                                    0x00fb6c19
                                    0x00fb6c1e
                                    0x00fb6c1e
                                    0x00fb6c19
                                    0x00fb6bbf
                                    0x00fb6bc9
                                    0x00000000
                                    0x00fb6bc9
                                    0x00fb6ba9
                                    0x00fb6bb0
                                    0x00000000
                                    0x00000000
                                    0x00fb6bb2
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fb5f8a
                                    0x00fb5f2d
                                    0x00fb5b99
                                    0x00fb5b99
                                    0x00fb5b9c
                                    0x00fb65fd
                                    0x00fb6605
                                    0x00fb6608
                                    0x00fb660b
                                    0x00fb660e
                                    0x00ffef07
                                    0x00ffef0b
                                    0x00fb6614
                                    0x00fb6614
                                    0x00fb6614
                                    0x00000000
                                    0x00fb660e
                                    0x00fb5ba2
                                    0x00fb5ba6
                                    0x00fb69a2
                                    0x00fb5bac
                                    0x00fb5bac
                                    0x00fb5bac
                                    0x00fb5bac
                                    0x00fb5bae
                                    0x00fb5bb1
                                    0x00fb5bb4
                                    0x00fb5bb6
                                    0x00fb60e0
                                    0x00fb60e2
                                    0x00fb5bbc
                                    0x00fb5bbc
                                    0x00fb5bbe
                                    0x00fb5bbe
                                    0x00fb5bc1
                                    0x00fb5bc7
                                    0x00fb5bcd
                                    0x00fb5bd0
                                    0x00fb5bda
                                    0x00fb5bdd
                                    0x00fb5be9
                                    0x00fb5bf0
                                    0x00fb5bf3
                                    0x00fb60f2
                                    0x00fb60f3
                                    0x00fb60f6
                                    0x00fb60f9
                                    0x00fb60fe
                                    0x00ffef14
                                    0x00ffef21
                                    0x00ffef26
                                    0x00ffef29
                                    0x00ffef29
                                    0x00fb5bf9
                                    0x00fb5bf9
                                    0x00fb5bf9
                                    0x00fb5bf9
                                    0x00fb5bfb
                                    0x00fb5bfe
                                    0x00fb5c01
                                    0x00fb5c05
                                    0x00fb5c10
                                    0x00fb5c10
                                    0x00fb5c1c
                                    0x00fb5c1f
                                    0x00fb5c21
                                    0x00000000
                                    0x00000000
                                    0x00fb6c26
                                    0x00fb6c2a
                                    0x00fb6c2f
                                    0x00fb6c31
                                    0x00fb6c3f
                                    0x00fb6c44
                                    0x00fb6c46
                                    0x00fff050
                                    0x00fff056
                                    0x00fff056
                                    0x00fb6c4c
                                    0x00fb6c4c
                                    0x00fb6c4f
                                    0x00fb6c4f
                                    0x00fb6c52
                                    0x00fb6c57
                                    0x00fb6c5a
                                    0x00fb6c5a
                                    0x00fb6c5d
                                    0x00fb6c60
                                    0x00fb6c65
                                    0x00fb6c65
                                    0x00fb6c68
                                    0x00fb6c68
                                    0x00fb6c6b
                                    0x00fff2b0
                                    0x00fff2b0
                                    0x00fff2b5
                                    0x00fff2bb
                                    0x00fff2c0
                                    0x00000000
                                    0x00fb6c71
                                    0x00fb6c71
                                    0x00fb6c73
                                    0x00000000
                                    0x00000000
                                    0x00fb6c7c
                                    0x00fb6c7f
                                    0x00fb6c85
                                    0x00fb6c87
                                    0x00fb6cbe
                                    0x00fb6cbe
                                    0x00fb6cc1
                                    0x00fb6cc4
                                    0x00fb6cc6
                                    0x00fb6cc9
                                    0x00fb6ccd
                                    0x00fff06b
                                    0x00fff070
                                    0x00fff072
                                    0x00000000
                                    0x00000000
                                    0x00fff081
                                    0x00fff083
                                    0x00fff2c5
                                    0x00fff2c5
                                    0x00fff2c9
                                    0x00fff2cd
                                    0x00fff2de
                                    0x00fff2e8
                                    0x00fff2f2
                                    0x00fff2f9
                                    0x00fff309
                                    0x00000000
                                    0x00fff309
                                    0x00fff2cf
                                    0x00fff2d6
                                    0x00000000
                                    0x00fff2d6
                                    0x00fb6cd3
                                    0x00fb6cd3
                                    0x00fb6cd7
                                    0x00fb6cda
                                    0x00fb6cdd
                                    0x00fb6cdf
                                    0x00fff08d
                                    0x00fff090
                                    0x00fff093
                                    0x00fff095
                                    0x00fff09b
                                    0x00fff0a1
                                    0x00fff0a8
                                    0x00fff0ae
                                    0x00fff0b2
                                    0x00fff0b4
                                    0x00fff0b7
                                    0x00fff0b9
                                    0x00fff0b9
                                    0x00fff0bc
                                    0x00fff0bc
                                    0x00fff0b7
                                    0x00fff0cc
                                    0x00fff0d1
                                    0x00fff0d4
                                    0x00fff0da
                                    0x00fff156
                                    0x00fff0dc
                                    0x00fff0dc
                                    0x00fff0e3
                                    0x00fff0e7
                                    0x00fff109
                                    0x00fff10e
                                    0x00fff113
                                    0x00fff0e9
                                    0x00fff0ff
                                    0x00fff104
                                    0x00fff104
                                    0x00fff121
                                    0x00fff128
                                    0x00fff12d
                                    0x00fff130
                                    0x00fff136
                                    0x00fff139
                                    0x00fff13d
                                    0x00fff13f
                                    0x00fff146
                                    0x00fff14c
                                    0x00fff14d
                                    0x00fff14d
                                    0x00fff13d
                                    0x00fff159
                                    0x00fff159
                                    0x00fff095
                                    0x00fb6ce8
                                    0x00fb6cee
                                    0x00fb6cf0
                                    0x00fb6cf3
                                    0x00fb6cf9
                                    0x00fb6cfc
                                    0x00fb6d02
                                    0x00fff2a6
                                    0x00000000
                                    0x00fb6d08
                                    0x00fb6d08
                                    0x00fb6d0b
                                    0x00fb6d15
                                    0x00fb6d1a
                                    0x00fb6d1c
                                    0x00fff1bd
                                    0x00fff1c0
                                    0x00fff1c4
                                    0x00fff1c8
                                    0x00fff1d7
                                    0x00fff1db
                                    0x00fff1e0
                                    0x00fff1e0
                                    0x00fff1e0
                                    0x00fff1e0
                                    0x00fff1e4
                                    0x00fff1ea
                                    0x00fff1f1
                                    0x00fff206
                                    0x00fff1f3
                                    0x00fff1fc
                                    0x00fff1fe
                                    0x00fff1fe
                                    0x00fff208
                                    0x00fff208
                                    0x00fff20a
                                    0x00000000
                                    0x00000000
                                    0x00fff20c
                                    0x00fff210
                                    0x00fff225
                                    0x00fff212
                                    0x00fff212
                                    0x00fff215
                                    0x00fff218
                                    0x00fff21b
                                    0x00fff21d
                                    0x00fff220
                                    0x00fff220
                                    0x00fff21b
                                    0x00fff229
                                    0x00fff233
                                    0x00fff235
                                    0x00000000
                                    0x00fff237
                                    0x00fff237
                                    0x00fff239
                                    0x00000000
                                    0x00fff239
                                    0x00fff235
                                    0x00fff241
                                    0x00fff241
                                    0x00fff244
                                    0x00fff247
                                    0x00fff249
                                    0x00fff24b
                                    0x00fff259
                                    0x00fff25e
                                    0x00fff263
                                    0x00fff24d
                                    0x00fff24d
                                    0x00fff24f
                                    0x00fff252
                                    0x00fff254
                                    0x00fff254
                                    0x00fff26b
                                    0x00fff26e
                                    0x00fff274
                                    0x00fff276
                                    0x00fb5eb6
                                    0x00fb5eb6
                                    0x00fb5eba
                                    0x00fb5ec4
                                    0x00fb5eca
                                    0x00fb5eca
                                    0x00fb5eca
                                    0x00fb5ecc
                                    0x00fb5ecc
                                    0x00fb5ed0
                                    0x00000000
                                    0x00fff27c
                                    0x00fff27c
                                    0x00fff27f
                                    0x00fff27f
                                    0x00fff282
                                    0x00000000
                                    0x00000000
                                    0x00fff288
                                    0x00fff28a
                                    0x00fff28c
                                    0x00fff29d
                                    0x00000000
                                    0x00fff29d
                                    0x00fff291
                                    0x00fff291
                                    0x00fff292
                                    0x00fff292
                                    0x00fb6991
                                    0x00fb6998
                                    0x00000000
                                    0x00fb6998
                                    0x00fff284
                                    0x00000000
                                    0x00fff284
                                    0x00fff276
                                    0x00fb6d22
                                    0x00fb6d25
                                    0x00fb6d28
                                    0x00fb6d2e
                                    0x00fb6d35
                                    0x00fff161
                                    0x00fb6d3b
                                    0x00fb6d44
                                    0x00fb6d46
                                    0x00fb6d46
                                    0x00fb6d50
                                    0x00fb6d50
                                    0x00fb6d52
                                    0x00000000
                                    0x00000000
                                    0x00fff168
                                    0x00fff16c
                                    0x00fff181
                                    0x00fff16e
                                    0x00fff16e
                                    0x00fff171
                                    0x00fff174
                                    0x00fff177
                                    0x00fff179
                                    0x00fff17c
                                    0x00fff17c
                                    0x00fff177
                                    0x00fff185
                                    0x00fff18f
                                    0x00fff191
                                    0x00000000
                                    0x00fff197
                                    0x00fff197
                                    0x00fff199
                                    0x00000000
                                    0x00fff199
                                    0x00fff191
                                    0x00fb6d58
                                    0x00fb6d58
                                    0x00fb6d5b
                                    0x00fb6d5e
                                    0x00fb6d60
                                    0x00fb6d62
                                    0x00fff1a4
                                    0x00fff1ae
                                    0x00fb6d68
                                    0x00fb6d68
                                    0x00fb6d6a
                                    0x00fb6d6d
                                    0x00fb6d6f
                                    0x00fb6d6f
                                    0x00fb6d75
                                    0x00fb6d78
                                    0x00fb6d7e
                                    0x00fb6d80
                                    0x00000000
                                    0x00fb6d86
                                    0x00fb6d86
                                    0x00fb6d90
                                    0x00fb6d90
                                    0x00fb6d93
                                    0x00000000
                                    0x00000000
                                    0x00fb6d99
                                    0x00fb6d9b
                                    0x00fb6d9d
                                    0x00fb6db5
                                    0x00000000
                                    0x00fb6db5
                                    0x00fb6da2
                                    0x00fb6da2
                                    0x00fb6da3
                                    0x00fb6da3
                                    0x00000000
                                    0x00fb6da3
                                    0x00fb6e14
                                    0x00000000
                                    0x00fb6e14
                                    0x00fb6d80
                                    0x00fb6d02
                                    0x00fb6c89
                                    0x00fb6c90
                                    0x00fb6c90
                                    0x00fb6c93
                                    0x00000000
                                    0x00000000
                                    0x00fb6c99
                                    0x00fb6c9b
                                    0x00fb6c9d
                                    0x00fb6dae
                                    0x00000000
                                    0x00fb6dae
                                    0x00fb6ca6
                                    0x00fb6ca6
                                    0x00fb6ca7
                                    0x00fb6ca7
                                    0x00fb6cb6
                                    0x00fb6cbb
                                    0x00000000
                                    0x00fb6cbb
                                    0x00fff060
                                    0x00000000
                                    0x00fff060
                                    0x00fb6c6b
                                    0x00fb5c27
                                    0x00fb5c2a
                                    0x00fb5c34
                                    0x00fb5c38
                                    0x00fb5c3a
                                    0x00fb68de
                                    0x00fb68e1
                                    0x00fb68e5
                                    0x00fb68e9
                                    0x00fff00d
                                    0x00fff011
                                    0x00fff016
                                    0x00fff016
                                    0x00fb68ef
                                    0x00fb68f5
                                    0x00fb68fc
                                    0x00fff01f
                                    0x00fb6902
                                    0x00fb690b
                                    0x00fb690d
                                    0x00fb690d
                                    0x00fb6913
                                    0x00fb6913
                                    0x00fb6915
                                    0x00000000
                                    0x00000000
                                    0x00fb6917
                                    0x00fb691b
                                    0x00fff026
                                    0x00fb6921
                                    0x00fb6921
                                    0x00fb6924
                                    0x00fb692a
                                    0x00fb692d
                                    0x00fb692f
                                    0x00fb692f
                                    0x00fb6932
                                    0x00fb6932
                                    0x00fb692d
                                    0x00fb6938
                                    0x00fb6942
                                    0x00fb6944
                                    0x00fff02f
                                    0x00fff031
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fb6944
                                    0x00fb694a
                                    0x00fb694a
                                    0x00fb694d
                                    0x00fb6950
                                    0x00fb6952
                                    0x00fb6954
                                    0x00fff03c
                                    0x00fff046
                                    0x00fb695a
                                    0x00fb695a
                                    0x00fb695c
                                    0x00fb695f
                                    0x00fb6961
                                    0x00fb6961
                                    0x00fb6967
                                    0x00fb696a
                                    0x00fb6970
                                    0x00fb6972
                                    0x00000000
                                    0x00fb6978
                                    0x00fb6978
                                    0x00fb6980
                                    0x00fb6980
                                    0x00fb6983
                                    0x00000000
                                    0x00000000
                                    0x00fb6b8a
                                    0x00fb6b8c
                                    0x00fb6b8e
                                    0x00fb6b9a
                                    0x00fb698b
                                    0x00fb698b
                                    0x00000000
                                    0x00fb698b
                                    0x00fb6b90
                                    0x00fb6b90
                                    0x00fb6989
                                    0x00000000
                                    0x00fb6989
                                    0x00fb6972
                                    0x00fb5c40
                                    0x00fb5c43
                                    0x00fb5c46
                                    0x00fb5c4c
                                    0x00fb5c52
                                    0x00fb5c55
                                    0x00fb5c57
                                    0x00ffefa2
                                    0x00000000
                                    0x00fb5c60
                                    0x00fb5c60
                                    0x00fb5c60
                                    0x00fb5c63
                                    0x00fb5c65
                                    0x00fb5c6b
                                    0x00fb5c71
                                    0x00fb5c71
                                    0x00fb5c71
                                    0x00fb5dcb
                                    0x00fb5dcd
                                    0x00fb5dcf
                                    0x00fb6242
                                    0x00fb6242
                                    0x00fb6243
                                    0x00fb6243
                                    0x00000000
                                    0x00fb5dd5
                                    0x00fb5dd5
                                    0x00fb5dd7
                                    0x00000000
                                    0x00fb5dd7
                                    0x00fb5dcf
                                    0x00fb5c73
                                    0x00fb5c79
                                    0x00fb5c7e
                                    0x00fb5c81
                                    0x00fb5c84
                                    0x00fb5c87
                                    0x00fb5c89
                                    0x00fb64c3
                                    0x00fb5c8f
                                    0x00fb5c8f
                                    0x00fb5c92
                                    0x00fb5c95
                                    0x00fb5c97
                                    0x00fb5c9d
                                    0x00fb5ca0
                                    0x00fb5ca3
                                    0x00fb5ca8
                                    0x00fb5caa
                                    0x00fb5cb0
                                    0x00fb5cb3
                                    0x00fb5cb9
                                    0x00fb5cc8
                                    0x00fb5ccd
                                    0x00fb5ccf
                                    0x00ffef31
                                    0x00ffef40
                                    0x00ffef48
                                    0x00fb5cd5
                                    0x00fb5cd5
                                    0x00fb5cd5
                                    0x00fb5cd8
                                    0x00fb5cd8
                                    0x00fb5ce1
                                    0x00fb5ce3
                                    0x00fb5ce9
                                    0x00fb5ceb
                                    0x00fb5ddf
                                    0x00fb5de1
                                    0x00fb5de1
                                    0x00fb5cf1
                                    0x00fb5cf3
                                    0x00fb5cf6
                                    0x00fb5cf9
                                    0x00fb5cfb
                                    0x00fb5d01
                                    0x00fb5d04
                                    0x00fb5d07
                                    0x00fb5d0c
                                    0x00fb5d0e
                                    0x00fb5d14
                                    0x00fb5d17
                                    0x00fb5d1d
                                    0x00fb5d2c
                                    0x00fb5d31
                                    0x00fb5d33
                                    0x00ffef50
                                    0x00ffef5f
                                    0x00ffef67
                                    0x00fb5d39
                                    0x00fb5d39
                                    0x00fb5d39
                                    0x00fb5d3c
                                    0x00fb5d3c
                                    0x00fb5d45
                                    0x00fb5d47
                                    0x00fb5d4d
                                    0x00fb5d4f
                                    0x00fb5d52
                                    0x00fb64ca
                                    0x00fb5de4
                                    0x00fb5de4
                                    0x00fb5de6
                                    0x00fb62de
                                    0x00fb62de
                                    0x00fb62e0
                                    0x00fb62e3
                                    0x00000000
                                    0x00fb62e3
                                    0x00fb5dec
                                    0x00fb5df2
                                    0x00fb5df2
                                    0x00fb5df5
                                    0x00fb5df5
                                    0x00fb5df7
                                    0x00000000
                                    0x00000000
                                    0x00fb6027
                                    0x00fb602b
                                    0x00ffefa9
                                    0x00fb6031
                                    0x00fb6031
                                    0x00fb6034
                                    0x00fb603a
                                    0x00fb603d
                                    0x00fb603f
                                    0x00fb603f
                                    0x00fb6042
                                    0x00fb6042
                                    0x00fb603d
                                    0x00fb6048
                                    0x00fb6052
                                    0x00fb6054
                                    0x00000000
                                    0x00fb605a
                                    0x00ffefb2
                                    0x00ffefb4
                                    0x00000000
                                    0x00ffefb4
                                    0x00fb6054
                                    0x00fb5dfd
                                    0x00fb5dfd
                                    0x00fb5e00
                                    0x00fb5e03
                                    0x00fb5e05
                                    0x00fb5e07
                                    0x00ffefbf
                                    0x00ffefc9
                                    0x00fb5e0d
                                    0x00fb5e0d
                                    0x00fb5e0f
                                    0x00fb5e12
                                    0x00fb5e14
                                    0x00fb5e14
                                    0x00fb5e1a
                                    0x00fb5e1d
                                    0x00fb5e23
                                    0x00fb5e26
                                    0x00fb5e28
                                    0x00000000
                                    0x00fb5e2e
                                    0x00fb5e2e
                                    0x00fb5e31
                                    0x00fb5e31
                                    0x00fb5e34
                                    0x00fb5e36
                                    0x00000000
                                    0x00000000
                                    0x00fb6013
                                    0x00fb6015
                                    0x00fb6017
                                    0x00fb624e
                                    0x00fb624f
                                    0x00fb5e44
                                    0x00fb5e44
                                    0x00fb5e49
                                    0x00fb5e4c
                                    0x00fb5e4f
                                    0x00fb5e53
                                    0x00ffefd6
                                    0x00fb5e59
                                    0x00fb5e59
                                    0x00fb5e59
                                    0x00fb5e5c
                                    0x00fb5e68
                                    0x00fb5e6f
                                    0x00fb5e72
                                    0x00fb5e75
                                    0x00fb623a
                                    0x00fb623a
                                    0x00fb5e7b
                                    0x00fb5e7e
                                    0x00fb5e80
                                    0x00fb6265
                                    0x00fb6268
                                    0x00fb626b
                                    0x00fb626d
                                    0x00fb6276
                                    0x00fb6279
                                    0x00fb627d
                                    0x00fb6280
                                    0x00fb6285
                                    0x00fb6287
                                    0x00fb628d
                                    0x00fb6290
                                    0x00fb6296
                                    0x00fb62a5
                                    0x00fb62aa
                                    0x00fb62ac
                                    0x00ffefde
                                    0x00ffefed
                                    0x00ffeff8
                                    0x00ffeff8
                                    0x00fb62b2
                                    0x00fb62b5
                                    0x00fb62b5
                                    0x00fb62be
                                    0x00fb62c0
                                    0x00fb62c6
                                    0x00fb62c8
                                    0x00000000
                                    0x00fb62ce
                                    0x00000000
                                    0x00fb62ce
                                    0x00fb5e86
                                    0x00fb5e86
                                    0x00fb5e89
                                    0x00fb5e8f
                                    0x00fb5e92
                                    0x00fb5e92
                                    0x00fb5e96
                                    0x00fb5e9a
                                    0x00fb5ea0
                                    0x00fb5eb0
                                    0x00fb5eb0
                                    0x00fb5eb3
                                    0x00fb5eb3
                                    0x00fb5eb3
                                    0x00fb5eb3
                                    0x00000000
                                    0x00fb5e96
                                    0x00fb5e80
                                    0x00fb601d
                                    0x00fb601f
                                    0x00fb601f
                                    0x00fb5e3c
                                    0x00fb5e42
                                    0x00000000
                                    0x00fb5e42
                                    0x00fb5e28
                                    0x00fb5d58
                                    0x00fb5d5a
                                    0x00fb6123
                                    0x00fb6126
                                    0x00000000
                                    0x00000000
                                    0x00fb612c
                                    0x00fb612f
                                    0x00ffef74
                                    0x00ffef74
                                    0x00fb613b
                                    0x00fb613e
                                    0x00fb613e
                                    0x00fb6141
                                    0x00fb6143
                                    0x00000000
                                    0x00000000
                                    0x00fb6149
                                    0x00fb614c
                                    0x00fb614f
                                    0x00fb6151
                                    0x00fb6157
                                    0x00fb615a
                                    0x00fb615d
                                    0x00fb6162
                                    0x00fb6164
                                    0x00fb616a
                                    0x00fb616d
                                    0x00fb6173
                                    0x00fb6182
                                    0x00fb6187
                                    0x00fb6189
                                    0x00ffef7c
                                    0x00ffef8b
                                    0x00ffef93
                                    0x00fb618f
                                    0x00fb618f
                                    0x00fb618f
                                    0x00fb6192
                                    0x00fb6192
                                    0x00fb619b
                                    0x00fb619d
                                    0x00fb61a3
                                    0x00fb61a5
                                    0x00fb68d2
                                    0x00000000
                                    0x00fb61ab
                                    0x00fb61ab
                                    0x00fb61ae
                                    0x00000000
                                    0x00fb61ae
                                    0x00fb61a5
                                    0x00000000
                                    0x00fb613e
                                    0x00fb5d60
                                    0x00fb5d63
                                    0x00fb5d70
                                    0x00fb5d76
                                    0x00fb5d86
                                    0x00fb5d8e
                                    0x00fb5d8e
                                    0x00fb5d90
                                    0x00fb5d93
                                    0x00fb5d93
                                    0x00fb5d99
                                    0x00fb5d9f
                                    0x00fb5da1
                                    0x00000000
                                    0x00000000
                                    0x00fb5da7
                                    0x00fb5da9
                                    0x00fb62d3
                                    0x00fb62d5
                                    0x00000000
                                    0x00000000
                                    0x00fb62db
                                    0x00000000
                                    0x00fb5daf
                                    0x00fb5daf
                                    0x00fb5db2
                                    0x00fb5db4
                                    0x00000000
                                    0x00fb5db4
                                    0x00fb5da9
                                    0x00fb608e
                                    0x00fb6091
                                    0x00fb61f3
                                    0x00fb61f6
                                    0x00fb61f8
                                    0x00fb64bb
                                    0x00fb61fe
                                    0x00fb6201
                                    0x00fb6208
                                    0x00fb6208
                                    0x00fb6097
                                    0x00fb6097
                                    0x00fb609a
                                    0x00fb609c
                                    0x00fb62f8
                                    0x00fb60a2
                                    0x00fb60a2
                                    0x00fb60a2
                                    0x00fb609c
                                    0x00fb60ac
                                    0x00fb60ae
                                    0x00fb60b4
                                    0x00fb60b7
                                    0x00fb60bb
                                    0x00ffef9b
                                    0x00ffef9b
                                    0x00fb60c4
                                    0x00fb60c4
                                    0x00fb5ceb
                                    0x00000000
                                    0x00fb5c89
                                    0x00fb5c57
                                    0x00fb5b93
                                    0x00fb5b59
                                    0x00fb658b
                                    0x00fb6590
                                    0x00fb6590
                                    0x00fb6590
                                    0x00fb6593
                                    0x00fb6595
                                    0x00000000
                                    0x00000000
                                    0x00fb6597
                                    0x00fb6599
                                    0x00fb659c
                                    0x00fb659e
                                    0x00fb65a1
                                    0x00fb65a8
                                    0x00fb65a8
                                    0x00000000
                                    0x00fb65a8
                                    0x00fb65a3
                                    0x00fb65a3
                                    0x00fb65ab
                                    0x00fb65b6
                                    0x00fb65be
                                    0x00fb65c3
                                    0x00000000
                                    0x00fb65c3
                                    0x00fb5991
                                    0x00fb5994
                                    0x00fb5997
                                    0x00fb599b
                                    0x00fb59a0
                                    0x00fb59aa
                                    0x00fb59ad
                                    0x00ffed6f
                                    0x00ffed74
                                    0x00ffed74
                                    0x00fb59ad
                                    0x00fb59b3
                                    0x00fb59b6
                                    0x00fb59b9
                                    0x00ffedd9
                                    0x00ffeddd
                                    0x00ffedeb
                                    0x00ffedf1
                                    0x00ffedf1
                                    0x00000000
                                    0x00ffeddd
                                    0x00fb59bf
                                    0x00fb59bf
                                    0x00fb59c2
                                    0x00fb59c5
                                    0x00fb59c7
                                    0x00fb59cd
                                    0x00fb59d0
                                    0x00fb59d6
                                    0x00fb59d8
                                    0x00fb59db
                                    0x00fb59dd
                                    0x00ffedbd
                                    0x00ffedbd
                                    0x00ffedc0
                                    0x00ffedc6
                                    0x00ffedcb
                                    0x00ffedd0
                                    0x00000000
                                    0x00ffedd0
                                    0x00fb59e3
                                    0x00fb59e6
                                    0x00fb59e8
                                    0x00000000
                                    0x00000000
                                    0x00fb59ee
                                    0x00fb59f1
                                    0x00fb59f7
                                    0x00fb59fa
                                    0x00fb59fc
                                    0x00fb5b23
                                    0x00fb5b23
                                    0x00fb5b29
                                    0x00fb5b2f
                                    0x00fb5b31
                                    0x00fb5b34
                                    0x00fb5b38
                                    0x00fb689f
                                    0x00fb68a4
                                    0x00fb68a6
                                    0x00000000
                                    0x00000000
                                    0x00ffedad
                                    0x00ffedaf
                                    0x00ffedb4
                                    0x00000000
                                    0x00ffedb4
                                    0x00fb5b3e
                                    0x00fb5b3e
                                    0x00000000
                                    0x00fb5a02
                                    0x00fb5a02
                                    0x00fb5a05
                                    0x00fb5a05
                                    0x00fb5a08
                                    0x00fb5a0a
                                    0x00000000
                                    0x00000000
                                    0x00fb5db7
                                    0x00fb5db9
                                    0x00fb5dbb
                                    0x00fb6218
                                    0x00fb6218
                                    0x00000000
                                    0x00fb5dc1
                                    0x00fb5dc1
                                    0x00fb5dc3
                                    0x00000000
                                    0x00fb5dc3
                                    0x00fb5dbb
                                    0x00fb5a10
                                    0x00fb5a19
                                    0x00fb5a1e
                                    0x00fb5a21
                                    0x00fb5a24
                                    0x00fb5a28
                                    0x00ffed7e
                                    0x00fb5a2e
                                    0x00fb5a2e
                                    0x00fb5a2e
                                    0x00fb5a30
                                    0x00fb5a37
                                    0x00fb5a3d
                                    0x00fb5a3f
                                    0x00fb5a44
                                    0x00fb5a47
                                    0x00fb5a4a
                                    0x00fb5a4d
                                    0x00fb5a4d
                                    0x00fb5a50
                                    0x00fb5a53
                                    0x00fb5a55
                                    0x00fb6210
                                    0x00fb6210
                                    0x00fb5a5e
                                    0x00fb5a61
                                    0x00000000
                                    0x00fb5a67
                                    0x00fb5a67
                                    0x00fb5a6d
                                    0x00fb5a70
                                    0x00fb5a72
                                    0x00fb5a75
                                    0x00fb5a75
                                    0x00fb5a7e
                                    0x00fb5a84
                                    0x00fb5a87
                                    0x00fb5a89
                                    0x00fb5a8c
                                    0x00fb6220
                                    0x00fb6223
                                    0x00fb6226
                                    0x00fb6229
                                    0x00fb65e5
                                    0x00000000
                                    0x00fb65e5
                                    0x00fb622f
                                    0x00fb5b08
                                    0x00fb5b08
                                    0x00fb5b1b
                                    0x00fb5b20
                                    0x00fb5b20
                                    0x00fb5b20
                                    0x00000000
                                    0x00fb5b20
                                    0x00fb5a92
                                    0x00fb5a95
                                    0x00fb5a98
                                    0x00fb5afb
                                    0x00fb5b01
                                    0x00000000
                                    0x00fb5b01
                                    0x00fb5a9a
                                    0x00fb5a9d
                                    0x00fb5aa0
                                    0x00fb5aa2
                                    0x00fb5aa8
                                    0x00fb5aab
                                    0x00fb5aaf
                                    0x00fb5ab4
                                    0x00fb5ab6
                                    0x00fb5abc
                                    0x00fb5abf
                                    0x00fb5ac2
                                    0x00fb5ad1
                                    0x00fb5ad6
                                    0x00fb5ad8
                                    0x00ffed86
                                    0x00ffed95
                                    0x00ffed9d
                                    0x00ffed9d
                                    0x00fb5ade
                                    0x00fb5ae1
                                    0x00fb5ae1
                                    0x00fb5aea
                                    0x00fb5aea
                                    0x00fb5aec
                                    0x00fb5af2
                                    0x00fb64f8
                                    0x00fb64fb
                                    0x00000000
                                    0x00fb5af8
                                    0x00fb5af8
                                    0x00000000
                                    0x00fb5af8
                                    0x00fb5af2
                                    0x00fb5a61
                                    0x00fb59fc
                                    0x00fb58d4
                                    0x00fb58cc
                                    0x00fb68c0
                                    0x00fb68c0
                                    0x00000000
                                    0x00fb68c0
                                    0x00fb57ed
                                    0x00fb61c0
                                    0x00fb61c2
                                    0x00fb61c2
                                    0x00000000
                                    0x00fb57e0
                                    0x00fb57b7
                                    0x00fb57bb
                                    0x00fb6307
                                    0x00fb630a
                                    0x00fb630d
                                    0x00fb6311
                                    0x00fb6316
                                    0x00fb6320
                                    0x00fb6323
                                    0x00ffec54
                                    0x00ffec59
                                    0x00ffec59
                                    0x00fb6323
                                    0x00fb6329
                                    0x00fb6329
                                    0x00fb632c
                                    0x00fb6332
                                    0x00fb6334
                                    0x00fb6337
                                    0x00fb633a
                                    0x00fb633d
                                    0x00fb633f
                                    0x00fb6342
                                    0x00fb6344
                                    0x00ffecc0
                                    0x00ffecc0
                                    0x00ffecc6
                                    0x00ffeccb
                                    0x00000000
                                    0x00fb634a
                                    0x00fb634a
                                    0x00fb634c
                                    0x00000000
                                    0x00000000
                                    0x00fb6355
                                    0x00fb6358
                                    0x00fb635e
                                    0x00fb6361
                                    0x00fb6363
                                    0x00fb6496
                                    0x00fb6496
                                    0x00fb6499
                                    0x00fb649c
                                    0x00fb649e
                                    0x00fb64a1
                                    0x00fb64a5
                                    0x00fb6c01
                                    0x00fb6c06
                                    0x00fb6c08
                                    0x00000000
                                    0x00000000
                                    0x00ffecb7
                                    0x00ffecb9
                                    0x00ffecd0
                                    0x00ffecd0
                                    0x00ffecda
                                    0x00ffece4
                                    0x00ffeceb
                                    0x00ffecfb
                                    0x00000000
                                    0x00ffecfb
                                    0x00fb64ab
                                    0x00fb64ab
                                    0x00000000
                                    0x00fb64ab
                                    0x00fb6369
                                    0x00fb6370
                                    0x00fb6370
                                    0x00fb6373
                                    0x00fb6375
                                    0x00000000
                                    0x00000000
                                    0x00fb6718
                                    0x00fb671a
                                    0x00fb671c
                                    0x00ffec63
                                    0x00ffec63
                                    0x00000000
                                    0x00ffec63
                                    0x00fb6722
                                    0x00fb6724
                                    0x00fb6724
                                    0x00fb637b
                                    0x00fb6384
                                    0x00fb6389
                                    0x00fb638c
                                    0x00fb638f
                                    0x00fb6393
                                    0x00ffec6b
                                    0x00fb6399
                                    0x00fb6399
                                    0x00fb6399
                                    0x00fb639b
                                    0x00fb63a2
                                    0x00fb63a8
                                    0x00fb63aa
                                    0x00fb63af
                                    0x00fb63b5
                                    0x00fb63b8
                                    0x00fb63bb
                                    0x00fb63be
                                    0x00fb63be
                                    0x00fb63c1
                                    0x00fb63c4
                                    0x00fb63c6
                                    0x00fb6bf5
                                    0x00fb6bf5
                                    0x00fb63d2
                                    0x00fb63d8
                                    0x00000000
                                    0x00fb63de
                                    0x00fb63de
                                    0x00fb63e4
                                    0x00fb63e7
                                    0x00fb65ec
                                    0x00fb65ef
                                    0x00fb65f2
                                    0x00fb65f2
                                    0x00fb63ed
                                    0x00fb63f0
                                    0x00fb63f9
                                    0x00fb63fc
                                    0x00fb63ff
                                    0x00fb6402
                                    0x00ffec95
                                    0x00ffec98
                                    0x00ffec9b
                                    0x00ffeca4
                                    0x00000000
                                    0x00ffeca4
                                    0x00ffec9d
                                    0x00000000
                                    0x00fb6408
                                    0x00fb6408
                                    0x00fb640b
                                    0x00fb646e
                                    0x00fb6474
                                    0x00fb647b
                                    0x00fb647b
                                    0x00fb648e
                                    0x00fb6493
                                    0x00fb6493
                                    0x00fb6493
                                    0x00000000
                                    0x00fb6493
                                    0x00fb640d
                                    0x00fb6410
                                    0x00fb6413
                                    0x00fb6415
                                    0x00fb641b
                                    0x00fb641e
                                    0x00fb6422
                                    0x00fb6427
                                    0x00fb6429
                                    0x00fb642f
                                    0x00fb6432
                                    0x00fb6438
                                    0x00fb6447
                                    0x00fb644c
                                    0x00fb644e
                                    0x00ffec73
                                    0x00ffec82
                                    0x00ffec8d
                                    0x00ffec8d
                                    0x00fb6454
                                    0x00fb6454
                                    0x00fb645d
                                    0x00fb645d
                                    0x00fb645f
                                    0x00fb6465
                                    0x00fb6706
                                    0x00fb6709
                                    0x00000000
                                    0x00fb646b
                                    0x00fb646b
                                    0x00000000
                                    0x00fb646b
                                    0x00fb6465
                                    0x00fb6402
                                    0x00fb63d8
                                    0x00fb6344
                                    0x00000000
                                    0x00fb57bb
                                    0x00fb572e
                                    0x00fb5731
                                    0x00fb6509
                                    0x00fb650f
                                    0x00000000
                                    0x00000000
                                    0x00fb6515
                                    0x00fb651c
                                    0x00ffec26
                                    0x00ffec2d
                                    0x00000000
                                    0x00000000
                                    0x00ffec33
                                    0x00fb6522
                                    0x00fb6529
                                    0x00fb652f
                                    0x00fb652f
                                    0x00000000
                                    0x00fb6529
                                    0x00fb5737
                                    0x00fb573d
                                    0x00000000
                                    0x00000000
                                    0x00fb574a
                                    0x00fb574c
                                    0x00fb5755
                                    0x00fb5758
                                    0x00fb5764
                                    0x00fb57ad
                                    0x00fb57ad
                                    0x00000000
                                    0x00fb57ad
                                    0x00fb576c
                                    0x00fb576f
                                    0x00fb5775
                                    0x00fb5779
                                    0x00fb5783
                                    0x00fb66a6
                                    0x00fb66a6
                                    0x00fb66a9
                                    0x00fb66ab
                                    0x00ffec38
                                    0x00fb66b1
                                    0x00fb66b1
                                    0x00fb66b1
                                    0x00fb66b3
                                    0x00fb66ba
                                    0x00fb69ac
                                    0x00fb66c0
                                    0x00fb66c0
                                    0x00fb66c0
                                    0x00fb66cb
                                    0x00fb66ce
                                    0x00fb66d3
                                    0x00fb66d6
                                    0x00fb69b3
                                    0x00fb69ba
                                    0x00ffec42
                                    0x00ffec49
                                    0x00000000
                                    0x00000000
                                    0x00ffec4f
                                    0x00fb69c0
                                    0x00fb66dc
                                    0x00fb66dc
                                    0x00fb66df
                                    0x00fb66ea
                                    0x00fb66ed
                                    0x00fb66ef
                                    0x00fb66ef
                                    0x00000000
                                    0x00fb66d6
                                    0x00fb578f
                                    0x00fb669c
                                    0x00000000
                                    0x00fb57a3
                                    0x00fb57a3
                                    0x00000000
                                    0x00fb57a3
                                    0x00fb56c4
                                    0x00fb56c4
                                    0x00fb56ca
                                    0x00fb56d4
                                    0x00fb56d9
                                    0x00fb6856
                                    0x00fb6859
                                    0x00fb685c
                                    0x00fb68c7
                                    0x00000000
                                    0x00fb68c7
                                    0x00fb685e
                                    0x00fb6868
                                    0x00fb686f
                                    0x00ffebf3
                                    0x00ffebfd
                                    0x00ffec07
                                    0x00ffec0e
                                    0x00ffec1e
                                    0x00fb5fcf
                                    0x00fb5fcf
                                    0x00fb5fd6
                                    0x00fb5fe1
                                    0x00fb5fe4
                                    0x00fb5fe6
                                    0x00fff58f
                                    0x00fff592
                                    0x00000000
                                    0x00000000
                                    0x00fff5a1
                                    0x00fb5ff1
                                    0x00fb5ff1
                                    0x00fb5ff4
                                    0x00fb5ff7
                                    0x00fff5ab
                                    0x00fff5ad
                                    0x00fff5b3
                                    0x00fff5b6
                                    0x00fff5b8
                                    0x00fff5c9
                                    0x00fff5c9
                                    0x00fff5b8
                                    0x00fff5ad
                                    0x00fb5ffd
                                    0x00fb5fff
                                    0x00fb6002
                                    0x00fb6010
                                    0x00fb6010
                                    0x00fb5fec
                                    0x00fb5fec
                                    0x00000000
                                    0x00fb5fec
                                    0x00fb6875
                                    0x00fb6885
                                    0x00fb688f
                                    0x00fb6891
                                    0x00000000
                                    0x00fb56df
                                    0x00fb56df
                                    0x00fb56e2
                                    0x00fb56e5
                                    0x00fb56ec
                                    0x00fb56ec
                                    0x00fb56f6
                                    0x00fb56fc
                                    0x00fb56fc
                                    0x00fb5700
                                    0x00fb570b
                                    0x00fb69cc
                                    0x00fb69ce
                                    0x00fb69ce
                                    0x00fb5711
                                    0x00000000
                                    0x00fb5711
                                    0x00fb56d9
                                    0x00fb56c2

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                    • API String ID: 0-3178619729
                                    • Opcode ID: 76076cc32e9525cf67b863fbc41f6c92c544fe0d36e34c9c17cf299b078d8d11
                                    • Instruction ID: 4cf20a2d0521bd903fe4cfbc9db2c27960e6989343eba2d93d9bfc72af3dcdb3
                                    • Opcode Fuzzy Hash: 76076cc32e9525cf67b863fbc41f6c92c544fe0d36e34c9c17cf299b078d8d11
                                    • Instruction Fuzzy Hash: 14238C71E00619DFDB24CF69C480BF9BBB1BF48314F2481A9E849AB391D739A945EF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FBA830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 70%
                                    			E00FBA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x1088748 - 1;
					if( *0x1088748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E00F9B150();
									_t260 = _t257 + 4;
								} else {
									E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E00F9B150();
								_t257 = _t260 + 4;
								__eflags =  *0x1087bc8;
								if(__eflags == 0) {
									E01052073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E0105A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E00FED5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E00FBAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E0105A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E0105A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x1088748 - 1;
					if( *0x1088748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E00F9B150();
							} else {
								E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E00F9B150();
							__eflags =  *0x1087bc8;
							if(__eflags == 0) {
								_t131 = E01052073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                    0x00fba83a
                                    0x00fba83c
                                    0x00fba83e
                                    0x00fba841
                                    0x00fba844
                                    0x00fba84a
                                    0x00fbaa53
                                    0x00fbaa59
                                    0x00fbaa59
                                    0x00fba858
                                    0x00fba85e
                                    0x00fbaaf5
                                    0x00fbaafc
                                    0x0100229e
                                    0x010022a2
                                    0x010022a8
                                    0x010022b3
                                    0x010022b5
                                    0x010022bb
                                    0x010022c1
                                    0x010022c5
                                    0x010022e6
                                    0x010022eb
                                    0x010022f0
                                    0x010022c7
                                    0x010022dc
                                    0x010022e1
                                    0x010022e1
                                    0x010022f3
                                    0x010022f8
                                    0x010022fd
                                    0x01002300
                                    0x01002307
                                    0x0100230e
                                    0x0100230e
                                    0x01002313
                                    0x01002313
                                    0x010022b5
                                    0x010022a2
                                    0x00fbaafc
                                    0x00fba864
                                    0x00fba869
                                    0x00fbaa5c
                                    0x00fbaa5e
                                    0x00fba86f
                                    0x00fba87f
                                    0x00fba885
                                    0x00fba885
                                    0x00fba88b
                                    0x00fba890
                                    0x00fba896
                                    0x00fbab0c
                                    0x00fbab0f
                                    0x00fbab15
                                    0x01002320
                                    0x01002320
                                    0x00fbab1b
                                    0x00fba89c
                                    0x00fba89f
                                    0x00fba8a2
                                    0x00fba8a2
                                    0x00fba8a5
                                    0x00fba8af
                                    0x00fba8b3
                                    0x00fba8b8
                                    0x00fbaa66
                                    0x00fba8be
                                    0x00fba8c5
                                    0x00fba8c6
                                    0x00fba8ce
                                    0x01002328
                                    0x01002332
                                    0x01002337
                                    0x01002337
                                    0x00fba8ce
                                    0x00fba8d4
                                    0x00fba8d8
                                    0x00fba8db
                                    0x00fba8de
                                    0x00fba8e1
                                    0x00fba8e5
                                    0x00fba8e8
                                    0x00fba8f0
                                    0x00fba8f3
                                    0x0100234c
                                    0x01002350
                                    0x01002355
                                    0x01002359
                                    0x01002359
                                    0x00fba8f9
                                    0x00fba901
                                    0x00fbaae4
                                    0x00fbaae4
                                    0x00fbaaea
                                    0x00000000
                                    0x00fba907
                                    0x00fba90a
                                    0x00fba91d
                                    0x00fba91d
                                    0x00000000
                                    0x00fba910
                                    0x00fba910
                                    0x00fba910
                                    0x00fba914
                                    0x00fba924
                                    0x00fba924
                                    0x00fba924
                                    0x00fba924
                                    0x00fba916
                                    0x00fba91b
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fba91b
                                    0x00fba925
                                    0x00fba925
                                    0x00fba932
                                    0x00fba936
                                    0x00fba93c
                                    0x00fba93c
                                    0x00fba93c
                                    0x00fbab22
                                    0x00fbab24
                                    0x00fbab27
                                    0x00fbab27
                                    0x00fba942
                                    0x00fba944
                                    0x00fbaaba
                                    0x00fbaabd
                                    0x00fbaac0
                                    0x00fbaac0
                                    0x00fbaac2
                                    0x00fbab2f
                                    0x00fbaac4
                                    0x00fbaac4
                                    0x00fbaac7
                                    0x00fbaaca
                                    0x00fbaacc
                                    0x00fbaace
                                    0x00fbaace
                                    0x00fbaace
                                    0x00fbaad1
                                    0x00fbaad1
                                    0x00fbaad7
                                    0x00fbaad9
                                    0x00000000
                                    0x00000000
                                    0x01002361
                                    0x01002369
                                    0x0100236b
                                    0x00000000
                                    0x01002371
                                    0x00000000
                                    0x01002371
                                    0x00000000
                                    0x0100236b
                                    0x00fbaac0
                                    0x00fba94a
                                    0x00fba94a
                                    0x00fba94d
                                    0x00fba94d
                                    0x00fba950
                                    0x00fba954
                                    0x01002376
                                    0x01002380
                                    0x00fba95a
                                    0x00fba95a
                                    0x00fba95c
                                    0x00fba95f
                                    0x00fba961
                                    0x00fba961
                                    0x00fba967
                                    0x00fba96a
                                    0x00fba972
                                    0x00fbaa02
                                    0x00fbaa06
                                    0x00fbaa10
                                    0x00fbaa16
                                    0x00fbaa16
                                    0x00fbaa1b
                                    0x00fbaa21
                                    0x00fbaa24
                                    0x00fbaa27
                                    0x00fbaa29
                                    0x00fbaa2c
                                    0x00fbaa32
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fba978
                                    0x00fba978
                                    0x00fba97b
                                    0x00fba981
                                    0x00fba996
                                    0x00fba998
                                    0x00fba99f
                                    0x00fba9a2
                                    0x0100238a
                                    0x00fba9a8
                                    0x00fba9a8
                                    0x00fba9a8
                                    0x00fba9aa
                                    0x00fba9ad
                                    0x00fba9b0
                                    0x00fba9bb
                                    0x00fba9be
                                    0x00fba9c7
                                    0x00fba9c9
                                    0x00fba9c9
                                    0x00fba9cc
                                    0x00fba9d1
                                    0x00fbaa6d
                                    0x00fbaa70
                                    0x00fbaa73
                                    0x00fbaa75
                                    0x00fbaa79
                                    0x00fbaa7e
                                    0x00fbaa82
                                    0x00fbaa8f
                                    0x00fbaa94
                                    0x00fbaa96
                                    0x01002392
                                    0x010023a1
                                    0x010023a1
                                    0x00fbaa9c
                                    0x00fbaa9f
                                    0x00fbaaa2
                                    0x00fbaaa2
                                    0x00fbaaa8
                                    0x00fbaaab
                                    0x00fbaaaf
                                    0x00000000
                                    0x00fbaab5
                                    0x00000000
                                    0x00fbaab5
                                    0x00fba9d7
                                    0x00fba9d7
                                    0x00fba9da
                                    0x00fba9e0
                                    0x00fba9e3
                                    0x00fba9e6
                                    0x00fba9e9
                                    0x00fba9eb
                                    0x00fba9fd
                                    0x00fba9fd
                                    0x00000000
                                    0x00fba9eb
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fba983
                                    0x00fba983
                                    0x00fba983
                                    0x00fba987
                                    0x00fba995
                                    0x00fba995
                                    0x00fba995
                                    0x00fba995
                                    0x00fba989
                                    0x00fba98e
                                    0x00000000
                                    0x00fba990
                                    0x00000000
                                    0x00fba990
                                    0x00fba98e
                                    0x00000000
                                    0x00fba983
                                    0x00fba972
                                    0x00fba90a
                                    0x00fbaa34
                                    0x00fbaa34
                                    0x00fbaa40
                                    0x00fbaa43
                                    0x00fbaa46
                                    0x00fbaa4d
                                    0x010023ab
                                    0x010023b2
                                    0x010023b8
                                    0x010023be
                                    0x010023c3
                                    0x010023c5
                                    0x010023cb
                                    0x010023d1
                                    0x010023d5
                                    0x010023f6
                                    0x010023fb
                                    0x010023d7
                                    0x010023ec
                                    0x010023f1
                                    0x01002403
                                    0x01002408
                                    0x01002410
                                    0x01002417
                                    0x01002422
                                    0x01002422
                                    0x01002417
                                    0x010023c5
                                    0x010023b2
                                    0x00000000

                                    Strings
                                    • HEAP: , xrefs: 010022E6, 010023F6
                                    • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01002403
                                    • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 010022F3
                                    • HEAP[%wZ]: , xrefs: 010022D7, 010023E7
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                    • API String ID: 0-1657114761
                                    • Opcode ID: a7e90f2f806196bd0ab90cfa0e7bc9457a1e603b99e61434da6382618eb1fb84
                                    • Instruction ID: 2fe654e85403e96acc7a9cf96d70d5726bd5196d20152223cb71b143ff5ae65e
                                    • Opcode Fuzzy Hash: a7e90f2f806196bd0ab90cfa0e7bc9457a1e603b99e61434da6382618eb1fb84
                                    • Instruction Fuzzy Hash: 7FD1CE30A00205DFEB19CF69C590BAAB7F1FF48310F158169D89A9B785E334E845EF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FBA229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 69%
                                    			E00FBA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E00FBDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E00FD9730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E0105A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E00FD9660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E00F9B150();
					} else {
						E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E00F9B150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E00FB7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E0105138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E00FB7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E00FB7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E01051582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E00FB7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E00FB7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E01051582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E00FED5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                    0x00fba229
                                    0x00fba231
                                    0x00fba23f
                                    0x00fba242
                                    0x00fba244
                                    0x00fba24c
                                    0x00fba255
                                    0x00fba25a
                                    0x00fba25f
                                    0x01001c76
                                    0x01001c78
                                    0x01001c7e
                                    0x01001c7f
                                    0x01001c81
                                    0x01001c82
                                    0x01001c84
                                    0x01001c89
                                    0x01001c8b
                                    0x01001c9e
                                    0x01001c9e
                                    0x01001cab
                                    0x01001cb2
                                    0x00000000
                                    0x01001cb2
                                    0x01001c8d
                                    0x01001c92
                                    0x00000000
                                    0x00000000
                                    0x01001c94
                                    0x01001c98
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x01001c98
                                    0x00fba265
                                    0x00fba265
                                    0x00fba266
                                    0x00fba26f
                                    0x00fba270
                                    0x00fba276
                                    0x00fba277
                                    0x00fba279
                                    0x00fba27e
                                    0x00fba282
                                    0x01001db5
                                    0x01001dbb
                                    0x01001dc1
                                    0x01001dc5
                                    0x01001de4
                                    0x01001de9
                                    0x01001dc7
                                    0x01001ddc
                                    0x01001de1
                                    0x01001def
                                    0x01001df3
                                    0x01001df7
                                    0x01001dfe
                                    0x01001e06
                                    0x00fba302
                                    0x00fba308
                                    0x00fba308
                                    0x00fba288
                                    0x00fba28d
                                    0x00fba294
                                    0x01001cc1
                                    0x00fba29a
                                    0x00fba29a
                                    0x00fba29a
                                    0x00fba29f
                                    0x01001ccb
                                    0x01001cd1
                                    0x01001cd8
                                    0x01001cea
                                    0x01001cea
                                    0x01001cd8
                                    0x00fba2a9
                                    0x00fba2af
                                    0x00fba2bc
                                    0x01001cfd
                                    0x00fba2c2
                                    0x00fba2c2
                                    0x00fba2c2
                                    0x00fba2c7
                                    0x01001d07
                                    0x01001d0d
                                    0x01001d14
                                    0x01001d1f
                                    0x01001d21
                                    0x01001d2c
                                    0x01001d2c
                                    0x01001d2c
                                    0x01001d47
                                    0x01001d47
                                    0x01001d14
                                    0x00fba2cd
                                    0x00fba2d2
                                    0x00fba2d9
                                    0x01001d5a
                                    0x00fba2df
                                    0x00fba2df
                                    0x00fba2df
                                    0x00fba2e4
                                    0x01001d69
                                    0x01001d6b
                                    0x01001d76
                                    0x01001d76
                                    0x01001d76
                                    0x01001d91
                                    0x01001d91
                                    0x00fba2ea
                                    0x00fba2f0
                                    0x00fba2f5
                                    0x01001da8
                                    0x01001dad
                                    0x01001dad
                                    0x00fba2fd
                                    0x00fba300
                                    0x00000000

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                    • API String ID: 2994545307-2586055223
                                    • Opcode ID: ebea3ff67be988aaae8653267045d5b24514ff4d5a5312ae08300e4096378b76
                                    • Instruction ID: d8c22ef63ca21e1ee93edca73b0311fcd423c20885e400587ff0c07361082aa6
                                    • Opcode Fuzzy Hash: ebea3ff67be988aaae8653267045d5b24514ff4d5a5312ae08300e4096378b76
                                    • Instruction Fuzzy Hash: 4151F5322086809FE712EB69CC45FA777E8FF84B50F180469F9958B2D2D775D800DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 010549A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                    • API String ID: 2994545307-336120773
                                    • Opcode ID: 9f54a6826f2c621c0b04f6bb21963d947be44c146fbe6b726d97e889edd85883
                                    • Instruction ID: 1084c0cdf4c4d4878233792e781e3cdf0fbb142971c60b49b4b2bd757e6344c7
                                    • Opcode Fuzzy Hash: 9f54a6826f2c621c0b04f6bb21963d947be44c146fbe6b726d97e889edd85883
                                    • Instruction Fuzzy Hash: 6F31E431100104AFE7D1DB98CC85FEB77E8EB05B20F144096F949DB2A2E775E8C4DA66
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FB99BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 78%
                                    			E00FB99BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E0104FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E0105A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E00FED540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E00F9B150();
										} else {
											E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E00F9B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x1086378 = 1;
											asm("int3");
											 *0x1086378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E00FBA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E00FBA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E00FBBC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E0105A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E00FBA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E00FBA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E00FED540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E00F9B150();
								} else {
									E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E00F9B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x1086378 = 1;
									asm("int3");
									 *0x1086378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E0104FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E0105A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E00FED540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E00F9B150();
													} else {
														E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E00F9B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x1086378 = 1;
														asm("int3");
														 *0x1086378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E00FBA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E00FBA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E00FBBC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E0105A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E00FED540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E00F9B150();
													} else {
														E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E00F9B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x1086378 = 1;
														asm("int3");
														 *0x1086378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E00FBA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E00FBA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E00FBBC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E00FBBC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                    0x00fb99ca
                                    0x00fb99cc
                                    0x00fb99df
                                    0x00fb99e3
                                    0x00fb99f8
                                    0x00fb99fb
                                    0x00fb99fb
                                    0x00000000
                                    0x00fb9a48
                                    0x00fb9a48
                                    0x00fb9a4c
                                    0x00fb9a51
                                    0x00fb9a55
                                    0x00fb9a61
                                    0x00fb9a66
                                    0x00fb9a68
                                    0x01001457
                                    0x0100145c
                                    0x0100145c
                                    0x00fb9a68
                                    0x00fb9a6e
                                    0x00fb9a71
                                    0x00fb9a74
                                    0x00fb9a76
                                    0x01001466
                                    0x01001469
                                    0x01001469
                                    0x0100146c
                                    0x0100146e
                                    0x01001471
                                    0x01001474
                                    0x01001477
                                    0x01001479
                                    0x0100159c
                                    0x0100159c
                                    0x0100159d
                                    0x010015a6
                                    0x010015ab
                                    0x010015ab
                                    0x00000000
                                    0x010015ab
                                    0x0100147f
                                    0x01001481
                                    0x00000000
                                    0x00000000
                                    0x0100148a
                                    0x0100148d
                                    0x01001493
                                    0x01001495
                                    0x010014c0
                                    0x010014c0
                                    0x010014c3
                                    0x010014c6
                                    0x010014c8
                                    0x010014cb
                                    0x010014cf
                                    0x010014f2
                                    0x010014f2
                                    0x010014f5
                                    0x010014f8
                                    0x01001501
                                    0x01001508
                                    0x0100150b
                                    0x0100150e
                                    0x01001510
                                    0x01001513
                                    0x01001515
                                    0x01001515
                                    0x01001518
                                    0x01001518
                                    0x01001513
                                    0x01001521
                                    0x01001525
                                    0x0100152a
                                    0x0100152d
                                    0x01001530
                                    0x01001532
                                    0x01001539
                                    0x0100153d
                                    0x0100155d
                                    0x01001562
                                    0x0100153f
                                    0x01001555
                                    0x0100155a
                                    0x01001570
                                    0x01001577
                                    0x0100157c
                                    0x01001582
                                    0x01001585
                                    0x01001589
                                    0x0100158b
                                    0x01001592
                                    0x01001593
                                    0x01001593
                                    0x01001589
                                    0x01001530
                                    0x00000000
                                    0x010014f8
                                    0x010014d5
                                    0x010014da
                                    0x010014dc
                                    0x00000000
                                    0x010014de
                                    0x010014e8
                                    0x00000000
                                    0x010014e8
                                    0x01001497
                                    0x01001497
                                    0x010014a4
                                    0x010014a4
                                    0x010014a7
                                    0x010014a9
                                    0x010014ab
                                    0x010014ab
                                    0x0100149c
                                    0x0100149e
                                    0x010014a0
                                    0x010014b0
                                    0x010014b0
                                    0x00000000
                                    0x010014a2
                                    0x010014a2
                                    0x00000000
                                    0x010014a2
                                    0x010014a0
                                    0x010014b3
                                    0x010014bb
                                    0x00000000
                                    0x010014bb
                                    0x01001495
                                    0x00fb9a7c
                                    0x00fb9a7c
                                    0x00fb9a7f
                                    0x00fb9a7f
                                    0x00fb9a82
                                    0x00fb9a84
                                    0x00fb9a87
                                    0x00fb9a8a
                                    0x00fb9a8d
                                    0x00fb9a8f
                                    0x0100166a
                                    0x0100166a
                                    0x0100166b
                                    0x01001674
                                    0x00000000
                                    0x01001674
                                    0x00fb9a95
                                    0x00fb9a97
                                    0x00000000
                                    0x00000000
                                    0x00fb9aa0
                                    0x00fb9aa3
                                    0x00fb9aa9
                                    0x00fb9aab
                                    0x00fb9ad7
                                    0x00fb9ad7
                                    0x00fb9ada
                                    0x00fb9add
                                    0x00fb9adf
                                    0x00fb9ae2
                                    0x00fb9ae6
                                    0x00fb9b22
                                    0x00fb9b27
                                    0x00fb9b29
                                    0x00000000
                                    0x00fb9b2b
                                    0x010015be
                                    0x00000000
                                    0x010015be
                                    0x00fb9b29
                                    0x00fb9ae8
                                    0x00fb9ae8
                                    0x00fb9aeb
                                    0x00fb9aee
                                    0x010015cb
                                    0x010015d2
                                    0x010015d5
                                    0x010015d7
                                    0x010015da
                                    0x010015dc
                                    0x010015dc
                                    0x010015dc
                                    0x010015da
                                    0x010015e5
                                    0x010015e9
                                    0x010015ee
                                    0x010015f1
                                    0x010015f3
                                    0x010015f9
                                    0x01001600
                                    0x01001604
                                    0x01001624
                                    0x01001629
                                    0x01001606
                                    0x0100161c
                                    0x01001621
                                    0x01001637
                                    0x0100163e
                                    0x01001643
                                    0x01001649
                                    0x0100164c
                                    0x01001650
                                    0x01001656
                                    0x0100165d
                                    0x0100165e
                                    0x0100165e
                                    0x01001650
                                    0x010015f3
                                    0x00fb9af4
                                    0x00fb9af7
                                    0x00fb9afc
                                    0x00fb9b00
                                    0x00fb9b04
                                    0x00fb9b08
                                    0x00fb9b14
                                    0x00fb99fe
                                    0x00fb9a04
                                    0x00fb9a07
                                    0x00000000
                                    0x00fb9a29
                                    0x0100169c
                                    0x010016a0
                                    0x010016a5
                                    0x010016a9
                                    0x010016b5
                                    0x010016ba
                                    0x010016bc
                                    0x010016be
                                    0x010016c3
                                    0x010016c3
                                    0x010016bc
                                    0x010016c8
                                    0x010016cc
                                    0x0100181b
                                    0x0100181b
                                    0x0100181e
                                    0x0100181e
                                    0x01001821
                                    0x01001823
                                    0x01001826
                                    0x01001829
                                    0x0100182c
                                    0x0100182e
                                    0x01001688
                                    0x01001688
                                    0x01001689
                                    0x0100168b
                                    0x0100168c
                                    0x0100168d
                                    0x0100168f
                                    0x01001692
                                    0x00000000
                                    0x01001692
                                    0x01001834
                                    0x01001836
                                    0x00000000
                                    0x00000000
                                    0x0100183f
                                    0x01001842
                                    0x01001848
                                    0x0100184a
                                    0x01001875
                                    0x01001875
                                    0x01001878
                                    0x0100187b
                                    0x0100187d
                                    0x01001880
                                    0x01001884
                                    0x010018a7
                                    0x010018a7
                                    0x010018aa
                                    0x010018ad
                                    0x010018b6
                                    0x010018bd
                                    0x010018c0
                                    0x010018c3
                                    0x010018c5
                                    0x010018c8
                                    0x010018ca
                                    0x010018ca
                                    0x010018cd
                                    0x010018cd
                                    0x010018c8
                                    0x010018d5
                                    0x010018da
                                    0x010018df
                                    0x010018e2
                                    0x010018e5
                                    0x010018e7
                                    0x010018ee
                                    0x010018f2
                                    0x01001912
                                    0x01001917
                                    0x010018f4
                                    0x0100190a
                                    0x0100190f
                                    0x01001925
                                    0x0100192c
                                    0x01001931
                                    0x0100193a
                                    0x0100193e
                                    0x01001940
                                    0x01001947
                                    0x01001948
                                    0x01001948
                                    0x0100193e
                                    0x010018e5
                                    0x0100194f
                                    0x01001952
                                    0x01001956
                                    0x0100195d
                                    0x01001961
                                    0x0100196d
                                    0x00000000
                                    0x0100196d
                                    0x0100188a
                                    0x0100188f
                                    0x01001891
                                    0x00000000
                                    0x00000000
                                    0x0100189d
                                    0x00000000
                                    0x0100189d
                                    0x0100184c
                                    0x01001859
                                    0x01001859
                                    0x0100185c
                                    0x00000000
                                    0x00000000
                                    0x01001851
                                    0x01001853
                                    0x01001855
                                    0x01001865
                                    0x01001865
                                    0x01001866
                                    0x01001868
                                    0x01001870
                                    0x00000000
                                    0x01001870
                                    0x01001857
                                    0x01001857
                                    0x0100185e
                                    0x00000000
                                    0x010016d2
                                    0x010016d2
                                    0x010016d5
                                    0x010016d5
                                    0x010016d8
                                    0x010016da
                                    0x010016dd
                                    0x010016e0
                                    0x010016e3
                                    0x010016e5
                                    0x01001808
                                    0x01001808
                                    0x01001809
                                    0x01001812
                                    0x01001817
                                    0x01001817
                                    0x00000000
                                    0x01001817
                                    0x010016eb
                                    0x010016ed
                                    0x00000000
                                    0x00000000
                                    0x010016f6
                                    0x010016f9
                                    0x010016ff
                                    0x01001701
                                    0x0100172c
                                    0x0100172c
                                    0x0100172f
                                    0x01001732
                                    0x01001734
                                    0x01001737
                                    0x0100173b
                                    0x0100175e
                                    0x0100175e
                                    0x01001761
                                    0x01001764
                                    0x0100176d
                                    0x01001774
                                    0x01001777
                                    0x0100177a
                                    0x0100177c
                                    0x0100177f
                                    0x01001781
                                    0x01001781
                                    0x01001784
                                    0x01001784
                                    0x0100177f
                                    0x0100178c
                                    0x01001791
                                    0x01001796
                                    0x01001799
                                    0x0100179c
                                    0x0100179e
                                    0x010017a5
                                    0x010017a9
                                    0x010017c9
                                    0x010017ce
                                    0x010017ab
                                    0x010017c1
                                    0x010017c6
                                    0x010017dc
                                    0x010017e3
                                    0x010017e8
                                    0x010017ee
                                    0x010017f1
                                    0x010017f5
                                    0x010017f7
                                    0x010017fe
                                    0x010017ff
                                    0x010017ff
                                    0x010017f5
                                    0x0100179c
                                    0x00000000
                                    0x01001764
                                    0x01001741
                                    0x01001746
                                    0x01001748
                                    0x00000000
                                    0x00000000
                                    0x01001754
                                    0x00000000
                                    0x01001754
                                    0x01001703
                                    0x01001710
                                    0x01001710
                                    0x01001713
                                    0x00000000
                                    0x00000000
                                    0x01001708
                                    0x0100170a
                                    0x0100170c
                                    0x0100171c
                                    0x0100171c
                                    0x0100171d
                                    0x0100171f
                                    0x01001727
                                    0x00000000
                                    0x01001727
                                    0x0100170e
                                    0x0100170e
                                    0x01001715
                                    0x00000000
                                    0x01001715
                                    0x010016cc
                                    0x00fb9a45
                                    0x00fb9a45
                                    0x00fb9a0e
                                    0x00fb9a1c
                                    0x00fb9a23
                                    0x0100167e
                                    0x0100167f
                                    0x01001681
                                    0x01001683
                                    0x01001684
                                    0x00000000
                                    0x01001684
                                    0x00000000
                                    0x00fb9aad
                                    0x00fb9aad
                                    0x00fb9ab0
                                    0x00fb9ab3
                                    0x00fb9ab3
                                    0x00fb9ab6
                                    0x00000000
                                    0x00000000
                                    0x00fb9ab8
                                    0x00fb9aba
                                    0x00fb9abc
                                    0x00fb9ac8
                                    0x00fb9ac8
                                    0x00000000
                                    0x00fb9abe
                                    0x00fb9abe
                                    0x00fb9ac0
                                    0x00000000
                                    0x00fb9ac0
                                    0x00fb9abc
                                    0x00fb9ad2
                                    0x00000000
                                    0x00fb9ad2
                                    0x00fb9aab

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                    • API String ID: 0-3178619729
                                    • Opcode ID: 351f90a93d80288c3d1625a415969a2012a8830fc9620d8114cabc067a1ab3b1
                                    • Instruction ID: db44b30ced2bbf5e99e2a3159f7eca614da2135fdd8aeee5aaef5102bbdda495
                                    • Opcode Fuzzy Hash: 351f90a93d80288c3d1625a415969a2012a8830fc9620d8114cabc067a1ab3b1
                                    • Instruction Fuzzy Hash: 4B222370600241DFEB26CF2DC895BBABBF5EF44704F2885A9E4868B382D775D981CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FA8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 83%
                                    			E00FA8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E00FA934A() != 0) {
								_t159 = E0101A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1085780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01015510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1085780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E00FA849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E00FA8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E00FA8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1085c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1085c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E00FB2280(_t92, 0x10886cc);
															_t94 = E01069DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E00FC61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1085c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E00FA8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1085c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1085c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E00FDF380(_t136, 0xf71184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E00FB2280(_t108, 0x10886cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E00FC61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01069D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E00FAFFB0(_t118, _t156, 0x10886cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E00FD9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                    0x00fa8799
                                    0x00fa879d
                                    0x00fa87a1
                                    0x00fa87a3
                                    0x00fa87a8
                                    0x00fa87c3
                                    0x00fa87c3
                                    0x00fa87c8
                                    0x00fa87d1
                                    0x00fa87d4
                                    0x00fa87d8
                                    0x00fa87e5
                                    0x00fa87ec
                                    0x00ff9bfe
                                    0x00ff9c00
                                    0x00ff9c02
                                    0x00ff9c08
                                    0x00ff9c0d
                                    0x00ff9c0f
                                    0x00ff9c14
                                    0x00ff9c2d
                                    0x00ff9c32
                                    0x00ff9c37
                                    0x00ff9c3a
                                    0x00ff9c3c
                                    0x00ff9c42
                                    0x00ff9c42
                                    0x00ff9c3c
                                    0x00ff9c02
                                    0x00fa87da
                                    0x00fa87df
                                    0x00fa87e3
                                    0x00000000
                                    0x00000000
                                    0x00fa87e3
                                    0x00fa87f2
                                    0x00000000
                                    0x00fa87fb
                                    0x00fa87fd
                                    0x00fa87fe
                                    0x00fa880e
                                    0x00fa880f
                                    0x00fa8810
                                    0x00fa8814
                                    0x00fa881a
                                    0x00fa881c
                                    0x00fa881f
                                    0x00fa8821
                                    0x00fa8822
                                    0x00fa8824
                                    0x00fa8826
                                    0x00fa882c
                                    0x00fa882e
                                    0x00ff9c48
                                    0x00ff9c48
                                    0x00fa8834
                                    0x00fa8834
                                    0x00fa8837
                                    0x00000000
                                    0x00000000
                                    0x00fa8837
                                    0x00fa882e
                                    0x00fa883d
                                    0x00fa8840
                                    0x00fa8843
                                    0x00fa8846
                                    0x00fa8849
                                    0x00fa884c
                                    0x00fa884e
                                    0x00fa8850
                                    0x00fa8852
                                    0x00fa8854
                                    0x00fa8857
                                    0x00fa88b4
                                    0x00fa88b6
                                    0x00fa88b6
                                    0x00fa8859
                                    0x00fa8859
                                    0x00fa8859
                                    0x00fa8861
                                    0x00fa8866
                                    0x00fa886a
                                    0x00fa893d
                                    0x00fa8941
                                    0x00000000
                                    0x00fa8947
                                    0x00fa8947
                                    0x00fa894a
                                    0x00fa894c
                                    0x00000000
                                    0x00fa8952
                                    0x00fa8955
                                    0x00fa895a
                                    0x00fa895d
                                    0x00fa895d
                                    0x00fa895f
                                    0x00fa8961
                                    0x00fa8961
                                    0x00fa8968
                                    0x00000000
                                    0x00000000
                                    0x00fa896a
                                    0x00fa896b
                                    0x00fa896e
                                    0x00000000
                                    0x00fa8970
                                    0x00fa8970
                                    0x00fa8970
                                    0x00fa8970
                                    0x00fa8972
                                    0x00fa8972
                                    0x00fa8974
                                    0x00000000
                                    0x00fa897a
                                    0x00fa897a
                                    0x00fa897d
                                    0x00000000
                                    0x00fa8983
                                    0x00ff9c65
                                    0x00ff9c6d
                                    0x00ff9c72
                                    0x00ff9c75
                                    0x00ff9c75
                                    0x00ff9c82
                                    0x00ff9c86
                                    0x00ff9c87
                                    0x00ff9c88
                                    0x00ff9c89
                                    0x00ff9c8c
                                    0x00ff9c90
                                    0x00ff9c95
                                    0x00ff9c97
                                    0x00ff9ca0
                                    0x00ff9ca3
                                    0x00ff9ca9
                                    0x00ff9ca9
                                    0x00000000
                                    0x00ff9ca9
                                    0x00ff9ca3
                                    0x00000000
                                    0x00ff9c97
                                    0x00fa897d
                                    0x00000000
                                    0x00fa8974
                                    0x00fa8988
                                    0x00fa8992
                                    0x00fa8996
                                    0x00000000
                                    0x00fa8996
                                    0x00fa894c
                                    0x00000000
                                    0x00fa8870
                                    0x00fa887b
                                    0x00fa887d
                                    0x00fa887f
                                    0x00fa8881
                                    0x00fa8884
                                    0x00fa8884
                                    0x00fa8886
                                    0x00fa8889
                                    0x00fa888c
                                    0x00fa888e
                                    0x00fa8891
                                    0x00fa8891
                                    0x00fa8898
                                    0x00000000
                                    0x00000000
                                    0x00fa889a
                                    0x00fa889b
                                    0x00fa889e
                                    0x00000000
                                    0x00000000
                                    0x00fa88a0
                                    0x00fa88a8
                                    0x00fa88b0
                                    0x00fa88b2
                                    0x00fa88d3
                                    0x00fa88d5
                                    0x00000000
                                    0x00fa88d7
                                    0x00fa88db
                                    0x00fa88dc
                                    0x00fa88e0
                                    0x00fa88e8
                                    0x00fa88ee
                                    0x00fa88f0
                                    0x00fa88f3
                                    0x00fa88fc
                                    0x00fa8901
                                    0x00fa8906
                                    0x00fa890c
                                    0x00fa890c
                                    0x00fa890f
                                    0x00fa8916
                                    0x00fa8917
                                    0x00fa8918
                                    0x00fa8919
                                    0x00fa891a
                                    0x00fa891f
                                    0x00fa8921
                                    0x00ff9c52
                                    0x00ff9c55
                                    0x00ff9c5b
                                    0x00ff9cac
                                    0x00ff9cc0
                                    0x00ff9cc0
                                    0x00ff9c55
                                    0x00fa8927
                                    0x00fa8927
                                    0x00fa892f
                                    0x00fa8933
                                    0x00000000
                                    0x00fa88f5
                                    0x00fa88f5
                                    0x00000000
                                    0x00fa88f7
                                    0x00fa88f7
                                    0x00fa88fa
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fa88fa
                                    0x00fa88f5
                                    0x00fa88f3
                                    0x00000000
                                    0x00fa88d5
                                    0x00000000
                                    0x00fa88b2
                                    0x00fa88c9
                                    0x00000000
                                    0x00fa88c9
                                    0x00fa887f
                                    0x00fa886a
                                    0x00fa8857
                                    0x00fa8852
                                    0x00fa88bf
                                    0x00fa88bf
                                    0x00fa87aa
                                    0x00fa87ad
                                    0x00fa87ae
                                    0x00fa87b4
                                    0x00fa87b5
                                    0x00fa87b6
                                    0x00fa87b8
                                    0x00fa87bd
                                    0x00fa87c1
                                    0x00fa87f4
                                    0x00fa87fa
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fa87c1
                                    0x00000000

                                    Strings
                                    • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 00FF9C18
                                    • LdrpDoPostSnapWork, xrefs: 00FF9C1E
                                    • minkernel\ntdll\ldrsnap.c, xrefs: 00FF9C28
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                    • API String ID: 2994545307-1948996284
                                    • Opcode ID: dd3b88eebdb34e842d4defcee769381e315328eb0eecb1a257983ee462e63ebe
                                    • Instruction ID: 8158de2155bc76fb17b396c59251027f1d2768e93a2d543cd08a8d853d9a5fda
                                    • Opcode Fuzzy Hash: dd3b88eebdb34e842d4defcee769381e315328eb0eecb1a257983ee462e63ebe
                                    • Instruction Fuzzy Hash: BE9134B1E0020A9FDF18DF58C881ABE73B5FF46760B544069E945AB250DFB4ED02EB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FCAC7B Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 80%
                                    			E00FCAC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E00FED5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x1088a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E00FD96E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E01043C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E00FD96E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E00F9B150();
							} else {
								E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E00F9B150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E010514FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E00FB7D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E01051411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E00FB7D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E01051411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                    0x00fcac85
                                    0x00fcac88
                                    0x00fcac8a
                                    0x00fcac8d
                                    0x00fcac91
                                    0x00fcac99
                                    0x00fcac9c
                                    0x01009f57
                                    0x01009f5b
                                    0x01009f60
                                    0x01009f60
                                    0x00fcaca8
                                    0x00fcacae
                                    0x00fcacda
                                    0x00fcacde
                                    0x00fcace8
                                    0x00fcaceb
                                    0x00fcacee
                                    0x00000000
                                    0x00fcacee
                                    0x00fcacf6
                                    0x00fcacb0
                                    0x00fcacb0
                                    0x00fcacbb
                                    0x00fcacbd
                                    0x00fcacc0
                                    0x00fcacc5
                                    0x00fcadae
                                    0x00fcadb4
                                    0x00fcadb4
                                    0x00fcacd4
                                    0x00fcacd8
                                    0x00fcacf9
                                    0x00fcacff
                                    0x00fcad04
                                    0x00fcad08
                                    0x00fcad09
                                    0x00fcad10
                                    0x00fcad12
                                    0x00fcad18
                                    0x01009f6f
                                    0x01009f74
                                    0x01009f76
                                    0x01009f7c
                                    0x01009f84
                                    0x01009f88
                                    0x01009f89
                                    0x01009f90
                                    0x01009f90
                                    0x01009f76
                                    0x00fcad1e
                                    0x00fcad24
                                    0x00fcad26
                                    0x0100a097
                                    0x0100a09b
                                    0x0100a0ba
                                    0x0100a0bf
                                    0x0100a09d
                                    0x0100a0b2
                                    0x0100a0b7
                                    0x0100a0c5
                                    0x0100a0c8
                                    0x0100a0cb
                                    0x0100a0d2
                                    0x00000000
                                    0x00fcad2c
                                    0x00fcad2c
                                    0x00fcad2f
                                    0x00fcad34
                                    0x00fcad36
                                    0x01009f97
                                    0x01009f9a
                                    0x00000000
                                    0x00000000
                                    0x01009fa9
                                    0x00fcad3e
                                    0x00fcad3e
                                    0x00fcad41
                                    0x01009fb3
                                    0x01009fb9
                                    0x01009fc0
                                    0x01009fd0
                                    0x01009fd0
                                    0x01009fc0
                                    0x00fcad4a
                                    0x00fcad50
                                    0x00fcad5c
                                    0x00fcad62
                                    0x00fcad68
                                    0x00fcad6b
                                    0x00fcad6d
                                    0x01009fda
                                    0x01009fdd
                                    0x00000000
                                    0x00000000
                                    0x01009fec
                                    0x00000000
                                    0x00fcad73
                                    0x00fcad73
                                    0x00fcad73
                                    0x00fcad75
                                    0x00fcad75
                                    0x00fcad78
                                    0x01009ff6
                                    0x01009ffc
                                    0x0100a003
                                    0x0100a00e
                                    0x0100a010
                                    0x0100a01b
                                    0x0100a01b
                                    0x0100a01b
                                    0x0100a038
                                    0x0100a038
                                    0x0100a003
                                    0x00fcad84
                                    0x00fcad89
                                    0x00fcad8c
                                    0x00fcad8e
                                    0x0100a042
                                    0x0100a045
                                    0x00000000
                                    0x00000000
                                    0x0100a054
                                    0x00000000
                                    0x00fcad94
                                    0x00fcad94
                                    0x00fcad94
                                    0x00fcad96
                                    0x00fcad96
                                    0x00fcad99
                                    0x0100a063
                                    0x0100a065
                                    0x0100a070
                                    0x0100a070
                                    0x0100a070
                                    0x0100a08d
                                    0x0100a08d
                                    0x00fcada4
                                    0x00fcada6
                                    0x00000000
                                    0x00fcada6
                                    0x00fcad8e
                                    0x00fcad6d
                                    0x00fcad3c
                                    0x00fcad3c
                                    0x00000000
                                    0x00fcad3c
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fcacd8

                                    Strings
                                    • HEAP: , xrefs: 0100A0BA
                                    • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0100A0CD
                                    • HEAP[%wZ]: , xrefs: 0100A0AD
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                    • API String ID: 0-1340214556
                                    • Opcode ID: af4cc4c327375f9bc28d5b4a993339e1b36243dd4d946e866644fa8497b990cb
                                    • Instruction ID: 80a121a18ffffeb98333517cf57d8721e42f7e0ff9761f5e5c840615bc34b213
                                    • Opcode Fuzzy Hash: af4cc4c327375f9bc28d5b4a993339e1b36243dd4d946e866644fa8497b990cb
                                    • Instruction Fuzzy Hash: 4A815831604689EFE726CB68C985FAABBF4FF04314F1441A9F58187692D778E940EB11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FBB73D Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 74%
                                    			E00FBB73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E0105A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x1088748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E00F9B150();
					} else {
						E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E00F9B150();
					__eflags =  *0x1087bc8;
					if(__eflags == 0) {
						E01052073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E0105A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x1088720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x1088720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E00FBB8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E0105A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E00FBE4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                    0x00fbb746
                                    0x00fbb74b
                                    0x00fbb74d
                                    0x00fbb750
                                    0x00fbb755
                                    0x00fbb758
                                    0x00fbb758
                                    0x00fbb75e
                                    0x00fbb763
                                    0x00fbb764
                                    0x00fbb76a
                                    0x00fbb76d
                                    0x00fbb771
                                    0x00fbb776
                                    0x00fbb85c
                                    0x00fbb85d
                                    0x00fbb860
                                    0x00fbb865
                                    0x01002ba1
                                    0x01002ba2
                                    0x01002ba9
                                    0x01002bae
                                    0x01002bae
                                    0x00fbb77c
                                    0x00fbb77c
                                    0x00fbb77c
                                    0x00fbb785
                                    0x00fbb788
                                    0x01002bb6
                                    0x01002bb9
                                    0x00000000
                                    0x00000000
                                    0x01002bbf
                                    0x01002bc5
                                    0x01002bc9
                                    0x01002be8
                                    0x01002bed
                                    0x01002bcb
                                    0x01002be0
                                    0x01002be5
                                    0x01002bf3
                                    0x01002bf8
                                    0x01002bfd
                                    0x01002c05
                                    0x01002c0e
                                    0x01002c0e
                                    0x00000000
                                    0x00fbb78e
                                    0x00fbb78e
                                    0x00fbb78e
                                    0x00fbb791
                                    0x00fbb791
                                    0x00fbb797
                                    0x00fbb797
                                    0x00fbb79f
                                    0x00fbb7a9
                                    0x00fbb7af
                                    0x00fbb7af
                                    0x00fbb7b1
                                    0x00fbb7b6
                                    0x00fbb7e2
                                    0x00fbb7e2
                                    0x00fbb7e7
                                    0x00fbb880
                                    0x00fbb7ed
                                    0x00fbb7ed
                                    0x00fbb7ed
                                    0x00fbb7ef
                                    0x00fbb7f2
                                    0x00fbb7f2
                                    0x00fbb7f5
                                    0x00fbb7fa
                                    0x01002c2d
                                    0x01002c2e
                                    0x01002c39
                                    0x00fbb800
                                    0x00fbb800
                                    0x00fbb802
                                    0x00fbb805
                                    0x00fbb808
                                    0x00fbb808
                                    0x00fbb80a
                                    0x00fbb80d
                                    0x00fbb816
                                    0x00fbb81c
                                    0x00fbb822
                                    0x00fbb82f
                                    0x00fbb88b
                                    0x00fbb892
                                    0x00fbb897
                                    0x00fbb899
                                    0x00fbb89b
                                    0x00fbb89e
                                    0x00fbb8a5
                                    0x00fbb8a8
                                    0x00fbb8aa
                                    0x00fbb8ac
                                    0x00fbb8ac
                                    0x00fbb8aa
                                    0x00fbb892
                                    0x00fbb831
                                    0x00fbb839
                                    0x00fbb83b
                                    0x00fbb83b
                                    0x00fbb844
                                    0x00fbb84b
                                    0x00fbb852
                                    0x00fbb7b8
                                    0x00fbb7ba
                                    0x00fbb7bf
                                    0x00fbb7c4
                                    0x01002c18
                                    0x01002c19
                                    0x01002c23
                                    0x00fbb7ca
                                    0x00fbb7ca
                                    0x00fbb7cc
                                    0x00fbb7cf
                                    0x00fbb7d1
                                    0x00fbb7d1
                                    0x00fbb7d4
                                    0x00fbb7dc
                                    0x00fbb8bb
                                    0x00fbb8bb
                                    0x00fbb8be
                                    0x00fbb8be
                                    0x00fbb8c1
                                    0x00000000
                                    0x00000000
                                    0x00fbb8c3
                                    0x00fbb8c5
                                    0x00fbb8c7
                                    0x00fbb8e0
                                    0x00000000
                                    0x00fbb8e0
                                    0x00fbb8cc
                                    0x00fbb8cc
                                    0x00000000
                                    0x00fbb8cc
                                    0x00fbb8d6
                                    0x00fbb8d6
                                    0x00000000
                                    0x00fbb7dc
                                    0x00fbb7b6

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                    • API String ID: 0-1334570610
                                    • Opcode ID: a9268b913dd5f4f9beb0ff993b067b953f1043b8e8632bb4be9f3b97afe51915
                                    • Instruction ID: c405c70e2fedcc1e04edca1b610be2102e8911028b8a279a623a2930ecceef13
                                    • Opcode Fuzzy Hash: a9268b913dd5f4f9beb0ff993b067b953f1043b8e8632bb4be9f3b97afe51915
                                    • Instruction Fuzzy Hash: A1611771600201DFEB29DF25C445BAABBE5FF44314F24856EE8898F291D7B4E882DF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FA7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E00FA7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E00FACEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E00F9C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x1085780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E01015510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x1085780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E00FB7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00FB7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E01017016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E00FB7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00FB7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E01017016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E00FCA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E00F9B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                    0x00fa7e4c
                                    0x00fa7e50
                                    0x00fa7e55
                                    0x00fa7e58
                                    0x00fa7e5d
                                    0x00fa7e71
                                    0x00fa7f33
                                    0x00fa7e77
                                    0x00fa7e77
                                    0x00fa7e79
                                    0x00fa7e79
                                    0x00fa7e7e
                                    0x00fa7f45
                                    0x00ff9848
                                    0x00000000
                                    0x00ff9848
                                    0x00fa7f4e
                                    0x00fa7f53
                                    0x00fa7f5a
                                    0x00000000
                                    0x00000000
                                    0x00ff985a
                                    0x00ff9862
                                    0x00ff9866
                                    0x00000000
                                    0x00ff986c
                                    0x00000000
                                    0x00ff986c
                                    0x00fa7e84
                                    0x00fa7e84
                                    0x00fa7e8d
                                    0x00ff9871
                                    0x00fa7eb8
                                    0x00fa7ec0
                                    0x00fa7ec0
                                    0x00fa7e9a
                                    0x00ff987e
                                    0x00000000
                                    0x00000000
                                    0x00ff9884
                                    0x00ff988b
                                    0x00ff98a7
                                    0x00ff98ac
                                    0x00ff98b1
                                    0x00ff98b6
                                    0x00ff98b8
                                    0x00ff98b8
                                    0x00ff98b9
                                    0x00000000
                                    0x00ff98b9
                                    0x00fa7ea0
                                    0x00fa7ea7
                                    0x00000000
                                    0x00000000
                                    0x00fa7eac
                                    0x00fa7eb1
                                    0x00fa7ec6
                                    0x00fa7ed0
                                    0x00ff98cc
                                    0x00fa7ed6
                                    0x00fa7ed6
                                    0x00fa7ed6
                                    0x00fa7ede
                                    0x00fa7ee3
                                    0x00ff98e3
                                    0x00ff98f0
                                    0x00ff9902
                                    0x00ff98f2
                                    0x00ff98fb
                                    0x00ff98fb
                                    0x00ff9907
                                    0x00ff991d
                                    0x00ff991d
                                    0x00ff9907
                                    0x00ff98e3
                                    0x00fa7ef0
                                    0x00fa7f14
                                    0x00fa7f14
                                    0x00fa7f1e
                                    0x00ff9946
                                    0x00fa7f24
                                    0x00fa7f24
                                    0x00fa7f24
                                    0x00fa7f2c
                                    0x00ff996a
                                    0x00ff9975
                                    0x00ff9975
                                    0x00ff997e
                                    0x00ff9993
                                    0x00ff9993
                                    0x00ff997e
                                    0x00000000
                                    0x00fa7ef2
                                    0x00fa7efc
                                    0x00fa7f0a
                                    0x00fa7f0e
                                    0x00ff9933
                                    0x00000000
                                    0x00ff9933
                                    0x00000000
                                    0x00fa7f0e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fa7eb1

                                    Strings
                                    • minkernel\ntdll\ldrmap.c, xrefs: 00FF98A2
                                    • Could not validate the crypto signature for DLL %wZ, xrefs: 00FF9891
                                    • LdrpCompleteMapModule, xrefs: 00FF9898
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                    • API String ID: 0-1676968949
                                    • Opcode ID: 53152fac64e8fb2046256c0186a6e711232cb785e45420f4fd7cb69bd719b3cc
                                    • Instruction ID: 1ee2e04f9e25dd44c5c8e41e1b309adf7d5a5faa33027418b1a5cf777e946f60
                                    • Opcode Fuzzy Hash: 53152fac64e8fb2046256c0186a6e711232cb785e45420f4fd7cb69bd719b3cc
                                    • Instruction Fuzzy Hash: D3514572A087849FD721EB68CC84F6A7BE4EF42320F140599E9519B3E1C7B4ED00EB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 010423E3 Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 64%
                                    			E010423E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x108874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x108874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E00FED4F0(_t83, 0xf76c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E00F9B150();
					} else {
						E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E00F9B150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1086378 = 1;
						asm("int3");
						 *0x1086378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                    0x010423e3
                                    0x010423e8
                                    0x010423eb
                                    0x010423ee
                                    0x010423f3
                                    0x0104259b
                                    0x0104259b
                                    0x0104259d
                                    0x010425a3
                                    0x010425a3
                                    0x010423fb
                                    0x01042424
                                    0x0104244f
                                    0x01042460
                                    0x01042451
                                    0x01042451
                                    0x01042456
                                    0x01042458
                                    0x01042458
                                    0x0104245b
                                    0x0104245b
                                    0x01042426
                                    0x01042431
                                    0x01042436
                                    0x01042443
                                    0x01042438
                                    0x01042438
                                    0x01042438
                                    0x01042445
                                    0x01042445
                                    0x01042463
                                    0x01042469
                                    0x0104246f
                                    0x01042480
                                    0x01042495
                                    0x010424a1
                                    0x010424ce
                                    0x010424df
                                    0x010424d0
                                    0x010424d0
                                    0x010424d5
                                    0x010424d7
                                    0x010424d7
                                    0x010424da
                                    0x010424da
                                    0x010424a3
                                    0x010424b0
                                    0x010424b5
                                    0x010424c2
                                    0x010424b7
                                    0x010424b7
                                    0x010424b7
                                    0x010424c4
                                    0x010424c4
                                    0x010424e8
                                    0x01042497
                                    0x0104249a
                                    0x0104249a
                                    0x01042482
                                    0x01042488
                                    0x01042488
                                    0x01042471
                                    0x01042479
                                    0x01042479
                                    0x010424ef
                                    0x010423fd
                                    0x01042401
                                    0x01042412
                                    0x01042403
                                    0x01042403
                                    0x01042408
                                    0x0104240a
                                    0x0104240a
                                    0x0104240d
                                    0x0104240d
                                    0x0104241b
                                    0x0104241b
                                    0x010424f1
                                    0x010424f6
                                    0x01042507
                                    0x01042510
                                    0x00000000
                                    0x01042510
                                    0x0104250b
                                    0x00000000
                                    0x010424f8
                                    0x010424f8
                                    0x010424fc
                                    0x01042500
                                    0x01042512
                                    0x01042515
                                    0x0104251a
                                    0x01042521
                                    0x01042524
                                    0x01042529
                                    0x0104252f
                                    0x00000000
                                    0x00000000
                                    0x0104253c
                                    0x0104255c
                                    0x01042561
                                    0x0104253e
                                    0x01042554
                                    0x01042559
                                    0x0104256a
                                    0x0104256d
                                    0x01042574
                                    0x01042586
                                    0x01042588
                                    0x0104258f
                                    0x01042590
                                    0x01042590
                                    0x01042597
                                    0x00000000
                                    0x01042597

                                    Strings
                                    • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0104256F
                                    • HEAP: , xrefs: 0104255C
                                    • HEAP[%wZ]: , xrefs: 0104254F
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                    • API String ID: 0-3815128232
                                    • Opcode ID: 75f273d9ac85c1fd0523638ec9ede0c132e7c83b4c3ffa6a8c1b4aa60f3a8031
                                    • Instruction ID: 9f945d20125aa97517a033c3668b44726662d4a2ebbd8d51ca5b0deda9d7576a
                                    • Opcode Fuzzy Hash: 75f273d9ac85c1fd0523638ec9ede0c132e7c83b4c3ffa6a8c1b4aa60f3a8031
                                    • Instruction Fuzzy Hash: 335126B43002508BE3B4DA1DE8C477677F1EB84744F5588B9F4C68B285DA7AD482DB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F9E620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 93%
                                    			E00F9E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E00F9F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E00FD95D0();
						}
						if(_t78 != 0) {
							L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E00FDFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E00FDBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E00FD9600();
					if(_t97 < 0) {
						goto L6;
					}
					E00FDBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L00F9F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E00FDBB40(_t83, _t102 + 0x24, _t78);
								if(L00FA43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E00FDBB40(_t84, _t102 + 0x24, _t94);
									if(L00FA43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                    0x00f9e620
                                    0x00f9e628
                                    0x00f9e62f
                                    0x00f9e631
                                    0x00f9e635
                                    0x00f9e637
                                    0x00f9e63e
                                    0x00ff5503
                                    0x00ff5503
                                    0x00f9e64c
                                    0x00f9e64c
                                    0x00f9e651
                                    0x00000000
                                    0x00000000
                                    0x00f9e661
                                    0x00f9e665
                                    0x00ff542a
                                    0x00f9e715
                                    0x00f9e71a
                                    0x00f9e71c
                                    0x00f9e720
                                    0x00f9e720
                                    0x00f9e727
                                    0x00f9e736
                                    0x00f9e736
                                    0x00f9e743
                                    0x00f9e743
                                    0x00f9e673
                                    0x00f9e678
                                    0x00f9e67d
                                    0x00f9e682
                                    0x00f9e685
                                    0x00f9e692
                                    0x00f9e69b
                                    0x00f9e6a3
                                    0x00f9e6ad
                                    0x00f9e6b1
                                    0x00f9e6b2
                                    0x00f9e6bb
                                    0x00f9e6bf
                                    0x00f9e6c0
                                    0x00f9e6c8
                                    0x00f9e6cc
                                    0x00f9e6d5
                                    0x00f9e6d9
                                    0x00000000
                                    0x00000000
                                    0x00f9e6e5
                                    0x00f9e6ea
                                    0x00f9e6f9
                                    0x00f9e70b
                                    0x00f9e70f
                                    0x00ff5439
                                    0x00ff545e
                                    0x00ff545e
                                    0x00000000
                                    0x00ff545e
                                    0x00ff543b
                                    0x00ff543e
                                    0x00ff5440
                                    0x00ff5445
                                    0x00ff5472
                                    0x00ff5475
                                    0x00ff548d
                                    0x00ff5493
                                    0x00ff54a9
                                    0x00000000
                                    0x00000000
                                    0x00ff54ab
                                    0x00ff54b4
                                    0x00ff54bc
                                    0x00ff54c8
                                    0x00ff54de
                                    0x00ff54fb
                                    0x00ff54e0
                                    0x00ff54e6
                                    0x00ff54eb
                                    0x00ff54eb
                                    0x00ff54de
                                    0x00000000
                                    0x00ff54bc
                                    0x00ff5477
                                    0x00ff547a
                                    0x00ff5480
                                    0x00ff5483
                                    0x00ff5486
                                    0x00ff548b
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00ff548b
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00ff5447
                                    0x00ff5447
                                    0x00ff5447
                                    0x00ff5447
                                    0x00ff544e
                                    0x00000000
                                    0x00000000
                                    0x00ff5450
                                    0x00ff5452
                                    0x00ff5455
                                    0x00ff545a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00ff545c
                                    0x00ff546a
                                    0x00ff546d
                                    0x00ff546f
                                    0x00000000
                                    0x00ff546f
                                    0x00f9e70f

                                    Strings
                                    • InstallLanguageFallback, xrefs: 00F9E6DB
                                    • @, xrefs: 00F9E6C0
                                    • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00F9E68C
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                    • API String ID: 0-1757540487
                                    • Opcode ID: 904d3384f73d2289b06d2745cdaa8c8d827e5df4c8a6f73132f410d6df0c7444
                                    • Instruction ID: 08b353fe3f48622d3a292e8eb5f29982a50f1cf9e98eb78603dcd96911ec3d85
                                    • Opcode Fuzzy Hash: 904d3384f73d2289b06d2745cdaa8c8d827e5df4c8a6f73132f410d6df0c7444
                                    • Instruction Fuzzy Hash: DE51A3729087459BDB20DF64C850A7BB3E8BF88B24F05092EFA95D7250E734DD44E7A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FBEB9A Relevance: 3.9, Strings: 3, Instructions: 156COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 75%
                                    			E00FBEB9A(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t62;
				signed int _t63;
				intOrPtr _t64;
				signed int _t65;
				intOrPtr _t77;
				signed int* _t91;
				intOrPtr _t92;
				signed int _t95;
				signed char _t109;
				signed int _t114;
				unsigned int _t119;
				intOrPtr* _t122;
				intOrPtr _t127;
				signed int _t130;
				void* _t135;

				_t92 = __ecx;
				_t122 = __edx;
				_v8 = __ecx;
				 *((intOrPtr*)(__ecx + 0xb4)) = __edx;
				if( *__edx != 0) {
					_t95 =  *((intOrPtr*)(__edx + 4)) -  *((intOrPtr*)(__edx + 0x14)) - 1;
					__eflags =  *(__edx + 8);
					if(__eflags != 0) {
						_t95 = _t95 + _t95;
					}
					 *( *((intOrPtr*)(_t122 + 0x20)) + _t95 * 4) =  *( *((intOrPtr*)(_t122 + 0x20)) + _t95 * 4) & 0x00000000;
					asm("btr eax, esi");
					_t92 = _v8;
				}
				_t62 = _t92 + 0xc0;
				_t127 =  *((intOrPtr*)(_t62 + 4));
				while(1) {
					L2:
					_v12 = _t127;
					if(_t62 == _t127) {
						break;
					}
					_t7 = _t127 - 8; // -8
					_t91 = _t7;
					if( *((intOrPtr*)(_t92 + 0x4c)) != 0) {
						_t119 =  *(_t92 + 0x50) ^  *_t91;
						 *_t91 = _t119;
						_t109 = _t119 >> 0x00000010 ^ _t119 >> 0x00000008 ^ _t119;
						if(_t119 >> 0x18 != _t109) {
							_push(_t109);
							E0104FA2B(_t91, _v8, _t91, _t122, _t127, __eflags);
						}
						_t92 = _v8;
					}
					_t114 =  *_t91 & 0x0000ffff;
					_t63 = _t122;
					_t135 = _t114 -  *((intOrPtr*)(_t122 + 4));
					while(1) {
						_v20 = _t63;
						if(_t135 < 0) {
							break;
						}
						_t130 =  *_t63;
						_v16 = _t130;
						_t127 = _v12;
						if(_t130 != 0) {
							_t63 = _v16;
							__eflags = _t114 -  *((intOrPtr*)(_t63 + 4));
							continue;
						}
						_v16 =  *((intOrPtr*)(_t63 + 4)) - 1;
						L10:
						if( *_t122 != 0) {
							_t64 =  *((intOrPtr*)(_t122 + 4));
							__eflags = _t114 - _t64;
							_t65 = _t64 - 1;
							__eflags = _t65;
							if(_t65 < 0) {
								_t65 = _t114;
							}
							E00FBBC04(_t92, _t122, 1, _t127, _t65, _t114);
						}
						E00FBE4A0(_v8, _v20, 1, _t127, _v16,  *_t91 & 0x0000ffff);
						if( *0x1088748 >= 1) {
							__eflags =  *( *((intOrPtr*)(_v20 + 0x1c)) + (_v16 -  *((intOrPtr*)(_v20 + 0x14)) >> 5) * 4) & 1 << (_v16 -  *((intOrPtr*)(_v20 + 0x14)) & 0x0000001f);
							if(__eflags == 0) {
								_t77 =  *[fs:0x30];
								__eflags =  *(_t77 + 0xc);
								if( *(_t77 + 0xc) == 0) {
									_push("HEAP: ");
									E00F9B150();
								} else {
									E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))");
								E00F9B150();
								__eflags =  *0x1087bc8;
								if(__eflags == 0) {
									__eflags = 1;
									E01052073(_t91, 1, _t122, 1);
								}
							}
							_t127 = _v12;
						}
						_t92 = _v8;
						if( *((intOrPtr*)(_t92 + 0x4c)) != 0) {
							_t91[0] = _t91[0] ^ _t91[0] ^  *_t91;
							 *_t91 =  *_t91 ^  *(_t92 + 0x50);
						}
						_t127 =  *((intOrPtr*)(_t127 + 4));
						_t62 = _t92 + 0xc0;
						goto L2;
					}
					_v16 = _t114;
					goto L10;
				}
				return _t62;
			}


























                                    0x00fbeb9a
                                    0x00fbeba5
                                    0x00fbeba7
                                    0x00fbebaa
                                    0x00fbebb3
                                    0x00fbeca0
                                    0x00fbeca1
                                    0x00fbeca5
                                    0x00fbecd1
                                    0x00fbecd1
                                    0x00fbecaa
                                    0x00fbecc3
                                    0x00fbecc9
                                    0x00fbecc9
                                    0x00fbebb9
                                    0x00fbebbf
                                    0x00fbebc2
                                    0x00fbebc2
                                    0x00fbebc2
                                    0x00fbebc7
                                    0x00000000
                                    0x00000000
                                    0x00fbebd1
                                    0x00fbebd1
                                    0x00fbebd4
                                    0x00fbebd9
                                    0x00fbebdd
                                    0x00fbebe9
                                    0x00fbebf0
                                    0x01004258
                                    0x0100425e
                                    0x0100425e
                                    0x00fbebf6
                                    0x00fbebf6
                                    0x00fbebf9
                                    0x00fbebfc
                                    0x00fbebfe
                                    0x00fbec01
                                    0x00fbec01
                                    0x00fbec04
                                    0x00000000
                                    0x00000000
                                    0x00fbec0a
                                    0x00fbec0e
                                    0x00fbec11
                                    0x00fbec14
                                    0x00fbec8f
                                    0x00fbec92
                                    0x00000000
                                    0x00fbec92
                                    0x00fbec1a
                                    0x00fbec1d
                                    0x00fbec20
                                    0x00fbec72
                                    0x00fbec75
                                    0x00fbec77
                                    0x00fbec77
                                    0x00fbec78
                                    0x00fbec7a
                                    0x00fbec7a
                                    0x00fbec83
                                    0x00fbec83
                                    0x00fbec32
                                    0x00fbec3e
                                    0x01004281
                                    0x01004284
                                    0x01004286
                                    0x0100428c
                                    0x01004290
                                    0x010042af
                                    0x010042b4
                                    0x01004292
                                    0x010042a7
                                    0x010042ac
                                    0x010042ba
                                    0x010042bf
                                    0x010042c4
                                    0x010042cc
                                    0x010042d0
                                    0x010042d1
                                    0x010042d1
                                    0x010042cc
                                    0x010042d6
                                    0x010042d6
                                    0x00fbec44
                                    0x00fbec4b
                                    0x00fbec55
                                    0x00fbec5b
                                    0x00fbec5b
                                    0x00fbec5d
                                    0x00fbec60
                                    0x00000000
                                    0x00fbec60
                                    0x00fbec8a
                                    0x00000000
                                    0x00fbec8a
                                    0x00fbec71

                                    Strings
                                    • HEAP: , xrefs: 010042AF
                                    • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 010042BA
                                    • HEAP[%wZ]: , xrefs: 010042A2
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                    • API String ID: 0-1596344177
                                    • Opcode ID: 36a09020b6b852a83a3ce97ef8da28b6e9c6160303b3f282ff5b9073f4119f18
                                    • Instruction ID: 636cca416075ed19b767c083f00bb3c4fd1b489b1b91e5f588a3e4ca3654ebf9
                                    • Opcode Fuzzy Hash: 36a09020b6b852a83a3ce97ef8da28b6e9c6160303b3f282ff5b9073f4119f18
                                    • Instruction Fuzzy Hash: 7A51CB71A00515DFDB14DF59C584BEABBB1FF84310F2581A9E8099B242C731AC42EF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FBB8E4 Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 60%
                                    			E00FBB8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x1088748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E00F9B150();
						} else {
							E00F9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E00F9B150();
						__eflags =  *0x1087bc8;
						if(__eflags == 0) {
							E01052073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E00FBAB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                    0x00fbb8f0
                                    0x00fbb8f2
                                    0x00fbb8f4
                                    0x01002c4e
                                    0x01002c50
                                    0x01002c56
                                    0x01002c5c
                                    0x01002c60
                                    0x01002c7f
                                    0x01002c84
                                    0x01002c62
                                    0x01002c77
                                    0x01002c7c
                                    0x01002c8a
                                    0x01002c8f
                                    0x01002c94
                                    0x01002c9c
                                    0x01002ca5
                                    0x01002ca5
                                    0x01002c9c
                                    0x01002c50
                                    0x00fbb8fa
                                    0x00fbb902
                                    0x00fbb921
                                    0x00fbb921
                                    0x00fbb924
                                    0x00fbb924
                                    0x00fbb927
                                    0x00000000
                                    0x00000000
                                    0x00fbb929
                                    0x00fbb92b
                                    0x00fbb92d
                                    0x00fbb940
                                    0x00000000
                                    0x00fbb940
                                    0x00fbb932
                                    0x00fbb932
                                    0x00000000
                                    0x00fbb932
                                    0x00000000
                                    0x00fbb904
                                    0x00fbb904
                                    0x00fbb90a
                                    0x00fbb90c
                                    0x00fbb916
                                    0x00fbb919
                                    0x00fbb915
                                    0x00fbb915
                                    0x00fbb91b
                                    0x00fbb91b
                                    0x00000000
                                    0x00fbb910

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                    • API String ID: 0-2558761708
                                    • Opcode ID: bd6fd77320e6fbcfd7ffdca062a1e3e5ef5d059855b4bff6f82f1d0c7ed9593a
                                    • Instruction ID: d5532002d26315c0be61fb985d807caa14c953b2a36868accd7450d3512eecbf
                                    • Opcode Fuzzy Hash: bd6fd77320e6fbcfd7ffdca062a1e3e5ef5d059855b4bff6f82f1d0c7ed9593a
                                    • Instruction Fuzzy Hash: 6411E6317085019FEB29D716C495FBAB3A5EF40B21F24806AF18ACB291DBB4D881FF41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0102FF10 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44timeCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0102FF60
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: DebugPrintTimes
                                    • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                    • API String ID: 3446177414-1911121157
                                    • Opcode ID: aeccef8a8dbb2af50b4ffc44e588b995f6f138eb1e392972723bd3ab46ee17a5
                                    • Instruction ID: f237b83c26e8a8729d01ccbafa29725e9e263739422aeec8e3518ac1d5246a86
                                    • Opcode Fuzzy Hash: aeccef8a8dbb2af50b4ffc44e588b995f6f138eb1e392972723bd3ab46ee17a5
                                    • Instruction Fuzzy Hash: A411E171910194EFEBA2EB54CD49F98BBB1BF08704F148084F6885B5A1C73D9940DB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0105E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 60%
                                    			E0105E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0105BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0105BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0105AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E00FD9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0105A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0105A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E00FD9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0105A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0105A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E00FB2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E00FAB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E00FAFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E00FB7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0104FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                    0x0105e547
                                    0x0105e549
                                    0x0105e54f
                                    0x0105e553
                                    0x0105e557
                                    0x0105e55a
                                    0x0105e55c
                                    0x0105e55f
                                    0x0105e561
                                    0x0105e567
                                    0x0105e56b
                                    0x0105e7e2
                                    0x00000000
                                    0x0105e571
                                    0x0105e575
                                    0x0105e577
                                    0x0105e57b
                                    0x0105e57c
                                    0x0105e57d
                                    0x0105e57e
                                    0x0105e57f
                                    0x0105e588
                                    0x0105e58f
                                    0x0105e591
                                    0x0105e592
                                    0x0105e592
                                    0x0105e596
                                    0x0105e59e
                                    0x0105e5a0
                                    0x0105e5a6
                                    0x0105e61d
                                    0x0105e61d
                                    0x0105e621
                                    0x0105e623
                                    0x0105e630
                                    0x0105e630
                                    0x0105e7e6
                                    0x0105e7eb
                                    0x0105e7ed
                                    0x0105e7f4
                                    0x0105e7fa
                                    0x0105e7ff
                                    0x0105e7ff
                                    0x0105e80a
                                    0x0105e812
                                    0x0105e812
                                    0x0105e5ab
                                    0x0105e5b4
                                    0x0105e5b9
                                    0x0105e5be
                                    0x0105e5c0
                                    0x0105e5c2
                                    0x0105e5c8
                                    0x0105e5c9
                                    0x0105e5cb
                                    0x0105e5cc
                                    0x0105e5d5
                                    0x0105e5e4
                                    0x0105e5f1
                                    0x0105e5f8
                                    0x0105e5f8
                                    0x0105e5d5
                                    0x0105e602
                                    0x0105e616
                                    0x0105e63d
                                    0x0105e644
                                    0x0105e64d
                                    0x0105e652
                                    0x0105e657
                                    0x0105e659
                                    0x0105e65b
                                    0x0105e661
                                    0x0105e662
                                    0x0105e664
                                    0x0105e665
                                    0x0105e66e
                                    0x0105e67d
                                    0x0105e68a
                                    0x0105e691
                                    0x0105e691
                                    0x0105e66e
                                    0x0105e6b0
                                    0x00000000
                                    0x0105e6b6
                                    0x0105e6bd
                                    0x0105e6c7
                                    0x0105e6d7
                                    0x0105e6d9
                                    0x0105e6db
                                    0x0105e6de
                                    0x0105e6e3
                                    0x0105e6f3
                                    0x0105e6fc
                                    0x0105e700
                                    0x0105e700
                                    0x0105e704
                                    0x0105e70a
                                    0x0105e70a
                                    0x0105e713
                                    0x0105e716
                                    0x0105e719
                                    0x0105e720
                                    0x0105e761
                                    0x0105e76b
                                    0x0105e774
                                    0x0105e77a
                                    0x0105e77a
                                    0x0105e78a
                                    0x0105e791
                                    0x0105e799
                                    0x0105e79b
                                    0x0105e79f
                                    0x0105e7aa
                                    0x0105e7c0
                                    0x0105e7ac
                                    0x0105e7b2
                                    0x0105e7b9
                                    0x0105e7b9
                                    0x0105e7c7
                                    0x0105e806
                                    0x00000000
                                    0x0105e7c9
                                    0x0105e7d1
                                    0x0105e7d8
                                    0x00000000
                                    0x0105e7d8
                                    0x00000000
                                    0x00000000
                                    0x0105e722
                                    0x0105e72e
                                    0x0105e748
                                    0x0105e74c
                                    0x0105e754
                                    0x0105e756
                                    0x0105e75c
                                    0x0105e75c
                                    0x00000000
                                    0x0105e75c
                                    0x0105e758
                                    0x0105e758
                                    0x00000000
                                    0x0105e758
                                    0x0105e750
                                    0x00000000
                                    0x00000000
                                    0x0105e752
                                    0x00000000
                                    0x0105e752
                                    0x0105e730
                                    0x0105e735
                                    0x0105e73d
                                    0x0105e73f
                                    0x00000000
                                    0x00000000
                                    0x0105e741
                                    0x0105e741
                                    0x00000000
                                    0x0105e741
                                    0x0105e739
                                    0x00000000
                                    0x00000000
                                    0x0105e73b
                                    0x00000000
                                    0x0105e73b
                                    0x0105e722
                                    0x0105e720
                                    0x0105e6b0
                                    0x0105e618
                                    0x00000000
                                    0x0105e618

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: `$`
                                    • API String ID: 0-197956300
                                    • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                    • Instruction ID: 9e435d3d00e130f1c7aa39a58fb56c68211a5d20565021b3e6a9771bb93d98bd
                                    • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                    • Instruction Fuzzy Hash: 6D91E1312043429FE7A0CE29C840B6BBBE5BF88714F14896DFAD5CB280E774EA04CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 010151BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 77%
                                    			E010151BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x10705f0);
				E00FED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E00FAEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E010153CA(0);
						return E00FED130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E00FDF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E00FB3690(1, _t117, 0xf71810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E00FDAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L00FB4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E00FDAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0101500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E00FD9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                    0x010151be
                                    0x010151c3
                                    0x010151c8
                                    0x010151cd
                                    0x010151d0
                                    0x010151d3
                                    0x010151d8
                                    0x010151db
                                    0x010151de
                                    0x010151e0
                                    0x010151e3
                                    0x010151e6
                                    0x010151e8
                                    0x01015342
                                    0x01015351
                                    0x01015356
                                    0x0101535a
                                    0x01015360
                                    0x01015363
                                    0x01015366
                                    0x01015369
                                    0x01015369
                                    0x0101536b
                                    0x0101536b
                                    0x01015370
                                    0x010153a3
                                    0x010153a4
                                    0x010153a6
                                    0x010153ab
                                    0x010153ab
                                    0x010153ae
                                    0x010153ae
                                    0x010153b5
                                    0x010153bf
                                    0x010153bf
                                    0x01015375
                                    0x01015396
                                    0x010153a0
                                    0x010153a0
                                    0x00000000
                                    0x01015396
                                    0x01015377
                                    0x01015379
                                    0x0101537f
                                    0x0101538c
                                    0x01015390
                                    0x00000000
                                    0x01015390
                                    0x010151ee
                                    0x010151f1
                                    0x01015301
                                    0x01015310
                                    0x01015315
                                    0x01015318
                                    0x0101531b
                                    0x01015320
                                    0x0101532e
                                    0x01015331
                                    0x00000000
                                    0x01015331
                                    0x01015328
                                    0x01015329
                                    0x00000000
                                    0x01015329
                                    0x010151fa
                                    0x01015235
                                    0x01015236
                                    0x01015239
                                    0x0101523f
                                    0x01015240
                                    0x01015241
                                    0x01015242
                                    0x01015246
                                    0x01015247
                                    0x0101524e
                                    0x01015251
                                    0x01015267
                                    0x01015269
                                    0x0101526e
                                    0x0101527d
                                    0x0101527e
                                    0x01015281
                                    0x01015282
                                    0x01015287
                                    0x01015288
                                    0x0101528a
                                    0x0101528f
                                    0x01015294
                                    0x00000000
                                    0x00000000
                                    0x0101529a
                                    0x0101529c
                                    0x0101529e
                                    0x0101529e
                                    0x010152a4
                                    0x010152b0
                                    0x00000000
                                    0x00000000
                                    0x010152ba
                                    0x010152bc
                                    0x010152bc
                                    0x010152d4
                                    0x010152d9
                                    0x010152dc
                                    0x010152e1
                                    0x00000000
                                    0x00000000
                                    0x010152e7
                                    0x010152f4
                                    0x00000000
                                    0x010152f4
                                    0x01015270
                                    0x00000000
                                    0x01015270
                                    0x010151fc
                                    0x010151fd
                                    0x01015202
                                    0x01015203
                                    0x01015205
                                    0x0101520a
                                    0x0101520f
                                    0x00000000
                                    0x00000000
                                    0x0101521b
                                    0x01015226
                                    0x0101522b
                                    0x0101521d
                                    0x0101521d
                                    0x01015222
                                    0x01015222
                                    0x0101522d
                                    0x00000000

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID: Legacy$UEFI
                                    • API String ID: 2994545307-634100481
                                    • Opcode ID: 100f0b9fb15d5a134e4a9ac2ea605c889ca9f8d2f909da035fe7ad1144e60a7b
                                    • Instruction ID: 36985b508c63ed34791bc96c0e4b41f22077d622f04af178b098ae7c99f1e495
                                    • Opcode Fuzzy Hash: 100f0b9fb15d5a134e4a9ac2ea605c889ca9f8d2f909da035fe7ad1144e60a7b
                                    • Instruction Fuzzy Hash: 24517C71E006099FDB24DFA8CC40AADBBF9FB89700F14806EE689EB255D7759901CB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FAD5E0 Relevance: 1.9, APIs: 1, Instructions: 353timeCOMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 87%
                                    			E00FAD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				intOrPtr _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				intOrPtr _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x108d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E00FA6600(0x10852d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1087b9c; // 0x0
							_t281 = L00FB4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E00FDF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1087b90; // 0x77460000
								if(_t384 == 0) {
									_t353 =  *0x1087b8c; // 0xb32a10
									_v176 = _t353;
									_t63 = _t353 + 0x50; // 0xb32ac0
									_t64 =  *_t63 + 0x20; // 0x9
									_t320 =  *_t64;
									_v184 = _t320;
								} else {
									E00FB2280(_t200, 0x10884d8);
									_t277 =  *0x10885f4; // 0xb32f00
									_t351 =  *0x10885f8 & 1;
									while(_t277 != 0) {
										_t21 = _t277 - 0x50; // 0x761a0000
										_t337 =  *_t21;
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t23 = _t277 - 0x18; // 0xb32f48
													_t340 =  *_t23;
													_t24 = _t277 - 0x68; // 0xb32e98
													_t353 = _t24;
													_v176 = _t353;
													__eflags =  *((intOrPtr*)(_t340 + 0xc)) - 0xffffffff;
													if( *((intOrPtr*)(_t340 + 0xc)) != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t30 = _t353 + 0x50; // 0xb32f48
															_t340 =  *_t30;
														}
													}
													_t31 = _t340 + 0x20; // 0x9
													_v184 =  *_t31;
												}
											} else {
												_t22 = _t277 + 4; // 0xb34140
												_t339 =  *_t22;
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E00FAFFB0(_t287, _t353, 0x10884d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E00FECC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E00FA6600(0x10852d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E00FA7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x108b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0101E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1088472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x108b218; // 0x0
														asm("ror edi, cl");
														 *0x108b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E00FB2280(_t250, 0x10884d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L00FD3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E00FAFFB0(_t293, _t353, 0x10884d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E00FD37F5(_t353, 0);
																}
																E00FD0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E00FC9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E00FC02D6(_t174);
																}
																L00FB77F0( *0x1087b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E00FCC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L00FAEC7F(_t353);
										L00FC19B8(_t287, 0, _t353, 0);
										_t200 = E00F9F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E00FDB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x108b2f8; // 0x0
									if((_t206 |  *0x108b2fc) == 0 || ( *0x108b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x108b2ec; // 0x0
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E01046B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E01046AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E00FAE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L00FAEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E00FD9730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E00FAE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L00FA8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E00FD3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                    0x00fad5f2
                                    0x00fad5f5
                                    0x00fad5f5
                                    0x00fad5fd
                                    0x00fad600
                                    0x00fad60a
                                    0x00fad60d
                                    0x00fad617
                                    0x00fad61d
                                    0x00fad627
                                    0x00fad62e
                                    0x00fad911
                                    0x00fad913
                                    0x00000000
                                    0x00fad919
                                    0x00fad919
                                    0x00fad919
                                    0x00fad634
                                    0x00fad634
                                    0x00fad634
                                    0x00fad634
                                    0x00fad640
                                    0x00fad8bf
                                    0x00000000
                                    0x00fad646
                                    0x00fad646
                                    0x00fad64d
                                    0x00fad652
                                    0x00ffb2fc
                                    0x00ffb2fc
                                    0x00ffb302
                                    0x00ffb33b
                                    0x00ffb341
                                    0x00000000
                                    0x00ffb304
                                    0x00ffb304
                                    0x00ffb319
                                    0x00ffb31e
                                    0x00ffb324
                                    0x00ffb326
                                    0x00ffb332
                                    0x00ffb347
                                    0x00ffb34c
                                    0x00ffb351
                                    0x00ffb35a
                                    0x00000000
                                    0x00ffb328
                                    0x00ffb328
                                    0x00000000
                                    0x00ffb328
                                    0x00ffb326
                                    0x00fad658
                                    0x00fad658
                                    0x00fad65b
                                    0x00fad665
                                    0x00000000
                                    0x00fad66b
                                    0x00fad66b
                                    0x00fad66b
                                    0x00fad66b
                                    0x00fad66d
                                    0x00fad672
                                    0x00fad67a
                                    0x00000000
                                    0x00000000
                                    0x00fad680
                                    0x00fad686
                                    0x00fad8ce
                                    0x00fad8d4
                                    0x00fad8da
                                    0x00fad8dd
                                    0x00fad8dd
                                    0x00fad8e0
                                    0x00fad68c
                                    0x00fad691
                                    0x00fad69d
                                    0x00fad6a2
                                    0x00fad6a7
                                    0x00fad6b0
                                    0x00fad6b0
                                    0x00fad6b5
                                    0x00fad6e0
                                    0x00fad6b7
                                    0x00fad6b7
                                    0x00fad6b9
                                    0x00fad6b9
                                    0x00fad6bb
                                    0x00fad6bd
                                    0x00fad6ce
                                    0x00fad6d0
                                    0x00fad6d2
                                    0x00ffb363
                                    0x00ffb365
                                    0x00000000
                                    0x00ffb36b
                                    0x00000000
                                    0x00ffb36b
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fad6bf
                                    0x00fad6bf
                                    0x00fad6e5
                                    0x00fad6e7
                                    0x00fad6e9
                                    0x00fad6e9
                                    0x00fad6ec
                                    0x00fad6ec
                                    0x00fad6ef
                                    0x00fad6f5
                                    0x00fad6f9
                                    0x00fad6fb
                                    0x00fad6fd
                                    0x00fad701
                                    0x00fad703
                                    0x00fad70a
                                    0x00fad70a
                                    0x00fad70a
                                    0x00fad701
                                    0x00fad70d
                                    0x00fad710
                                    0x00fad710
                                    0x00fad6c1
                                    0x00fad6c1
                                    0x00fad6c1
                                    0x00fad6c6
                                    0x00ffb36d
                                    0x00ffb36f
                                    0x00000000
                                    0x00ffb375
                                    0x00ffb375
                                    0x00ffb375
                                    0x00000000
                                    0x00ffb375
                                    0x00000000
                                    0x00fad6cc
                                    0x00fad6d8
                                    0x00fad6d8
                                    0x00fad6d8
                                    0x00000000
                                    0x00fad6c6
                                    0x00fad6bf
                                    0x00000000
                                    0x00fad6da
                                    0x00fad6da
                                    0x00fad716
                                    0x00fad71b
                                    0x00fad720
                                    0x00fad726
                                    0x00fad726
                                    0x00fad72d
                                    0x00000000
                                    0x00fad733
                                    0x00fad739
                                    0x00fad742
                                    0x00fad750
                                    0x00fad758
                                    0x00fad764
                                    0x00fad776
                                    0x00fad77a
                                    0x00fad783
                                    0x00fad928
                                    0x00fad92c
                                    0x00fad93d
                                    0x00fad944
                                    0x00fad94f
                                    0x00fad954
                                    0x00fad956
                                    0x00fad95f
                                    0x00fad961
                                    0x00fad973
                                    0x00fad973
                                    0x00fad956
                                    0x00fad944
                                    0x00fad92c
                                    0x00fad78b
                                    0x00ffb394
                                    0x00fad791
                                    0x00fad798
                                    0x00ffb3a3
                                    0x00ffb3bb
                                    0x00ffb3bb
                                    0x00fad7a5
                                    0x00fad866
                                    0x00fad870
                                    0x00fad884
                                    0x00fad892
                                    0x00fad898
                                    0x00fad89e
                                    0x00fad8a0
                                    0x00fad8a6
                                    0x00fad8ac
                                    0x00fad8ae
                                    0x00fad8b4
                                    0x00fad8b4
                                    0x00fad8ae
                                    0x00fad7a5
                                    0x00fad78b
                                    0x00fad7b1
                                    0x00ffb3c5
                                    0x00ffb3c5
                                    0x00fad7c3
                                    0x00fad7ca
                                    0x00fad7e5
                                    0x00fad7eb
                                    0x00fad8eb
                                    0x00fad8ed
                                    0x00000000
                                    0x00fad8f3
                                    0x00fad8f3
                                    0x00fad8f3
                                    0x00000000
                                    0x00fad8ed
                                    0x00fad7cc
                                    0x00fad7cc
                                    0x00fad7d2
                                    0x00000000
                                    0x00fad7d4
                                    0x00fad7d4
                                    0x00fad7d7
                                    0x00fad7df
                                    0x00ffb3d4
                                    0x00ffb3d9
                                    0x00ffb3dc
                                    0x00ffb3dc
                                    0x00ffb3df
                                    0x00ffb3e2
                                    0x00ffb468
                                    0x00ffb46d
                                    0x00ffb46f
                                    0x00ffb46f
                                    0x00ffb475
                                    0x00fad8f8
                                    0x00fad8f9
                                    0x00fad8fd
                                    0x00ffb3e8
                                    0x00ffb3e8
                                    0x00ffb3eb
                                    0x00ffb3ed
                                    0x00000000
                                    0x00ffb3ef
                                    0x00ffb3ef
                                    0x00ffb3f1
                                    0x00ffb3f4
                                    0x00ffb3fe
                                    0x00ffb404
                                    0x00ffb409
                                    0x00ffb40e
                                    0x00ffb410
                                    0x00ffb410
                                    0x00ffb414
                                    0x00ffb414
                                    0x00ffb41b
                                    0x00ffb420
                                    0x00ffb423
                                    0x00ffb425
                                    0x00ffb427
                                    0x00ffb42a
                                    0x00ffb42d
                                    0x00ffb42d
                                    0x00ffb42a
                                    0x00ffb432
                                    0x00ffb436
                                    0x00ffb438
                                    0x00ffb43b
                                    0x00ffb43b
                                    0x00ffb449
                                    0x00ffb44e
                                    0x00ffb454
                                    0x00ffb458
                                    0x00ffb458
                                    0x00ffb45d
                                    0x00000000
                                    0x00ffb45d
                                    0x00ffb3ed
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fad7df
                                    0x00fad7d2
                                    0x00fad7ca
                                    0x00ffb37c
                                    0x00ffb37e
                                    0x00ffb385
                                    0x00ffb38a
                                    0x00000000
                                    0x00ffb38a
                                    0x00fad742
                                    0x00fad7f1
                                    0x00fad7f8
                                    0x00ffb49b
                                    0x00ffb49b
                                    0x00fad800
                                    0x00fad837
                                    0x00fad843
                                    0x00fad845
                                    0x00fad847
                                    0x00fad84a
                                    0x00fad84b
                                    0x00fad84e
                                    0x00fad857
                                    0x00fad802
                                    0x00fad802
                                    0x00fad80d
                                    0x00000000
                                    0x00fad818
                                    0x00fad818
                                    0x00fad824
                                    0x00fad831
                                    0x00ffb4a5
                                    0x00ffb4ab
                                    0x00ffb4b3
                                    0x00ffb4b8
                                    0x00ffb4bb
                                    0x00000000
                                    0x00ffb4c1
                                    0x00ffb4c1
                                    0x00ffb4c8
                                    0x00000000
                                    0x00ffb4ce
                                    0x00ffb4d4
                                    0x00ffb4e1
                                    0x00ffb4e3
                                    0x00ffb4e5
                                    0x00000000
                                    0x00ffb4eb
                                    0x00ffb4f0
                                    0x00ffb4f2
                                    0x00fadac9
                                    0x00fadacc
                                    0x00fadacf
                                    0x00fadad1
                                    0x00fadd78
                                    0x00fadd78
                                    0x00fadcf2
                                    0x00000000
                                    0x00fadad7
                                    0x00fadad9
                                    0x00fadadb
                                    0x00000000
                                    0x00000000
                                    0x00fadae1
                                    0x00fadae1
                                    0x00fadae4
                                    0x00fadae6
                                    0x00ffb4f9
                                    0x00ffb4f9
                                    0x00ffb500
                                    0x00fadaec
                                    0x00fadaec
                                    0x00fadaf5
                                    0x00fadaf8
                                    0x00fadafb
                                    0x00fadb03
                                    0x00fadb11
                                    0x00fadb16
                                    0x00fadb19
                                    0x00fadb1b
                                    0x00ffb52c
                                    0x00ffb531
                                    0x00ffb534
                                    0x00fadb21
                                    0x00fadb21
                                    0x00fadb24
                                    0x00fadcd9
                                    0x00fadce2
                                    0x00fadce5
                                    0x00fadd6a
                                    0x00fadd6d
                                    0x00000000
                                    0x00fadd73
                                    0x00ffb51a
                                    0x00ffb51c
                                    0x00ffb51f
                                    0x00ffb524
                                    0x00000000
                                    0x00ffb524
                                    0x00fadce7
                                    0x00fadce7
                                    0x00fadce7
                                    0x00000000
                                    0x00fadce7
                                    0x00000000
                                    0x00fadb2a
                                    0x00fadb2c
                                    0x00fadb31
                                    0x00fadb33
                                    0x00fadb36
                                    0x00fadb39
                                    0x00fadb3b
                                    0x00fadb66
                                    0x00fadb66
                                    0x00fadb3d
                                    0x00fadb3d
                                    0x00fadb3e
                                    0x00fadb46
                                    0x00fadb47
                                    0x00fadb49
                                    0x00fadb4c
                                    0x00fadb53
                                    0x00fadb55
                                    0x00fadb58
                                    0x00fadb5a
                                    0x00ffb50a
                                    0x00ffb50f
                                    0x00ffb512
                                    0x00fadb60
                                    0x00fadb60
                                    0x00fadb63
                                    0x00fadb63
                                    0x00000000
                                    0x00fadb63
                                    0x00fadb5a
                                    0x00fadb3b
                                    0x00fadb24
                                    0x00fadb69
                                    0x00fadb69
                                    0x00fadb6c
                                    0x00fadb6f
                                    0x00fadb74
                                    0x00ffb557
                                    0x00ffb557
                                    0x00ffb55e
                                    0x00fadb7a
                                    0x00fadb7c
                                    0x00fadb7f
                                    0x00fadb82
                                    0x00fadb85
                                    0x00000000
                                    0x00fadb8b
                                    0x00fadb8b
                                    0x00fadb8d
                                    0x00fadb9b
                                    0x00fadb9b
                                    0x00fadb9d
                                    0x00fadba0
                                    0x00fadba2
                                    0x00fadba4
                                    0x00fadba7
                                    0x00fadba9
                                    0x00fadbae
                                    0x00fadbae
                                    0x00fadbb1
                                    0x00fadbb4
                                    0x00fadbb4
                                    0x00fadbb7
                                    0x00fadbba
                                    0x00fadcd2
                                    0x00fadcd4
                                    0x00000000
                                    0x00fadbc0
                                    0x00fadbc0
                                    0x00fadbd2
                                    0x00fadbd7
                                    0x00fadbda
                                    0x00fadbdd
                                    0x00fadbdf
                                    0x00000000
                                    0x00fadbe5
                                    0x00fadbe5
                                    0x00fadbee
                                    0x00fadbf1
                                    0x00ffb541
                                    0x00ffb544
                                    0x00000000
                                    0x00ffb546
                                    0x00ffb546
                                    0x00000000
                                    0x00ffb546
                                    0x00fadbf7
                                    0x00fadbf7
                                    0x00fadbfd
                                    0x00fadbfd
                                    0x00fadbff
                                    0x00fadc0b
                                    0x00fadc15
                                    0x00fadc1b
                                    0x00fadc1d
                                    0x00fadc21
                                    0x00fadc21
                                    0x00fadc23
                                    0x00fadc23
                                    0x00fadc26
                                    0x00fadc29
                                    0x00fadc2b
                                    0x00000000
                                    0x00000000
                                    0x00fadc31
                                    0x00fadc34
                                    0x00fadc36
                                    0x00fadcbf
                                    0x00fadcbf
                                    0x00fadcc2
                                    0x00000000
                                    0x00fadc3c
                                    0x00fadc41
                                    0x00fadc43
                                    0x00000000
                                    0x00fadc45
                                    0x00fadc45
                                    0x00fadc47
                                    0x00000000
                                    0x00fadc4d
                                    0x00fadc4d
                                    0x00fadc50
                                    0x00fadc52
                                    0x00fadc55
                                    0x00fadcfa
                                    0x00fadcfe
                                    0x00fadd08
                                    0x00fadd0a
                                    0x00fadd0c
                                    0x00000000
                                    0x00fadd12
                                    0x00fadd15
                                    0x00fadd2d
                                    0x00fadd2f
                                    0x00fadd32
                                    0x00fadd35
                                    0x00000000
                                    0x00fadd35
                                    0x00fadc5b
                                    0x00fadc5b
                                    0x00fadc5e
                                    0x00fadc61
                                    0x00fadc64
                                    0x00fadc67
                                    0x00fadc67
                                    0x00fadc6a
                                    0x00fadc6c
                                    0x00fadc8e
                                    0x00fadc8e
                                    0x00fadc91
                                    0x00fadc93
                                    0x00fadcce
                                    0x00fadcce
                                    0x00fadc95
                                    0x00fadc9c
                                    0x00fadc6e
                                    0x00fadc72
                                    0x00fadc75
                                    0x00fadc77
                                    0x00fadc79
                                    0x00ffb551
                                    0x00ffb551
                                    0x00000000
                                    0x00fadc7f
                                    0x00fadc7f
                                    0x00fadc81
                                    0x00000000
                                    0x00fadc83
                                    0x00fadc86
                                    0x00fadc88
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fadc88
                                    0x00fadc81
                                    0x00fadc79
                                    0x00fadc6c
                                    0x00fadc55
                                    0x00fadc47
                                    0x00fadc43
                                    0x00000000
                                    0x00fadc36
                                    0x00fadc23
                                    0x00000000
                                    0x00fadbff
                                    0x00fadbf1
                                    0x00fadbdf
                                    0x00fadb8f
                                    0x00fadb92
                                    0x00fadb95
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fadb95
                                    0x00fadb8d
                                    0x00fadb85
                                    0x00fadb74
                                    0x00fadc9f
                                    0x00fadca2
                                    0x00fadcb0
                                    0x00fadcb0
                                    0x00fadad1
                                    0x00ffb4e5
                                    0x00ffb4c8
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fad831
                                    0x00fad80d
                                    0x00000000
                                    0x00fad800
                                    0x00ffb47f
                                    0x00ffb485
                                    0x00000000
                                    0x00ffb485
                                    0x00fad665
                                    0x00fad652
                                    0x00000000

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: DebugPrintTimes
                                    • String ID:
                                    • API String ID: 3446177414-0
                                    • Opcode ID: 404baa1a33f8f854349dc745b4fcf437687bc64520f75a623e89614d30148484
                                    • Instruction ID: 8ab7f93f0b920ba3008fc3eef723e74dd93c9a2b058c2999aadfb5953d04a25c
                                    • Opcode Fuzzy Hash: 404baa1a33f8f854349dc745b4fcf437687bc64520f75a623e89614d30148484
                                    • Instruction Fuzzy Hash: 89E102B1A04319CFDB34CF18C940BB9B7B2BF46314F1401A9E94A9B691DB38AD80EB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC513A Relevance: 1.8, APIs: 1, Instructions: 258timeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 67%
                                    			E00FC513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x108d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E00FDD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E00FB2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L00FB4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E00FDF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E00FAFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x108b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E00FDB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                    0x00fc5142
                                    0x00fc514c
                                    0x00fc5150
                                    0x00fc5157
                                    0x00fc5159
                                    0x00fc515e
                                    0x00fc5165
                                    0x00fc5169
                                    0x00fc516c
                                    0x00fc5172
                                    0x00fc5176
                                    0x00fc517a
                                    0x00fc517a
                                    0x00fc517a
                                    0x00fc517f
                                    0x01006d8b
                                    0x01006d8e
                                    0x01006d91
                                    0x01006d95
                                    0x01006d98
                                    0x01006d9c
                                    0x01006da0
                                    0x01006da3
                                    0x01006da7
                                    0x01006e26
                                    0x01006e26
                                    0x01006e2a
                                    0x00fc51f9
                                    0x00fc51f9
                                    0x00fc51fe
                                    0x01006e33
                                    0x01006e33
                                    0x01006e39
                                    0x01006e3d
                                    0x01006e46
                                    0x01006e50
                                    0x00000000
                                    0x00000000
                                    0x01006e52
                                    0x01006e53
                                    0x01006e56
                                    0x01006e5d
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x01006e5f
                                    0x01006e67
                                    0x01006e77
                                    0x01006e7f
                                    0x01006e80
                                    0x01006e88
                                    0x01006e90
                                    0x01006e9f
                                    0x01006ea5
                                    0x01006ea9
                                    0x01006eb1
                                    0x01006ebf
                                    0x00000000
                                    0x00000000
                                    0x01006ecf
                                    0x01006ed3
                                    0x00000000
                                    0x00000000
                                    0x01006edb
                                    0x01006ede
                                    0x01006ee1
                                    0x01006ee8
                                    0x01006eeb
                                    0x01006eed
                                    0x01006ef0
                                    0x01006ef4
                                    0x01006ef8
                                    0x01006efc
                                    0x00000000
                                    0x00000000
                                    0x01006f0d
                                    0x01006f11
                                    0x01006f32
                                    0x01006f37
                                    0x01006f3b
                                    0x01006f3e
                                    0x01006f41
                                    0x01006f46
                                    0x00000000
                                    0x00000000
                                    0x01006f4c
                                    0x01006f50
                                    0x01006f50
                                    0x01006f54
                                    0x01006f62
                                    0x01006f65
                                    0x01006f6d
                                    0x01006f7b
                                    0x01006f7b
                                    0x01006f93
                                    0x01006f98
                                    0x01006fa0
                                    0x01006fa6
                                    0x01006fb3
                                    0x01006fb6
                                    0x01006fbf
                                    0x01006fc1
                                    0x01006fd5
                                    0x01006fda
                                    0x01006fda
                                    0x01006fdd
                                    0x01006fe2
                                    0x01006fe7
                                    0x01006feb
                                    0x01006fef
                                    0x01006ff3
                                    0x00fc520c
                                    0x00fc520c
                                    0x00fc520f
                                    0x00fc5215
                                    0x00fc5234
                                    0x00fc523a
                                    0x00fc523a
                                    0x00fc5244
                                    0x00fc5245
                                    0x00fc5246
                                    0x00fc5251
                                    0x00fc5251
                                    0x01006f13
                                    0x01006f17
                                    0x01006f17
                                    0x01006f18
                                    0x01006f1b
                                    0x01006f1f
                                    0x01006f23
                                    0x00000000
                                    0x01006f28
                                    0x00fc5204
                                    0x00fc5204
                                    0x00fc5208
                                    0x00000000
                                    0x00fc5208
                                    0x00fc5185
                                    0x00fc5188
                                    0x00fc518a
                                    0x00fc518e
                                    0x00fc5195
                                    0x01006db1
                                    0x01006db5
                                    0x01006db9
                                    0x00fc519b
                                    0x00fc519b
                                    0x00fc519e
                                    0x00fc51a7
                                    0x00fc51a9
                                    0x00fc51a9
                                    0x00fc51b5
                                    0x00fc51b8
                                    0x00fc51bb
                                    0x00fc51be
                                    0x00fc51c1
                                    0x00fc51c5
                                    0x00fc51c9
                                    0x00fc51cd
                                    0x00fc51cd
                                    0x00fc51d8
                                    0x00fc51dc
                                    0x00fc51e0
                                    0x01006dcc
                                    0x01006dd0
                                    0x01006dd5
                                    0x01006ddd
                                    0x01006de1
                                    0x01006de1
                                    0x01006de5
                                    0x01006deb
                                    0x01006df1
                                    0x01006df7
                                    0x01006dfd
                                    0x01006e01
                                    0x01006e05
                                    0x01006e09
                                    0x01006e0d
                                    0x01006e11
                                    0x01006e11
                                    0x00fc51eb
                                    0x01006e1a
                                    0x01006e1f
                                    0x01006e21
                                    0x01006e23
                                    0x00000000
                                    0x00fc51f1
                                    0x00fc51f1
                                    0x00000000
                                    0x00fc51f1

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: DebugPrintTimes
                                    • String ID:
                                    • API String ID: 3446177414-0
                                    • Opcode ID: a6d93737b574611ab1fd827e4297011210605304c4877ab920d4ef9381aa568a
                                    • Instruction ID: fec882ce6bd8646d6298c5b64460008ff309e16e731201bba38f0dd35d98deda
                                    • Opcode Fuzzy Hash: a6d93737b574611ab1fd827e4297011210605304c4877ab920d4ef9381aa568a
                                    • Instruction Fuzzy Hash: EDC134755083818FD355CF28C580A5AFBE2BF88304F18496EF9D98B392D775E885CB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC03E2 Relevance: 1.8, APIs: 1, Instructions: 254COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 74%
                                    			E00FC03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x108d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E00FC0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E00FDB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E00FAB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1087c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E00FB7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E00FB7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E01017016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E00FD9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E010169A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1087c04 != 0) {
						_t118 = _v12;
						_t120 = E0101A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1087bd8;
						if( *0x1087bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E00FD95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E00FD99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E01013540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E00F9B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E00FDAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1088474 - 3;
										if( *0x1088474 != 3) {
											 *0x10879dc =  *0x10879dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E00FB7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E00FB7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E01017016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1088708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1087b00; // 0x0
							asm("ror esi, cl");
							 *0x108b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E00FD95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E00FA7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                    0x00fc03f1
                                    0x00fc03f7
                                    0x00fc03f9
                                    0x00fc03fb
                                    0x00fc03fd
                                    0x00fc0400
                                    0x00fc040a
                                    0x01004c7a
                                    0x00fc0537
                                    0x00fc0547
                                    0x00fc0410
                                    0x00fc0410
                                    0x00fc0414
                                    0x00fc0417
                                    0x00fc041a
                                    0x00fc0421
                                    0x00fc0424
                                    0x00fc042b
                                    0x00fc043b
                                    0x00fc043e
                                    0x00fc043f
                                    0x00fc043f
                                    0x00fc0446
                                    0x00fc0449
                                    0x00fc044c
                                    0x00fc044f
                                    0x00fc0459
                                    0x01004c8d
                                    0x00fc045f
                                    0x00fc045f
                                    0x00fc045f
                                    0x00fc0467
                                    0x01004c97
                                    0x01004c9d
                                    0x01004ca4
                                    0x01004caa
                                    0x01004caf
                                    0x01004cb1
                                    0x01004cc3
                                    0x01004cb3
                                    0x01004cbc
                                    0x01004cbc
                                    0x01004cc8
                                    0x01004ccb
                                    0x01004cd7
                                    0x01004cda
                                    0x01004cdf
                                    0x01004cdf
                                    0x01004ccb
                                    0x01004ca4
                                    0x00fc046d
                                    0x00fc046f
                                    0x00fc046f
                                    0x00fc0471
                                    0x00fc0476
                                    0x00fc047a
                                    0x00fc047b
                                    0x00fc0483
                                    0x00fc0489
                                    0x00fc048d
                                    0x00000000
                                    0x00000000
                                    0x01004ce9
                                    0x01004cef
                                    0x01004d22
                                    0x01004d22
                                    0x00000000
                                    0x01004d22
                                    0x01004cf1
                                    0x01004cf7
                                    0x00000000
                                    0x00000000
                                    0x01004cf9
                                    0x01004cff
                                    0x00000000
                                    0x00000000
                                    0x01004d05
                                    0x01004d07
                                    0x00000000
                                    0x00000000
                                    0x01004d0d
                                    0x01004d0f
                                    0x01004d14
                                    0x01004d16
                                    0x00000000
                                    0x00000000
                                    0x01004d1c
                                    0x01004d1c
                                    0x00fc0499
                                    0x00fc0535
                                    0x00fc0535
                                    0x00000000
                                    0x00fc0535
                                    0x00fc04a6
                                    0x01004d2c
                                    0x01004d37
                                    0x01004d39
                                    0x01004d3b
                                    0x00000000
                                    0x00000000
                                    0x01004d41
                                    0x01004d48
                                    0x00fc0527
                                    0x00fc052b
                                    0x00fc052d
                                    0x00fc0530
                                    0x00fc0530
                                    0x00000000
                                    0x00fc052b
                                    0x01004d4e
                                    0x00fc04ac
                                    0x00fc04ac
                                    0x00fc04af
                                    0x00fc04b2
                                    0x00fc04b7
                                    0x00fc04b9
                                    0x00fc04bb
                                    0x00fc04bd
                                    0x00fc04bf
                                    0x00fc04c5
                                    0x00fc04c9
                                    0x01004d53
                                    0x01004d59
                                    0x01004db9
                                    0x01004dba
                                    0x01004dbf
                                    0x01004dc2
                                    0x01004dc4
                                    0x01004dc7
                                    0x01004dce
                                    0x00000000
                                    0x01004dce
                                    0x01004d5b
                                    0x01004d61
                                    0x00000000
                                    0x00000000
                                    0x01004d63
                                    0x01004d69
                                    0x00000000
                                    0x00000000
                                    0x01004d6b
                                    0x01004d6e
                                    0x01004d74
                                    0x01004d76
                                    0x01004d7c
                                    0x01004d7e
                                    0x01004d84
                                    0x01004d89
                                    0x01004d8c
                                    0x01004d8d
                                    0x01004d92
                                    0x01004d95
                                    0x01004d96
                                    0x01004d98
                                    0x01004d9a
                                    0x01004d9f
                                    0x01004da4
                                    0x01004da6
                                    0x01004da8
                                    0x01004daf
                                    0x01004db1
                                    0x01004db1
                                    0x01004daf
                                    0x01004da6
                                    0x01004d84
                                    0x01004d7c
                                    0x00000000
                                    0x01004d74
                                    0x00fc04d6
                                    0x01004de1
                                    0x00fc04dc
                                    0x00fc04dc
                                    0x00fc04dc
                                    0x00fc04e4
                                    0x01004deb
                                    0x01004df1
                                    0x01004df8
                                    0x01004dfe
                                    0x01004e03
                                    0x01004e05
                                    0x01004e17
                                    0x01004e07
                                    0x01004e10
                                    0x01004e10
                                    0x01004e1c
                                    0x01004e1f
                                    0x01004e35
                                    0x01004e35
                                    0x01004e1f
                                    0x01004df8
                                    0x00fc04f1
                                    0x00fc04fa
                                    0x01004e3f
                                    0x01004e47
                                    0x01004e5b
                                    0x01004e61
                                    0x01004e67
                                    0x01004e69
                                    0x01004e71
                                    0x01004e73
                                    0x00fc0500
                                    0x00fc0500
                                    0x00fc0500
                                    0x00fc04fa
                                    0x00fc0508
                                    0x00fc051d
                                    0x00fc051d
                                    0x00fc051f
                                    0x00fc0524
                                    0x00000000
                                    0x00fc0524
                                    0x00fc0515
                                    0x00fc0517
                                    0x01004e7a
                                    0x01004e7c
                                    0x00000000
                                    0x00000000
                                    0x01004e85
                                    0x00000000
                                    0x01004e85
                                    0x00000000
                                    0x00fc0517

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ef61ffcb98d9cb203b8a0b697ed647066f1b055d4f0a2e2d4f4c695072bd5070
                                    • Instruction ID: 6146a4aec5f0b097f9949dddd055ac8c7e50071f577d5cb53afa6f873f25b221
                                    • Opcode Fuzzy Hash: ef61ffcb98d9cb203b8a0b697ed647066f1b055d4f0a2e2d4f4c695072bd5070
                                    • Instruction Fuzzy Hash: 6D912831E04215DBEB229B68CD45FAE7BE4AB01720F190269EB90E72D1DB789D01D785
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F9B171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 78%
                                    			E00F9B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x106f7a8);
				E00FED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E00FED130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E00FDD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E00FDF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											E00FEDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E00FDB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E00FDB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E00FDE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E00FDA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                    0x00f9b171
                                    0x00f9b171
                                    0x00f9b171
                                    0x00f9b171
                                    0x00f9b171
                                    0x00f9b176
                                    0x00f9b17b
                                    0x00f9b180
                                    0x00f9b186
                                    0x00f9b18f
                                    0x00f9b198
                                    0x00f9b1a4
                                    0x00f9b1aa
                                    0x00ff4802
                                    0x00ff4802
                                    0x00ff4805
                                    0x00ff480c
                                    0x00ff480e
                                    0x00f9b1d1
                                    0x00f9b1d3
                                    0x00f9b1de
                                    0x00f9b1de
                                    0x00ff4817
                                    0x00ff481e
                                    0x00ff4820
                                    0x00ff4822
                                    0x00ff4822
                                    0x00ff4824
                                    0x00ff4824
                                    0x00ff482a
                                    0x00000000
                                    0x00000000
                                    0x00ff4835
                                    0x00ff483a
                                    0x00ff483d
                                    0x00ff483f
                                    0x00ff4842
                                    0x00ff4842
                                    0x00ff4842
                                    0x00ff4846
                                    0x00ff484c
                                    0x00ff484e
                                    0x00ff4851
                                    0x00ff4851
                                    0x00ff4853
                                    0x00ff4854
                                    0x00ff4854
                                    0x00ff4858
                                    0x00ff485a
                                    0x00ff485a
                                    0x00ff485d
                                    0x00ff485f
                                    0x00ff4861
                                    0x00ff4861
                                    0x00ff4866
                                    0x00ff486b
                                    0x00ff486e
                                    0x00ff4871
                                    0x00ff4876
                                    0x00ff4876
                                    0x00ff4878
                                    0x00ff487b
                                    0x00ff4884
                                    0x00ff4884
                                    0x00000000
                                    0x00ff487d
                                    0x00ff487d
                                    0x00ff4882
                                    0x00ff4889
                                    0x00ff4889
                                    0x00ff488f
                                    0x00ff4891
                                    0x00ff48e0
                                    0x00ff48e2
                                    0x00ff48e4
                                    0x00ff48e4
                                    0x00ff48e7
                                    0x00ff48e7
                                    0x00ff48ed
                                    0x00ff48f4
                                    0x00ff48f6
                                    0x00ff4951
                                    0x00ff4951
                                    0x00ff4953
                                    0x00ff4953
                                    0x00ff4956
                                    0x00ff4956
                                    0x00ff4958
                                    0x00ff4959
                                    0x00ff4959
                                    0x00ff495d
                                    0x00ff495d
                                    0x00ff495f
                                    0x00ff495f
                                    0x00ff4965
                                    0x00ff4969
                                    0x00ff49ba
                                    0x00ff49ba
                                    0x00ff49c1
                                    0x00ff49c5
                                    0x00ff49cc
                                    0x00ff49d4
                                    0x00ff49d7
                                    0x00ff49da
                                    0x00ff49e4
                                    0x00ff49e5
                                    0x00ff49f3
                                    0x00ff4a02
                                    0x00000000
                                    0x00ff4a02
                                    0x00ff4972
                                    0x00ff4974
                                    0x00000000
                                    0x00000000
                                    0x00ff4976
                                    0x00ff4979
                                    0x00ff4982
                                    0x00ff4983
                                    0x00ff4984
                                    0x00ff498b
                                    0x00ff498d
                                    0x00ff4991
                                    0x00ff4993
                                    0x00ff4999
                                    0x00ff499d
                                    0x00ff49a2
                                    0x00ff49a2
                                    0x00ff49a2
                                    0x00ff4999
                                    0x00ff49ac
                                    0x00000000
                                    0x00ff49b3
                                    0x00ff48f8
                                    0x00ff48fe
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00ff48fe
                                    0x00ff4895
                                    0x00ff489c
                                    0x00ff48ad
                                    0x00ff48b2
                                    0x00ff48b5
                                    0x00ff48b7
                                    0x00ff48ba
                                    0x00ff48bc
                                    0x00ff48c6
                                    0x00ff48c6
                                    0x00ff48cb
                                    0x00ff48d1
                                    0x00ff48d4
                                    0x00ff48d8
                                    0x00ff48d8
                                    0x00000000
                                    0x00ff48d8
                                    0x00ff48be
                                    0x00ff48c0
                                    0x00000000
                                    0x00000000
                                    0x00ff48c2
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00ff48c4
                                    0x00000000
                                    0x00ff4882
                                    0x00ff487b
                                    0x00ff4904
                                    0x00ff4906
                                    0x00000000
                                    0x00000000
                                    0x00ff4908
                                    0x00ff490e
                                    0x00000000
                                    0x00000000
                                    0x00ff4910
                                    0x00ff4917
                                    0x00ff4917
                                    0x00000000
                                    0x00ff4917
                                    0x00f9b1ba
                                    0x00ff47f9
                                    0x00ff47fc
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00ff47fc
                                    0x00f9b1c0
                                    0x00f9b1c0
                                    0x00f9b1c3
                                    0x00f9b1cb
                                    0x00000000
                                    0x00000000
                                    0x00000000

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: _vswprintf_s
                                    • String ID:
                                    • API String ID: 677850445-0
                                    • Opcode ID: d79faffe45ad4e2a4e768deece9a9c62227cd3b7c6efba25f2246084750ed183
                                    • Instruction ID: b9e27777a25f5b4109209195ff0b2833dccd794bd4cdca529e0286463aa7a49a
                                    • Opcode Fuzzy Hash: d79faffe45ad4e2a4e768deece9a9c62227cd3b7c6efba25f2246084750ed183
                                    • Instruction Fuzzy Hash: 6C51CF71E002598ADF31CF648845BBFBBB1BF00720F2441ADE959AB2A1D7746D85EB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FBB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 76%
                                    			E00FBB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x108d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E00FB7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01068CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E00FD9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E00FDB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E00FDCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E00FB7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01068F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E00FDAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1088628; // 0x0
								_v68 = _t77;
								_t78 =  *0x108862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1088628; // 0x0
							_t116 =  *0x108862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                    0x00fbb94c
                                    0x00fbb956
                                    0x00fbb95c
                                    0x00fbb95e
                                    0x00fbb964
                                    0x00fbb969
                                    0x00fbb96d
                                    0x00fbb96d
                                    0x00fbb970
                                    0x00fbb974
                                    0x00fbb97a
                                    0x00fbbadf
                                    0x00fbbadf
                                    0x00fbbae2
                                    0x00fbbae4
                                    0x00fbbae6
                                    0x00fbbaf0
                                    0x01002cb8
                                    0x00fbbaf6
                                    0x00fbbaf6
                                    0x00fbbaf6
                                    0x00fbbafd
                                    0x00fbbb1f
                                    0x00fbbb1f
                                    0x00fbbaff
                                    0x00fbbb00
                                    0x00fbbb00
                                    0x00fbbb03
                                    0x00fbbb03
                                    0x00fbbacb
                                    0x00fbbacf
                                    0x00fbbad0
                                    0x00fbbad1
                                    0x00fbbadc
                                    0x00fbbadc
                                    0x00fbb980
                                    0x00fbb980
                                    0x00fbb988
                                    0x00fbb98b
                                    0x00fbb98d
                                    0x00fbb990
                                    0x00fbb993
                                    0x00fbb999
                                    0x00fbb99b
                                    0x00fbb9a1
                                    0x00fbb9a5
                                    0x00fbb9aa
                                    0x00fbb9b0
                                    0x00fbb9bb
                                    0x00fbb9c0
                                    0x00fbb9c3
                                    0x00fbb9ca
                                    0x00fbb9cc
                                    0x00fbb9cf
                                    0x00fbb9d3
                                    0x00fbb9d7
                                    0x00fbba94
                                    0x00fbba94
                                    0x00fbba98
                                    0x00fbbaa3
                                    0x01002ccb
                                    0x00fbbaa9
                                    0x00fbbaa9
                                    0x00fbbaa9
                                    0x00fbbab1
                                    0x01002cd5
                                    0x01002cdd
                                    0x01002cdd
                                    0x00fbbabb
                                    0x00fbbabc
                                    0x00fbbac2
                                    0x00fbbac3
                                    0x00fbbac3
                                    0x00fbbac6
                                    0x00000000
                                    0x00fbb9dd
                                    0x00fbb9dd
                                    0x00fbb9e7
                                    0x00fbb9e7
                                    0x00fbb9ec
                                    0x00fbb9ec
                                    0x00fbb9f1
                                    0x00fbb9f5
                                    0x00fbb9fa
                                    0x00fbba00
                                    0x00fbba0c
                                    0x00fbba10
                                    0x00fbba10
                                    0x00fbba12
                                    0x00fbba18
                                    0x00000000
                                    0x00000000
                                    0x00fbbb26
                                    0x00fbbb26
                                    0x00fbba1e
                                    0x00fbba1e
                                    0x00fbba23
                                    0x00fbba25
                                    0x00fbba2c
                                    0x00fbba30
                                    0x00fbba35
                                    0x00fbba35
                                    0x00fbba41
                                    0x00fbba46
                                    0x00fbba4c
                                    0x00fbba50
                                    0x00fbba54
                                    0x00fbba6a
                                    0x00fbba6e
                                    0x00fbba70
                                    0x00fbba74
                                    0x00fbba78
                                    0x00fbba7a
                                    0x00fbba7c
                                    0x00fbba8e
                                    0x00fbba90
                                    0x00fbba92
                                    0x00fbbb14
                                    0x00fbbb14
                                    0x00fbbb16
                                    0x00fbbb16
                                    0x00000000
                                    0x00fbba7c
                                    0x00fbbb0a
                                    0x00fbbb0d
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fbbb0f

                                    APIs
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FBB9A5
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                    • String ID:
                                    • API String ID: 885266447-0
                                    • Opcode ID: ca427f19525f0f818278b8deacd5393d1366a741b6271556bd9a4d8687a0b2ca
                                    • Instruction ID: 36fd1c9a04eb69c357b039fedac103d82b9a9c8a84d810ee94dba7c5770510fb
                                    • Opcode Fuzzy Hash: ca427f19525f0f818278b8deacd5393d1366a741b6271556bd9a4d8687a0b2ca
                                    • Instruction Fuzzy Hash: 1B514A71A08301CFC720DF2AC48096ABBE9BB88714F64896EE9C587345D7B5EC44DF92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01043D40 Relevance: 1.6, APIs: 1, Instructions: 98timeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 70%
                                    			E01043D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x108d360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E00FB2280(_t34, 0x1088a6c);
				_t64 =  *0x1085768; // 0x77575768
				if(_t64 != 0x1085768) {
					while(1) {
						_t8 = _t64 + 8; // 0x77575770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E00FAFFB0(_t53, _t64, 0x1088a6c);
						 *0x108b1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E00FB2280(_t45, 0x1088a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x1085768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E00FAFFB0(_t51, _t64, 0x1088a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E00FDB640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                    0x01043d40
                                    0x01043d48
                                    0x01043d52
                                    0x01043d59
                                    0x01043d5d
                                    0x01043d61
                                    0x01043d63
                                    0x01043d67
                                    0x01043d69
                                    0x01043d72
                                    0x01043d76
                                    0x01043d7a
                                    0x01043d7f
                                    0x01043d8b
                                    0x01043d91
                                    0x01043d91
                                    0x01043d91
                                    0x01043d94
                                    0x01043d96
                                    0x01043d9d
                                    0x01043da1
                                    0x01043db0
                                    0x01043dba
                                    0x01043dbc
                                    0x01043dbc
                                    0x01043dc6
                                    0x01043dcb
                                    0x01043dcf
                                    0x01043dd1
                                    0x01043dd4
                                    0x00000000
                                    0x00000000
                                    0x01043dd9
                                    0x01043e0c
                                    0x01043e0c
                                    0x01043e0f
                                    0x01043ddb
                                    0x01043ddb
                                    0x01043de0
                                    0x00000000
                                    0x01043de2
                                    0x01043de2
                                    0x01043de4
                                    0x01043de8
                                    0x01043deb
                                    0x01043df1
                                    0x00000000
                                    0x01043df3
                                    0x01043df3
                                    0x01043df5
                                    0x01043df8
                                    0x01043dfa
                                    0x00000000
                                    0x01043dfa
                                    0x01043df1
                                    0x01043de0
                                    0x01043e11
                                    0x01043e11
                                    0x00000000
                                    0x01043dfe
                                    0x01043e04
                                    0x01043e06
                                    0x00000000
                                    0x01043e06
                                    0x00000000
                                    0x01043e04
                                    0x01043d91
                                    0x01043e15
                                    0x01043e1a
                                    0x01043e1f
                                    0x01043e1f
                                    0x01043e23
                                    0x01043e29
                                    0x00000000
                                    0x00000000
                                    0x01043e2e
                                    0x00000000
                                    0x01043e30
                                    0x01043e30
                                    0x01043e35
                                    0x00000000
                                    0x01043e37
                                    0x01043e3e
                                    0x01043e42
                                    0x01043e48
                                    0x01043e4e
                                    0x00000000
                                    0x01043e4e
                                    0x01043e35
                                    0x00000000
                                    0x01043e2e
                                    0x01043e5b
                                    0x01043e5c
                                    0x01043e5d
                                    0x01043e68
                                    0x00000000

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: DebugPrintTimes
                                    • String ID:
                                    • API String ID: 3446177414-0
                                    • Opcode ID: 127db264dcaded8b8be095b46cd5f6febfaa209ec807460e77aaeaafd4260b3f
                                    • Instruction ID: 94e049fcab5317e3d64e7c44cbeb9410404afa023d7f6053b0f3969d8048f7fa
                                    • Opcode Fuzzy Hash: 127db264dcaded8b8be095b46cd5f6febfaa209ec807460e77aaeaafd4260b3f
                                    • Instruction Fuzzy Hash: 053169B150A311DFCB24EF19D88145ABBE1FF85700F4485AEE4D48F281E730D904CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD4A2C Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 58%
                                    			E00FD4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x108d360 ^ _t62;
				_v8 =  *0x108d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E00FB2280(_t26, 0x1088608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E00FAFFB0(_t41, _t51, 0x1088608);
						L2:
						 *0x108b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E00FDB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E00FB2280(_t28, 0x1088608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E00FAFFB0(_t42, _t53, 0x1088608);
							if(_t53 != 0) {
								L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E00FAFFB0(_t41, _t51, 0x1088608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                    0x00fd4a2c
                                    0x00fd4a34
                                    0x00fd4a3c
                                    0x00fd4a3e
                                    0x00fd4a48
                                    0x00fd4a4b
                                    0x00fd4a4d
                                    0x00fd4a51
                                    0x00fd4a9c
                                    0x00000000
                                    0x00000000
                                    0x00fd4aa3
                                    0x00fd4aa8
                                    0x00fd4aad
                                    0x00fd4ab1
                                    0x00fd4ade
                                    0x00fd4ae3
                                    0x00fd4a5a
                                    0x00fd4a62
                                    0x00fd4a6a
                                    0x00fd4a6e
                                    0x0100f203
                                    0x00fd4a84
                                    0x00fd4a88
                                    0x00fd4a89
                                    0x00fd4a8a
                                    0x00fd4a95
                                    0x00fd4a95
                                    0x00fd4a79
                                    0x00fd4a80
                                    0x00fd4af2
                                    0x00fd4af4
                                    0x00fd4af9
                                    0x00fd4aff
                                    0x00fd4b01
                                    0x00fd4b03
                                    0x00fd4b08
                                    0x0100f20a
                                    0x0100f212
                                    0x0100f216
                                    0x0100f216
                                    0x00fd4b08
                                    0x00fd4b13
                                    0x00fd4b1a
                                    0x0100f229
                                    0x0100f229
                                    0x00fd4b1a
                                    0x00fd4a82
                                    0x00000000
                                    0x00fd4a82
                                    0x00fd4ab7
                                    0x00fd4acd
                                    0x00fd4acd
                                    0x00fd4ad5
                                    0x00fd4ada
                                    0x00000000
                                    0x00fd4ada
                                    0x00fd4ac2
                                    0x00fd4acb
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fd4acb
                                    0x00fd4a53
                                    0x00fd4a53
                                    0x00fd4a58
                                    0x00000000

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: DebugPrintTimes
                                    • String ID:
                                    • API String ID: 3446177414-0
                                    • Opcode ID: e8d13c2186a71c34bfeb39b5a3f05c09503c0beea03a11d938c16a199c91c123
                                    • Instruction ID: e33dd5131d03561c251a7b0529ba28b32e6f95080e1fe455031ed0dd2fa7eaae
                                    • Opcode Fuzzy Hash: e8d13c2186a71c34bfeb39b5a3f05c09503c0beea03a11d938c16a199c91c123
                                    • Instruction Fuzzy Hash: 8B3123326457409FC731AF55C941B2AB7E6FF85710F58452AE8924B341CB78EC00EB85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FB0050 Relevance: 1.6, APIs: 1, Instructions: 81timeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 53%
                                    			E00FB0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x108d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E00FC9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E00FDB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01068A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E00FC9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x108b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                    0x00fb0055
                                    0x00fb005d
                                    0x00fb0062
                                    0x00fb006c
                                    0x00fb006f
                                    0x00fb0074
                                    0x00fb007a
                                    0x00fb007a
                                    0x00fb0080
                                    0x00fb0080
                                    0x00fb0087
                                    0x00fb008d
                                    0x00fb008f
                                    0x00fb0093
                                    0x00fb0095
                                    0x00fb009b
                                    0x00fb00f8
                                    0x00fb00fb
                                    0x00fb00fc
                                    0x00fb00ff
                                    0x00fb0108
                                    0x00fb0108
                                    0x00fb00a2
                                    0x00fb00a6
                                    0x00fb00b3
                                    0x00fb00bc
                                    0x00fb00c5
                                    0x00fb00ca
                                    0x00ffc01e
                                    0x00000000
                                    0x00000000
                                    0x00ffc02d
                                    0x00fb00d5
                                    0x00fb00d9
                                    0x00ffc03d
                                    0x00ffc046
                                    0x00ffc046
                                    0x00fb00df
                                    0x00fb00e2
                                    0x00fb00ea
                                    0x00fb00ef
                                    0x00fb00f2
                                    0x00fb00f6
                                    0x00fb0111
                                    0x00fb0117
                                    0x00fb0117
                                    0x00000000
                                    0x00fb00f6
                                    0x00fb00d0
                                    0x00fb00d0
                                    0x00000000

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: DebugPrintTimes
                                    • String ID:
                                    • API String ID: 3446177414-0
                                    • Opcode ID: 14ef03775ef593b52a3531f2f8b53c326ff31df8b4f620537866b8679c20be5e
                                    • Instruction ID: df8016c2b99e94a4de9905b44c15834b36217eaf288893673aeb7f9080711fc7
                                    • Opcode Fuzzy Hash: 14ef03775ef593b52a3531f2f8b53c326ff31df8b4f620537866b8679c20be5e
                                    • Instruction Fuzzy Hash: 6331AE31601B04CFD725DF28C944B9BB3E5FF88764F14456DE49687690EB75AC01EB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 82%
                                    			E00FC2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a35) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t240;
				signed int _t244;
				void* _t245;
				void* _t247;
				signed int _t253;
				signed int _t255;
				intOrPtr _t257;
				signed int _t260;
				signed int _t267;
				signed int _t270;
				signed int _t278;
				intOrPtr _t284;
				signed int _t286;
				signed int _t288;
				void* _t289;
				signed int _t290;
				signed int _t291;
				unsigned int _t294;
				signed int _t298;
				intOrPtr* _t299;
				signed int _t300;
				signed int _t304;
				intOrPtr _t316;
				signed int _t325;
				signed int _t327;
				signed int _t328;
				signed int _t332;
				signed int _t333;
				signed int _t335;
				signed int _t337;
				signed int _t339;
				void* _t340;
				void* _t343;

				_t337 = _t339;
				_t340 = _t339 - 0x4c;
				_v8 =  *0x108d360 ^ _t337;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t332 = 0x108b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t294 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t284 = 0x48;
				_t314 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t325 = 0;
				_v37 = _t314;
				if(_v48 <= 0) {
					L16:
					_t45 = _t284 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t333 = 0xc0000106;
						goto L32;
					} else {
						_t332 = L00FB4620(_t294,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t284);
						_v52 = _t332;
						__eflags = _t332;
						if(_t332 == 0) {
							_t333 = 0xc0000017;
							goto L32;
						} else {
							 *(_t332 + 0x44) =  *(_t332 + 0x44) & 0x00000000;
							_t50 = _t332 + 0x48; // 0x48
							_t327 = _t50;
							_t314 = _v32;
							 *((intOrPtr*)(_t332 + 0x3c)) = _t284;
							_t286 = 0;
							 *((short*)(_t332 + 0x30)) = _v48;
							__eflags = _t314;
							if(_t314 != 0) {
								 *(_t332 + 0x18) = _t327;
								__eflags = _t314 - 0x1088478;
								 *_t332 = ((0 | _t314 == 0x01088478) - 0x00000001 & 0xfffffffb) + 7;
								E00FDF3E0(_t327,  *((intOrPtr*)(_t314 + 4)),  *_t314 & 0x0000ffff);
								_t314 = _v32;
								_t340 = _t340 + 0xc;
								_t286 = 1;
								__eflags = _a8;
								_t327 = _t327 + (( *_t314 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t278 = E010239F2(_t327);
									_t314 = _v32;
									_t327 = _t278;
								}
							}
							_t298 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t333 = _v68;
								__eflags = 0;
								 *((short*)(_t327 - 2)) = 0;
								goto L32;
							} else {
								_t288 = _t332 + _t286 * 4;
								_v56 = _t288;
								do {
									__eflags = _t314;
									if(_t314 != 0) {
										_t240 =  *(_v60 + _t298 * 4);
										__eflags = _t240;
										if(_t240 == 0) {
											goto L30;
										} else {
											__eflags = _t240 == 5;
											if(_t240 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t288 =  *(_v60 + _t298 * 4);
										 *(_t288 + 0x18) = _t327;
										_t244 =  *(_v60 + _t298 * 4);
										__eflags = _t244 - 8;
										if(_t244 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t244 * 4 +  &M00FC2959))) {
												case 0:
													__ax =  *0x1088488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E00FDF3E0(__edi,  *0x108848c, __ax & 0x0000ffff);
														__eax =  *0x1088488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E00FDF3E0(_t327, _v80, _v64);
													_t273 = _v64;
													goto L26;
												case 2:
													 *0x1088480 & 0x0000ffff = E00FDF3E0(__edi,  *0x1088484,  *0x1088480 & 0x0000ffff);
													__eax =  *0x1088480 & 0x0000ffff;
													__eax = ( *0x1088480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E00FDF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E00FDF3E0(_t327, _v76, _v36);
														_t273 = _v36;
													}
													L26:
													_t340 = _t340 + 0xc;
													_t327 = _t327 + (_t273 >> 1) * 2 + 2;
													__eflags = _t327;
													L27:
													_push(0x3b);
													_pop(_t275);
													 *((short*)(_t327 - 2)) = _t275;
													goto L28;
												case 6:
													__ebx = "\\WWw\\WWw";
													__eflags = __ebx - "\\WWw\\WWw";
													if(__ebx != "\\WWw\\WWw") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E00FDF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\WWw\\WWw";
														} while (__ebx != "\\WWw\\WWw");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1088478 & 0x0000ffff = E00FDF3E0(__edi,  *0x108847c,  *0x1088478 & 0x0000ffff);
													__eax =  *0x1088478 & 0x0000ffff;
													__eax = ( *0x1088478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E010239F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1086e58 & 0x0000ffff = E00FDF3E0(__edi,  *0x1086e5c,  *0x1086e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1086e58 & 0x0000ffff;
													__eax = ( *0x1086e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t298 = _v16;
													_t314 = _v32;
													L29:
													_t288 = _t288 + 4;
													__eflags = _t288;
													_v56 = _t288;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t298 = _t298 + 1;
									_v16 = _t298;
									__eflags = _t298 - _v48;
								} while (_t298 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t244 =  *(_v60 + _t325 * 4);
						if(_t244 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t244 * 4 +  &M00FC2935))) {
							case 0:
								__ax =  *0x1088488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t314 =  &_v64;
								_v80 = E00FC2E3E(0,  &_v64);
								_t284 = _t284 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1088480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1088480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E00FAEEF0(0x10879a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E00FAEB70(__ecx, 0x10879a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t218 = _v72;
											__eflags = _t218;
											if(_t218 != 0) {
												L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
											}
											_t219 = _v52;
											__eflags = _t219;
											if(_t219 != 0) {
												__eflags = _t333;
												if(_t333 < 0) {
													L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t219);
													_t219 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t294 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1087b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L00FB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E00FAEB70(__ecx, 0x10879a0);
										__eax = _v52;
										L36:
										_pop(_t326);
										_pop(_t334);
										__eflags = _v8 ^ _t337;
										_pop(_t285);
										return E00FDB640(_t219, _t285, _v8 ^ _t337, _t314, _t326, _t334);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t280 = _v56;
								if(_v56 != 0) {
									_t314 =  &_v36;
									_t282 = E00FC2E3E(_t280,  &_v36);
									_t294 = _v36;
									_v76 = _t282;
								}
								if(_t294 == 0) {
									goto L44;
								} else {
									_t284 = _t284 + 2 + _t294;
								}
								goto L14;
							case 6:
								__eax =  *0x1085764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1088478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1088478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1086e58 & 0x0000ffff;
								__eax = ( *0x1086e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t325 = _t325 + 1;
								if(_t325 >= _v48) {
									goto L16;
								} else {
									_t314 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t299 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("cld");
					 *((intOrPtr*)(_t332 + 0x28)) =  *((intOrPtr*)(_t332 + 0x28)) + _t244;
					asm("cld");
					_t245 = _t244 + _t244;
					asm("daa");
					asm("cld");
					 *_t332 =  *_t332 + _t299;
					asm("cld");
					 *((intOrPtr*)(_t332 + 0x28)) =  *((intOrPtr*)(_t332 + 0x28)) + _t245;
					asm("cld");
					 *0x1f00fc26 =  *0x1f00fc26 + _t245;
					_pop(_t289);
					 *_t299 =  *_t299 + _t245;
					_t247 = _t340 - _t289;
					 *0x201005b =  *0x201005b + _t314;
					_t343 = _t245 - _t327;
					 *((intOrPtr*)(_t247 - 0x9ff03d8)) =  *((intOrPtr*)(_t247 - 0x9ff03d8)) + _t247;
					asm("daa");
					asm("cld");
					 *_t332 =  *_t332 + _t289;
					 *((intOrPtr*)(_t332 + 0x28)) =  *((intOrPtr*)(_t332 + 0x28)) + _t299;
					asm("cld");
					_a35 = _a35 + _t289;
					asm("cld");
					_pop(_t290);
					 *_t299 =  *_t299 + _t247 - _t289 + _t289;
					asm("cld");
					 *((intOrPtr*)(_t343 + _t290 * 2)) =  *((intOrPtr*)(_t343 + _t290 * 2)) + _t314;
					 *_t299 =  *_t299 + 0x28;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x106ff00);
					E00FED08C(_t290, _t327, _t332);
					_v44 =  *[fs:0x18];
					_t328 = 0;
					 *_a24 = 0;
					_t291 = _a12;
					__eflags = _t291;
					if(_t291 == 0) {
						_t253 = 0xc0000100;
					} else {
						_v8 = 0;
						_t335 = 0xc0000100;
						_v52 = 0xc0000100;
						_t255 = 4;
						while(1) {
							_v40 = _t255;
							__eflags = _t255;
							if(_t255 == 0) {
								break;
							}
							_t304 = _t255 * 0xc;
							_v48 = _t304;
							__eflags = _t291 -  *((intOrPtr*)(_t304 + 0xf71664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t270 = E00FDE5C0(_a8,  *((intOrPtr*)(_t304 + 0xf71668)), _t291);
									_t343 = _t343 + 0xc;
									__eflags = _t270;
									if(__eflags == 0) {
										_t335 = E010151BE(_t291,  *((intOrPtr*)(_v48 + 0xf7166c)), _a16, _t328, _t335, __eflags, _a20, _a24);
										_v52 = _t335;
										break;
									} else {
										_t255 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t255 = _t255 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t335;
						__eflags = _t335;
						if(_t335 < 0) {
							__eflags = _t335 - 0xc0000100;
							if(_t335 == 0xc0000100) {
								_t300 = _a4;
								__eflags = _t300;
								if(_t300 != 0) {
									_v36 = _t300;
									__eflags =  *_t300 - _t328;
									if( *_t300 == _t328) {
										_t335 = 0xc0000100;
										goto L76;
									} else {
										_t316 =  *((intOrPtr*)(_v44 + 0x30));
										_t257 =  *((intOrPtr*)(_t316 + 0x10));
										__eflags =  *((intOrPtr*)(_t257 + 0x48)) - _t300;
										if( *((intOrPtr*)(_t257 + 0x48)) == _t300) {
											__eflags =  *(_t316 + 0x1c);
											if( *(_t316 + 0x1c) == 0) {
												L106:
												_t335 = E00FC2AE4( &_v36, _a8, _t291, _a16, _a20, _a24);
												_v32 = _t335;
												__eflags = _t335 - 0xc0000100;
												if(_t335 != 0xc0000100) {
													goto L69;
												} else {
													_t328 = 1;
													_t300 = _v36;
													goto L75;
												}
											} else {
												_t260 = E00FA6600( *(_t316 + 0x1c));
												__eflags = _t260;
												if(_t260 != 0) {
													goto L106;
												} else {
													_t300 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t335 = E00FC2C50(_t300, _a8, _t291, _a16, _a20, _a24, _t328);
											L76:
											_v32 = _t335;
											goto L69;
										}
									}
									goto L108;
								} else {
									E00FAEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t335 = _a24;
									_t267 = E00FC2AE4( &_v36, _a8, _t291, _a16, _a20, _t335);
									_v32 = _t267;
									__eflags = _t267 - 0xc0000100;
									if(_t267 == 0xc0000100) {
										_v32 = E00FC2C50(_v36, _a8, _t291, _a16, _a20, _t335, 1);
									}
									_v8 = _t328;
									E00FC2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t253 = _t335;
					}
					L70:
					return E00FED0D1(_t253);
				}
				L108:
			}






















































                                    0x00fc2584
                                    0x00fc2586
                                    0x00fc2590
                                    0x00fc2596
                                    0x00fc2597
                                    0x00fc2598
                                    0x00fc2599
                                    0x00fc259e
                                    0x00fc25a4
                                    0x00fc25a9
                                    0x00fc25ac
                                    0x00fc25ae
                                    0x00fc25b1
                                    0x00fc25b2
                                    0x00fc25b5
                                    0x00fc25b8
                                    0x00fc25bb
                                    0x00fc25bc
                                    0x00fc25bf
                                    0x00fc25c2
                                    0x00fc25c5
                                    0x00fc25c6
                                    0x00fc25cb
                                    0x00fc25ce
                                    0x00fc25d8
                                    0x00fc25dd
                                    0x00fc25de
                                    0x00fc25e1
                                    0x00fc25e3
                                    0x00fc25e9
                                    0x00fc26da
                                    0x00fc26da
                                    0x00fc26dd
                                    0x00fc26e2
                                    0x01005b56
                                    0x00000000
                                    0x00fc26e8
                                    0x00fc26f9
                                    0x00fc26fb
                                    0x00fc26fe
                                    0x00fc2700
                                    0x01005b60
                                    0x00000000
                                    0x00fc2706
                                    0x00fc2706
                                    0x00fc270a
                                    0x00fc270a
                                    0x00fc270d
                                    0x00fc2713
                                    0x00fc2716
                                    0x00fc2718
                                    0x00fc271c
                                    0x00fc271e
                                    0x01005b6c
                                    0x01005b6f
                                    0x01005b7f
                                    0x01005b89
                                    0x01005b8e
                                    0x01005b93
                                    0x01005b96
                                    0x01005b9c
                                    0x01005ba0
                                    0x01005ba3
                                    0x01005bab
                                    0x01005bb0
                                    0x01005bb3
                                    0x01005bb3
                                    0x01005ba3
                                    0x00fc2724
                                    0x00fc2726
                                    0x00fc2729
                                    0x00fc272c
                                    0x00fc279d
                                    0x00fc279d
                                    0x00fc27a0
                                    0x00fc27a2
                                    0x00000000
                                    0x00fc272e
                                    0x00fc272e
                                    0x00fc2731
                                    0x00fc2734
                                    0x00fc2734
                                    0x00fc2736
                                    0x01005bc1
                                    0x01005bc1
                                    0x01005bc4
                                    0x00000000
                                    0x01005bca
                                    0x01005bca
                                    0x01005bcd
                                    0x00000000
                                    0x01005bd3
                                    0x00000000
                                    0x01005bd3
                                    0x01005bcd
                                    0x00fc273c
                                    0x00fc273c
                                    0x00fc2742
                                    0x00fc2747
                                    0x00fc274a
                                    0x00fc274d
                                    0x00fc2750
                                    0x00000000
                                    0x00fc2756
                                    0x00fc2756
                                    0x00000000
                                    0x00fc2902
                                    0x00fc2908
                                    0x00fc290b
                                    0x00000000
                                    0x00fc2911
                                    0x00fc291c
                                    0x00fc2921
                                    0x00000000
                                    0x00fc2921
                                    0x00000000
                                    0x00000000
                                    0x00fc2880
                                    0x00fc2887
                                    0x00fc288c
                                    0x00000000
                                    0x00000000
                                    0x00fc2805
                                    0x00fc280a
                                    0x00fc2814
                                    0x00fc2816
                                    0x00000000
                                    0x00000000
                                    0x00fc281e
                                    0x00fc2821
                                    0x00fc2823
                                    0x00000000
                                    0x00fc2829
                                    0x00fc2829
                                    0x00fc2831
                                    0x00fc283c
                                    0x00fc283e
                                    0x00000000
                                    0x00fc283e
                                    0x00000000
                                    0x00000000
                                    0x00fc284e
                                    0x00fc2850
                                    0x00fc2851
                                    0x00fc2854
                                    0x00fc2857
                                    0x00fc285a
                                    0x00fc285c
                                    0x00fc285d
                                    0x00000000
                                    0x00000000
                                    0x00fc275d
                                    0x00fc2761
                                    0x00000000
                                    0x00fc2767
                                    0x00fc276e
                                    0x00fc2773
                                    0x00fc2773
                                    0x00fc2776
                                    0x00fc2778
                                    0x00fc277e
                                    0x00fc277e
                                    0x00fc2781
                                    0x00fc2781
                                    0x00fc2783
                                    0x00fc2784
                                    0x00000000
                                    0x00000000
                                    0x01005bd8
                                    0x01005bde
                                    0x01005be4
                                    0x01005be6
                                    0x01005be8
                                    0x01005be9
                                    0x01005bee
                                    0x01005bf8
                                    0x01005bff
                                    0x01005c01
                                    0x01005c04
                                    0x01005c07
                                    0x01005c0b
                                    0x01005c0d
                                    0x01005c0d
                                    0x01005c15
                                    0x01005c18
                                    0x01005c1b
                                    0x01005c1b
                                    0x01005c1e
                                    0x00000000
                                    0x00000000
                                    0x00fc28c3
                                    0x00fc28c8
                                    0x00fc28d2
                                    0x00fc28d4
                                    0x00fc28d8
                                    0x00fc28db
                                    0x01005c26
                                    0x01005c28
                                    0x01005c2d
                                    0x01005c2d
                                    0x00000000
                                    0x00000000
                                    0x01005c34
                                    0x01005c36
                                    0x01005c49
                                    0x01005c4e
                                    0x01005c54
                                    0x01005c5b
                                    0x01005c5d
                                    0x01005c60
                                    0x00fc2788
                                    0x00fc2788
                                    0x00fc278b
                                    0x00fc278e
                                    0x00fc278e
                                    0x00fc278e
                                    0x00fc2791
                                    0x00000000
                                    0x00000000
                                    0x00fc2756
                                    0x00fc2750
                                    0x00000000
                                    0x00fc2794
                                    0x00fc2794
                                    0x00fc2795
                                    0x00fc2798
                                    0x00fc2798
                                    0x00000000
                                    0x00fc2734
                                    0x00fc272c
                                    0x00fc2700
                                    0x00fc25ef
                                    0x00fc25ef
                                    0x00fc25ef
                                    0x00fc25f2
                                    0x00fc25f8
                                    0x00000000
                                    0x00000000
                                    0x00fc25fe
                                    0x00000000
                                    0x00fc28e6
                                    0x00fc28ec
                                    0x00fc28ef
                                    0x00fc28f5
                                    0x00fc28f8
                                    0x00fc28f8
                                    0x00000000
                                    0x00fc28f8
                                    0x00000000
                                    0x00000000
                                    0x00fc2866
                                    0x00fc2866
                                    0x00fc2876
                                    0x00fc2879
                                    0x00000000
                                    0x00000000
                                    0x00fc27e0
                                    0x00fc27e7
                                    0x00fc27e9
                                    0x00fc27eb
                                    0x01005afd
                                    0x00000000
                                    0x01005afd
                                    0x00000000
                                    0x00000000
                                    0x00fc2633
                                    0x00fc2638
                                    0x00fc263b
                                    0x00fc263c
                                    0x00fc263e
                                    0x00fc2640
                                    0x00fc2642
                                    0x00fc2647
                                    0x00fc2649
                                    0x00fc264e
                                    0x00fc2650
                                    0x00fc2653
                                    0x00fc2659
                                    0x00fc26a2
                                    0x00fc26a7
                                    0x00fc26ac
                                    0x00fc26b2
                                    0x01005b11
                                    0x01005b15
                                    0x01005b17
                                    0x00000000
                                    0x00fc26b8
                                    0x00fc26b8
                                    0x00fc26ba
                                    0x00fc27a6
                                    0x00fc27a6
                                    0x00fc27a9
                                    0x00fc27ab
                                    0x00fc27b9
                                    0x00fc27b9
                                    0x00fc27be
                                    0x00fc27c1
                                    0x00fc27c3
                                    0x00fc27c5
                                    0x00fc27c7
                                    0x01005c74
                                    0x01005c79
                                    0x01005c79
                                    0x00fc27c7
                                    0x00000000
                                    0x00fc26c0
                                    0x00fc26c0
                                    0x00fc26c3
                                    0x00fc26c6
                                    0x00fc26c6
                                    0x00fc26c9
                                    0x00fc26c9
                                    0x00000000
                                    0x00fc26c9
                                    0x00fc26ba
                                    0x00fc265b
                                    0x00fc265b
                                    0x00fc265e
                                    0x00fc2667
                                    0x00fc266d
                                    0x00fc2677
                                    0x00fc267c
                                    0x00fc267f
                                    0x00fc2681
                                    0x01005b49
                                    0x01005b4e
                                    0x00fc27cd
                                    0x00fc27d0
                                    0x00fc27d1
                                    0x00fc27d2
                                    0x00fc27d4
                                    0x00fc27dd
                                    0x00fc2687
                                    0x00fc2687
                                    0x00fc268a
                                    0x00fc268b
                                    0x00fc268e
                                    0x00fc268f
                                    0x00fc2691
                                    0x00fc2696
                                    0x00fc2698
                                    0x00fc269d
                                    0x00fc269f
                                    0x00000000
                                    0x00fc269f
                                    0x00fc2681
                                    0x00000000
                                    0x00000000
                                    0x00fc2846
                                    0x00000000
                                    0x00000000
                                    0x00fc2605
                                    0x00fc260a
                                    0x00fc260c
                                    0x00fc2611
                                    0x00fc2616
                                    0x00fc2619
                                    0x00fc2619
                                    0x00fc261e
                                    0x00000000
                                    0x00fc2624
                                    0x00fc2627
                                    0x00fc2627
                                    0x00000000
                                    0x00000000
                                    0x01005b1f
                                    0x00000000
                                    0x00000000
                                    0x00fc2894
                                    0x00fc289b
                                    0x00fc289d
                                    0x00fc28a1
                                    0x01005b2b
                                    0x01005b2e
                                    0x01005b2e
                                    0x00fc28a7
                                    0x00fc28a9
                                    0x01005b04
                                    0x01005b09
                                    0x01005b09
                                    0x01005b09
                                    0x00000000
                                    0x00000000
                                    0x01005b35
                                    0x01005b3c
                                    0x00fc28fb
                                    0x00fc28fb
                                    0x00fc26cc
                                    0x00fc26cc
                                    0x00fc26d0
                                    0x00000000
                                    0x00fc26d2
                                    0x00fc26d2
                                    0x00000000
                                    0x00fc26d2
                                    0x00000000
                                    0x00000000
                                    0x00fc25fe
                                    0x00fc292d
                                    0x00fc292f
                                    0x00fc2930
                                    0x00fc2935
                                    0x00fc2937
                                    0x00fc2938
                                    0x00fc293b
                                    0x00fc293c
                                    0x00fc293e
                                    0x00fc293f
                                    0x00fc2940
                                    0x00fc2942
                                    0x00fc2944
                                    0x00fc2947
                                    0x00fc2948
                                    0x00fc294e
                                    0x00fc294f
                                    0x00fc2952
                                    0x00fc2954
                                    0x00fc295a
                                    0x00fc295c
                                    0x00fc2962
                                    0x00fc2963
                                    0x00fc2964
                                    0x00fc2968
                                    0x00fc296b
                                    0x00fc296c
                                    0x00fc296f
                                    0x00fc2972
                                    0x00fc2973
                                    0x00fc2977
                                    0x00fc2978
                                    0x00fc297b
                                    0x00fc297d
                                    0x00fc297e
                                    0x00fc297f
                                    0x00fc2980
                                    0x00fc2981
                                    0x00fc2982
                                    0x00fc2983
                                    0x00fc2984
                                    0x00fc2985
                                    0x00fc2986
                                    0x00fc2987
                                    0x00fc2988
                                    0x00fc2989
                                    0x00fc298a
                                    0x00fc298b
                                    0x00fc298c
                                    0x00fc298d
                                    0x00fc298e
                                    0x00fc298f
                                    0x00fc2990
                                    0x00fc2992
                                    0x00fc2997
                                    0x00fc29a3
                                    0x00fc29a6
                                    0x00fc29ab
                                    0x00fc29ad
                                    0x00fc29b0
                                    0x00fc29b2
                                    0x01005c80
                                    0x00fc29b8
                                    0x00fc29b8
                                    0x00fc29bb
                                    0x00fc29c0
                                    0x00fc29c5
                                    0x00fc29c6
                                    0x00fc29c6
                                    0x00fc29c9
                                    0x00fc29cb
                                    0x00000000
                                    0x00000000
                                    0x00fc29cd
                                    0x00fc29d0
                                    0x00fc29d9
                                    0x00fc29db
                                    0x00fc29dd
                                    0x00fc2a7f
                                    0x00fc2a84
                                    0x00fc2a87
                                    0x00fc2a89
                                    0x01005ca1
                                    0x01005ca3
                                    0x00000000
                                    0x00fc2a8f
                                    0x00fc2a8f
                                    0x00000000
                                    0x00fc2a8f
                                    0x00000000
                                    0x00fc29e3
                                    0x00fc29e3
                                    0x00fc29e3
                                    0x00000000
                                    0x00fc29e3
                                    0x00fc29dd
                                    0x00000000
                                    0x00fc29db
                                    0x00fc29e6
                                    0x00fc29e9
                                    0x00fc29eb
                                    0x00fc29ed
                                    0x00fc29f3
                                    0x00fc29f5
                                    0x00fc29f8
                                    0x00fc29fa
                                    0x00fc2a97
                                    0x00fc2a9a
                                    0x00fc2a9d
                                    0x00fc2add
                                    0x00000000
                                    0x00fc2a9f
                                    0x00fc2aa2
                                    0x00fc2aa5
                                    0x00fc2aa8
                                    0x00fc2aab
                                    0x01005cab
                                    0x01005caf
                                    0x01005cc5
                                    0x01005cda
                                    0x01005cdc
                                    0x01005cdf
                                    0x01005ce5
                                    0x00000000
                                    0x01005ceb
                                    0x01005ced
                                    0x01005cee
                                    0x00000000
                                    0x01005cee
                                    0x01005cb1
                                    0x01005cb4
                                    0x01005cb9
                                    0x01005cbb
                                    0x00000000
                                    0x01005cbd
                                    0x01005cbd
                                    0x00000000
                                    0x01005cbd
                                    0x01005cbb
                                    0x00fc2ab1
                                    0x00fc2ab1
                                    0x00fc2ac4
                                    0x00fc2ac6
                                    0x00fc2ac6
                                    0x00000000
                                    0x00fc2ac6
                                    0x00fc2aab
                                    0x00000000
                                    0x00fc2a00
                                    0x00fc2a09
                                    0x00fc2a0e
                                    0x00fc2a21
                                    0x00fc2a24
                                    0x00fc2a35
                                    0x00fc2a3a
                                    0x00fc2a3d
                                    0x00fc2a42
                                    0x00fc2a59
                                    0x00fc2a59
                                    0x00fc2a5c
                                    0x00fc2a5f
                                    0x00fc2a5f
                                    0x00fc29fa
                                    0x00fc29f3
                                    0x00fc2a64
                                    0x00fc2a64
                                    0x00fc2a6b
                                    0x00fc2a6b
                                    0x00fc2a6d
                                    0x00fc2a72
                                    0x00fc2a72
                                    0x00000000

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: PATH
                                    • API String ID: 0-1036084923
                                    • Opcode ID: f81ce0fbe09e7e11c8bbe316b2190a391460681a7d856eb5dbca0cfc54e06ea0
                                    • Instruction ID: cb97b165ad58d3f47419cd061b7e5598bb5b96ecd9b2009b759cbdcf9753985b
                                    • Opcode Fuzzy Hash: f81ce0fbe09e7e11c8bbe316b2190a391460681a7d856eb5dbca0cfc54e06ea0
                                    • Instruction Fuzzy Hash: 79C19E72D0021ADBDB65DF98DD82FADB7B1FF48710F58402EE541AB290D738A941EB60
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F9C962 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 42%
                                    			E00F9C962(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				intOrPtr _t22;
				void* _t26;
				void* _t27;
				void* _t32;
				intOrPtr _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x108d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E00FAEEF0(0x10870a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0101F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E00FAEB70(_t29, 0x10870a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E00FDB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0101F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x10870c0; // 0x0
					while(_t38 != 0x10870c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x108b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                    0x00f9c96a
                                    0x00f9c974
                                    0x00f9c988
                                    0x00f9c98a
                                    0x01007c9d
                                    0x01007c9f
                                    0x01007ca4
                                    0x01007cae
                                    0x01007cf0
                                    0x01007cf5
                                    0x01007cfa
                                    0x00f9c992
                                    0x00f9c996
                                    0x00f9c997
                                    0x00f9c998
                                    0x00f9c9a3
                                    0x00f9c9a3
                                    0x01007cb0
                                    0x01007cb7
                                    0x01007cbb
                                    0x00000000
                                    0x00000000
                                    0x01007cbd
                                    0x01007ce8
                                    0x01007cc5
                                    0x01007cc8
                                    0x01007cca
                                    0x01007cd0
                                    0x01007cd6
                                    0x01007cde
                                    0x01007ce4
                                    0x01007ce4
                                    0x01007cd0
                                    0x00000000
                                    0x01007ce8
                                    0x00f9c990
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a2f6cae43f241afc5337aaa0042fc6ef4476be8568d3f83854d43705721a664a
                                    • Instruction ID: 74df4ae2549a18511e9c1025cf3df6e78dd866c96859837c27588486c17cb19e
                                    • Opcode Fuzzy Hash: a2f6cae43f241afc5337aaa0042fc6ef4476be8568d3f83854d43705721a664a
                                    • Instruction Fuzzy Hash: 8811023130460A9BD752AF28CC85A6AB7E1BB84710F20052CF9C187692DB28FC14DBD1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FCFAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 80%
                                    			E00FCFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E00FAEEF0(0x1087b60);
					_t134 =  *0x1087b84; // 0x77577b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1087b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1087b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E00FA6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E00FA76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01038938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E00F9B150();
													}
													_t116 = E01036D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E00FA75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1088638; // 0x0
																	_t122 = L00FA38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E00FA76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E00FA76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L00FCFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L00FA70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E00FCFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E00FCFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E00FCFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E00FCFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E00FCFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1087b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1087b84 = _t75;
						_t73 = E00FAEB70(_t134, 0x1087b60);
						if( *0x1087b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E00FAFF60( *0x1087b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                    0x00fcfab0
                                    0x00fcfab2
                                    0x00fcfab3
                                    0x00fcfab4
                                    0x00fcfabc
                                    0x00fcfac0
                                    0x00fcfb14
                                    0x00fcfb17
                                    0x00fcfac2
                                    0x00fcfac8
                                    0x00fcfacd
                                    0x00fcfad3
                                    0x00fcfad3
                                    0x00fcfadd
                                    0x00fcfb18
                                    0x00fcfb1b
                                    0x00fcfb1d
                                    0x00fcfb1e
                                    0x00fcfb1f
                                    0x00fcfb20
                                    0x00fcfb21
                                    0x00fcfb22
                                    0x00fcfb23
                                    0x00fcfb24
                                    0x00fcfb25
                                    0x00fcfb26
                                    0x00fcfb27
                                    0x00fcfb28
                                    0x00fcfb29
                                    0x00fcfb2a
                                    0x00fcfb2b
                                    0x00fcfb2c
                                    0x00fcfb2d
                                    0x00fcfb2e
                                    0x00fcfb2f
                                    0x00fcfb3a
                                    0x00fcfb3b
                                    0x00fcfb3e
                                    0x00fcfb41
                                    0x00fcfb44
                                    0x00fcfb47
                                    0x00fcfb4a
                                    0x00fcfb4d
                                    0x00fcfb53
                                    0x0100bdcb
                                    0x0100bdcb
                                    0x00fcfb59
                                    0x00fcfb5b
                                    0x00fcfb5b
                                    0x00fcfb5e
                                    0x0100bdd5
                                    0x0100bdd8
                                    0x00000000
                                    0x0100bdda
                                    0x00000000
                                    0x0100bdda
                                    0x00fcfb64
                                    0x00fcfb64
                                    0x00fcfb64
                                    0x00fcfb67
                                    0x00fcfb6e
                                    0x00fcfb70
                                    0x00fcfb72
                                    0x00000000
                                    0x00fcfb78
                                    0x00fcfb7a
                                    0x00fcfb7a
                                    0x00fcfb7d
                                    0x00fcfb80
                                    0x0100bddf
                                    0x0100bde1
                                    0x00000000
                                    0x0100bde3
                                    0x00000000
                                    0x0100bde3
                                    0x00fcfb86
                                    0x00fcfb86
                                    0x00fcfb86
                                    0x00fcfb8b
                                    0x00fcfb90
                                    0x00fcfb92
                                    0x00fcfb94
                                    0x00fcfb9a
                                    0x00fcfb9b
                                    0x00fcfba1
                                    0x0100bde8
                                    0x0100bdeb
                                    0x0100bded
                                    0x0100beb5
                                    0x0100beb5
                                    0x0100bebb
                                    0x0100bebd
                                    0x0100bec3
                                    0x0100bed2
                                    0x0100bedd
                                    0x0100bedd
                                    0x0100beed
                                    0x00000000
                                    0x0100bdf3
                                    0x0100bdfe
                                    0x0100be06
                                    0x0100be0b
                                    0x0100be0d
                                    0x0100be0f
                                    0x0100be14
                                    0x0100be19
                                    0x0100be20
                                    0x0100be25
                                    0x0100be27
                                    0x0100be35
                                    0x0100be39
                                    0x0100be46
                                    0x0100be4f
                                    0x0100be54
                                    0x0100be56
                                    0x0100bef8
                                    0x0100bef8
                                    0x00000000
                                    0x0100be5c
                                    0x0100be5c
                                    0x0100be60
                                    0x00000000
                                    0x0100be66
                                    0x0100be66
                                    0x0100be7f
                                    0x0100be84
                                    0x0100be87
                                    0x0100be89
                                    0x0100be8b
                                    0x0100be99
                                    0x0100be9d
                                    0x0100bea0
                                    0x0100beac
                                    0x0100beaf
                                    0x0100beb1
                                    0x0100beb3
                                    0x0100beb3
                                    0x00000000
                                    0x0100bea2
                                    0x0100bea2
                                    0x00000000
                                    0x0100bea2
                                    0x0100be8d
                                    0x0100be8d
                                    0x0100be92
                                    0x00000000
                                    0x0100be92
                                    0x0100be8b
                                    0x0100be60
                                    0x0100be3b
                                    0x0100be3b
                                    0x0100be3e
                                    0x00000000
                                    0x0100be40
                                    0x0100be40
                                    0x0100be44
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0100be44
                                    0x0100be3e
                                    0x0100be29
                                    0x0100be29
                                    0x00000000
                                    0x0100be29
                                    0x0100be27
                                    0x00000000
                                    0x00fcfba7
                                    0x00fcfba7
                                    0x00fcfbab
                                    0x0100bf02
                                    0x00fcfbb1
                                    0x00fcfbb1
                                    0x00fcfbb8
                                    0x00fcfbbd
                                    0x00fcfbbd
                                    0x00fcfbbf
                                    0x00fcfbbf
                                    0x00fcfbc5
                                    0x00fcfbcb
                                    0x00fcfbf8
                                    0x00fcfbf8
                                    0x00fcfbfa
                                    0x00000000
                                    0x00fcfc00
                                    0x00fcfc00
                                    0x00fcfc03
                                    0x00000000
                                    0x00fcfc09
                                    0x00fcfc09
                                    0x00fcfc0f
                                    0x00fcfc15
                                    0x00fcfc23
                                    0x00fcfc23
                                    0x00fcfc25
                                    0x00fcfc27
                                    0x00fcfc75
                                    0x00fcfc7c
                                    0x00fcfc84
                                    0x00000000
                                    0x00fcfc29
                                    0x00fcfc29
                                    0x00fcfc2d
                                    0x00fcfc30
                                    0x0100bf0f
                                    0x00000000
                                    0x00fcfc36
                                    0x00fcfc38
                                    0x00fcfc3b
                                    0x00fcfc41
                                    0x0100bf17
                                    0x0100bf19
                                    0x0100bf48
                                    0x0100bf4b
                                    0x00000000
                                    0x0100bf1b
                                    0x0100bf22
                                    0x0100bf24
                                    0x0100bf26
                                    0x00000000
                                    0x0100bf2c
                                    0x0100bf37
                                    0x0100bf39
                                    0x0100bf3b
                                    0x00000000
                                    0x0100bf41
                                    0x0100bf41
                                    0x0100bf41
                                    0x0100bf41
                                    0x0100bf45
                                    0x00000000
                                    0x0100bf45
                                    0x0100bf3b
                                    0x0100bf26
                                    0x00000000
                                    0x00fcfc47
                                    0x00fcfc47
                                    0x00fcfc49
                                    0x00fcfcb2
                                    0x00fcfcb4
                                    0x00fcfcb6
                                    0x00fcfcdc
                                    0x00fcfcdc
                                    0x00000000
                                    0x00fcfcb8
                                    0x00fcfcc3
                                    0x00fcfcc5
                                    0x00fcfcc7
                                    0x00000000
                                    0x00fcfcc9
                                    0x00fcfcc9
                                    0x00fcfccd
                                    0x00000000
                                    0x00fcfccd
                                    0x00fcfcc7
                                    0x00000000
                                    0x00fcfc4b
                                    0x00fcfc4b
                                    0x00fcfc4e
                                    0x00fcfc4e
                                    0x00fcfc51
                                    0x00fcfc51
                                    0x00fcfc54
                                    0x00fcfc5a
                                    0x00fcfc5c
                                    0x00fcfc5f
                                    0x00fcfc61
                                    0x00fcfc63
                                    0x00fcfc65
                                    0x00fcfc67
                                    0x00fcfc6e
                                    0x00fcfc72
                                    0x00fcfc72
                                    0x00fcfc72
                                    0x00fcfc72
                                    0x00fcfc67
                                    0x00fcfc61
                                    0x00000000
                                    0x00fcfc5a
                                    0x00fcfc49
                                    0x00fcfc41
                                    0x00fcfc30
                                    0x00fcfc27
                                    0x00fcfc03
                                    0x00fcfbcd
                                    0x00fcfbd3
                                    0x00fcfbd9
                                    0x00fcfbdc
                                    0x00fcfbde
                                    0x00fcfc99
                                    0x00fcfc9b
                                    0x00fcfc9d
                                    0x00fcfcd5
                                    0x00fcfcd5
                                    0x00fcfc89
                                    0x00fcfc89
                                    0x00000000
                                    0x00fcfc9f
                                    0x00fcfc9f
                                    0x00fcfca3
                                    0x00000000
                                    0x00fcfca3
                                    0x00000000
                                    0x00fcfbe4
                                    0x00fcfbe4
                                    0x00fcfbe4
                                    0x00fcfbe4
                                    0x00fcfbe9
                                    0x00fcfbf2
                                    0x00000000
                                    0x00fcfbf2
                                    0x00fcfbde
                                    0x00fcfbcb
                                    0x00fcfbab
                                    0x00fcfc8b
                                    0x00fcfc8b
                                    0x00fcfc8c
                                    0x00fcfb80
                                    0x00fcfb72
                                    0x00fcfb5e
                                    0x00fcfc8d
                                    0x00fcfc91
                                    0x00fcfadf
                                    0x00fcfadf
                                    0x00fcfae1
                                    0x00fcfae4
                                    0x00fcfae7
                                    0x00fcfaec
                                    0x00fcfaf8
                                    0x00fcfb00
                                    0x00fcfb07
                                    0x00fcfb0f
                                    0x00fcfb0f
                                    0x00fcfb07
                                    0x00000000
                                    0x00fcfaf8
                                    0x00fcfadd

                                    Strings
                                    • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0100BE0F
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                    • API String ID: 0-865735534
                                    • Opcode ID: e954f84851777bdf4af9c459033d3f5f62fecbd770e4ec7ced4a1cd3af35e99b
                                    • Instruction ID: 09c0c3ad8b0fb0f3cb0968b4fdd82e67060a4323b059922a6b26b5ab13828a40
                                    • Opcode Fuzzy Hash: e954f84851777bdf4af9c459033d3f5f62fecbd770e4ec7ced4a1cd3af35e99b
                                    • Instruction Fuzzy Hash: 2DA14875B006078BE726DB68C952F7AF7A6AF44720F14457EE982CB281DB34DD09EB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F92D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 63%
                                    			E00F92D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1085350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1087bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E00FD97C0();
				}
				if( *0x10879c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x10879c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E00FC1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E00FB7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0102FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E00FD9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E00FCE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								E00FEDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1086901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1086901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E00FD9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E00FD95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E00FB7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E00FB7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01017016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0102FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1085350;
							if(_t109 != 0x1085350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0102FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01025720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                    0x00f92d8a
                                    0x00f92d8a
                                    0x00f92d92
                                    0x00f92d96
                                    0x00f92d9e
                                    0x00f92da0
                                    0x00f92da3
                                    0x00f92da5
                                    0x00f92da8
                                    0x00f92dab
                                    0x00f92db2
                                    0x00fef9aa
                                    0x00fef9ab
                                    0x00fef9ae
                                    0x00fef9ae
                                    0x00f92db8
                                    0x00f92dc2
                                    0x00fef9b9
                                    0x00fef9be
                                    0x00fef9bf
                                    0x00fef9bf
                                    0x00f92dcf
                                    0x00fef9c9
                                    0x00f92dd5
                                    0x00f92dd5
                                    0x00f92dd5
                                    0x00f92dde
                                    0x00f92de1
                                    0x00f92e70
                                    0x00f92e72
                                    0x00f92e72
                                    0x00f92de7
                                    0x00f92deb
                                    0x00f92e7c
                                    0x00f92e83
                                    0x00f92e85
                                    0x00f92e8b
                                    0x00f92e8d
                                    0x00f92e92
                                    0x00f92e92
                                    0x00f92e85
                                    0x00f92df1
                                    0x00f92df7
                                    0x00f92df9
                                    0x00f92df9
                                    0x00f92dfc
                                    0x00f92dff
                                    0x00f92e02
                                    0x00000000
                                    0x00f92e05
                                    0x00f92e0c
                                    0x00fef9d9
                                    0x00f92e12
                                    0x00f92e12
                                    0x00f92e12
                                    0x00f92e1a
                                    0x00fef9e3
                                    0x00fef9e9
                                    0x00fef9f0
                                    0x00fef9f6
                                    0x00fef9f8
                                    0x00fef9f8
                                    0x00fef9f0
                                    0x00f92e23
                                    0x00fefa02
                                    0x00fefa03
                                    0x00fefa05
                                    0x00fefa06
                                    0x00000000
                                    0x00f92e29
                                    0x00f92e29
                                    0x00f92e2e
                                    0x00f92e34
                                    0x00f92e3e
                                    0x00000000
                                    0x00000000
                                    0x00f92e44
                                    0x00f92e47
                                    0x00f92e4d
                                    0x00000000
                                    0x00000000
                                    0x00f92e4f
                                    0x00f92e54
                                    0x00000000
                                    0x00000000
                                    0x00f92e5a
                                    0x00f92e5f
                                    0x00f92e9a
                                    0x00f92ea4
                                    0x00f92ea5
                                    0x00f92ea8
                                    0x00f92eaf
                                    0x00f92eb2
                                    0x00f92eb5
                                    0x00fefae9
                                    0x00fefaeb
                                    0x00fefaed
                                    0x00fefaef
                                    0x00fefaf7
                                    0x00fefaf8
                                    0x00fefafd
                                    0x00fefaff
                                    0x00fefb04
                                    0x00fefb04
                                    0x00fefaff
                                    0x00f92ec0
                                    0x00f92ec4
                                    0x00f92ec6
                                    0x00f92ec8
                                    0x00fefb14
                                    0x00fefb18
                                    0x00fefb1e
                                    0x00fefb21
                                    0x00fefb21
                                    0x00f92ece
                                    0x00f92ece
                                    0x00f92ece
                                    0x00f92ed7
                                    0x00f92e61
                                    0x00f92e63
                                    0x00fefa6b
                                    0x00fefa71
                                    0x00fefa76
                                    0x00fefa78
                                    0x00fefa8a
                                    0x00fefa7a
                                    0x00fefa83
                                    0x00fefa83
                                    0x00fefa8f
                                    0x00fefa91
                                    0x00fefa97
                                    0x00fefa9d
                                    0x00fefaa4
                                    0x00fefaaa
                                    0x00fefaaf
                                    0x00fefab1
                                    0x00fefac3
                                    0x00fefab3
                                    0x00fefabc
                                    0x00fefabc
                                    0x00fefac8
                                    0x00fefacb
                                    0x00fefadf
                                    0x00fefadf
                                    0x00fefacb
                                    0x00fefaa4
                                    0x00fefa91
                                    0x00f92e6f
                                    0x00f92e6f
                                    0x00f92e5f
                                    0x00fefa13
                                    0x00fefa15
                                    0x00fefa17
                                    0x00fefa1f
                                    0x00fefa21
                                    0x00fefa22
                                    0x00fefa25
                                    0x00fefa28
                                    0x00fefa2f
                                    0x00fefa2f
                                    0x00fefa2a
                                    0x00fefa2a
                                    0x00fefa2a
                                    0x00fefa31
                                    0x00fefa34
                                    0x00fefa36
                                    0x00fefa3c
                                    0x00fefa3e
                                    0x00fefa41
                                    0x00fefa43
                                    0x00fefa45
                                    0x00fefa45
                                    0x00fefa41
                                    0x00fefa3c
                                    0x00fefa4a
                                    0x00fefa4f
                                    0x00fefa51
                                    0x00fefa53
                                    0x00fefa56
                                    0x00fefa5b
                                    0x00fefa5e
                                    0x00000000
                                    0x00fefa5e
                                    0x00f92e23

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: RTL: Re-Waiting
                                    • API String ID: 0-316354757
                                    • Opcode ID: cea2d76c3aef86833faff2cfd84fffc5b418ad0a18fa7f947798b611ea00084b
                                    • Instruction ID: bd45932951ceef918bb98ea63b2be01c13463127957023270091df83686cd0d9
                                    • Opcode Fuzzy Hash: cea2d76c3aef86833faff2cfd84fffc5b418ad0a18fa7f947798b611ea00084b
                                    • Instruction Fuzzy Hash: 86612631E04685AFEF31EF69C880B7E77A5EB44720F24067AE8959B2C1C7389D04B781
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01060EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 80%
                                    			E01060EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0105FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E01061074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E00FD9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0105A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0105A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x1088b04 >> 0x14) + (_v44 -  *0x1088b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E00FB7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0105138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E00FB7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0104FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x1088724 & 0x00000008) != 0) {
						E010552F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E010615B5(0x1088ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                    0x01060eb7
                                    0x01060eb9
                                    0x01060ec0
                                    0x01060ec2
                                    0x01060ecd
                                    0x0106105b
                                    0x0106105b
                                    0x01061061
                                    0x01061066
                                    0x01061066
                                    0x0106106b
                                    0x01061073
                                    0x01061073
                                    0x01060ed3
                                    0x01060ed6
                                    0x01060edc
                                    0x01060ee0
                                    0x01060ee7
                                    0x01060ef0
                                    0x01060ef5
                                    0x01060efa
                                    0x01060efc
                                    0x01060efd
                                    0x01060f03
                                    0x01060f04
                                    0x01060f06
                                    0x01060f07
                                    0x01060f09
                                    0x01060f0e
                                    0x01060f14
                                    0x01060f23
                                    0x01060f2d
                                    0x01060f34
                                    0x01060f34
                                    0x01060f14
                                    0x01060f52
                                    0x00000000
                                    0x00000000
                                    0x01060f58
                                    0x01060f73
                                    0x01060f74
                                    0x01060f79
                                    0x01060f7d
                                    0x01060f80
                                    0x01060f86
                                    0x01060fab
                                    0x01060fb5
                                    0x01060fc6
                                    0x01060fd1
                                    0x01060fe3
                                    0x01060fd3
                                    0x01060fdc
                                    0x01060fdc
                                    0x01060feb
                                    0x01061009
                                    0x01061009
                                    0x01061015
                                    0x01061027
                                    0x01061017
                                    0x01061020
                                    0x01061020
                                    0x0106102f
                                    0x0106103c
                                    0x0106103c
                                    0x01061048
                                    0x01061050
                                    0x01061050
                                    0x01061055
                                    0x00000000
                                    0x01061055
                                    0x01060f88
                                    0x01060f9e
                                    0x01060fa2
                                    0x01060fa9
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x01060fa9
                                    0x00000000

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: `
                                    • API String ID: 0-2679148245
                                    • Opcode ID: 6ae1f72881709664fa22dc85db63ac891499697a2fc2dba967a537e69ec86860
                                    • Instruction ID: 6ec925c0778fc8241a50d0e80a2fc6c4b6624617f0d2a094894d6002bfb4f8f0
                                    • Opcode Fuzzy Hash: 6ae1f72881709664fa22dc85db63ac891499697a2fc2dba967a537e69ec86860
                                    • Instruction Fuzzy Hash: 2151AC703083429BE764DF28D984B5BBBE9EBC4704F04496DFAC687691D671E805CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FCF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 76%
                                    			E00FCF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E00FB4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E00FD9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E00FD9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E00FD95D0();
							goto L11;
						} else {
							_t18 = _t82 + 0x18; // 0xb32bf81a
							_t109 = L00FB4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								_t29 =  &(_t103[2]); // 0x2000b32b
								E00FDF3E0(_t21,  *_t29,  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t34 =  &(_t103[2]); // 0x2000b32b
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)( *_t34 + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E00FD95D0();
										L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                    0x00fcf0d3
                                    0x00fcf0d9
                                    0x00fcf0e0
                                    0x00fcf0e7
                                    0x00fcf0f2
                                    0x00fcf0f4
                                    0x00fcf0f8
                                    0x00fcf100
                                    0x00fcf108
                                    0x00fcf10d
                                    0x00fcf115
                                    0x00fcf116
                                    0x00fcf11f
                                    0x00fcf123
                                    0x00fcf124
                                    0x00fcf12c
                                    0x00fcf130
                                    0x00fcf134
                                    0x00fcf13d
                                    0x00fcf144
                                    0x00fcf14b
                                    0x00fcf152
                                    0x0100bab0
                                    0x0100bab0
                                    0x00fcf158
                                    0x00fcf158
                                    0x00fcf15a
                                    0x00fcf160
                                    0x00fcf165
                                    0x00fcf166
                                    0x00fcf16f
                                    0x00fcf173
                                    0x0100baa7
                                    0x0100baa7
                                    0x0100baab
                                    0x00000000
                                    0x00fcf179
                                    0x00fcf179
                                    0x00fcf18d
                                    0x00fcf191
                                    0x0100baa2
                                    0x00000000
                                    0x00fcf197
                                    0x00fcf19b
                                    0x00fcf1a2
                                    0x00fcf1a9
                                    0x00fcf1af
                                    0x00fcf1b2
                                    0x00fcf1b6
                                    0x00fcf1b9
                                    0x00fcf1c0
                                    0x00fcf1c4
                                    0x00fcf1d8
                                    0x00fcf1df
                                    0x00fcf1e3
                                    0x00fcf1e6
                                    0x00fcf1eb
                                    0x00fcf1ee
                                    0x00fcf1f4
                                    0x00fcf20f
                                    0x0100bab7
                                    0x0100babb
                                    0x0100bacc
                                    0x0100bad1
                                    0x00fcf215
                                    0x00fcf218
                                    0x00fcf226
                                    0x00fcf22b
                                    0x00000000
                                    0x00fcf22b
                                    0x00fcf1f6
                                    0x00fcf1f6
                                    0x00fcf1f9
                                    0x00fcf1fb
                                    0x00fcf1fb
                                    0x00fcf1f4
                                    0x00fcf191
                                    0x00fcf173
                                    0x00fcf152
                                    0x00fcf203

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @
                                    • API String ID: 0-2766056989
                                    • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                    • Instruction ID: dfdc045b2e40599007c9f53ed3a33e9ea1907410fb745860f808448a9e9b71f8
                                    • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                    • Instruction Fuzzy Hash: 54518871504711ABC321DF29C841B6BBBF9BF88710F108A2EFA9587291E7B4E944DB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01013540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 75%
                                    			E01013540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x108d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E00FD0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01013706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E00FDFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01013540;
						E00FDFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E00FEDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01020C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E00FD97C0();
					}
					return E00FDB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01013971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01013884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E00FDFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E00FD9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01013787(_a4,  &_v352, _t80);
						}
					}
					L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E00FD95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                    0x01013552
                                    0x0101355a
                                    0x0101355d
                                    0x01013566
                                    0x01013567
                                    0x0101357e
                                    0x0101358f
                                    0x010135a1
                                    0x010135a5
                                    0x0101366b
                                    0x0101366b
                                    0x0101366d
                                    0x01013672
                                    0x01013679
                                    0x01013685
                                    0x0101368d
                                    0x0101369d
                                    0x010136a7
                                    0x010136b8
                                    0x010136c6
                                    0x010136c7
                                    0x010136dc
                                    0x010136e1
                                    0x010136e7
                                    0x010136e9
                                    0x010136e9
                                    0x01013703
                                    0x01013703
                                    0x010135b5
                                    0x010135c0
                                    0x010135c4
                                    0x00000000
                                    0x00000000
                                    0x010135ca
                                    0x010135d7
                                    0x010135e2
                                    0x010135e6
                                    0x010135e8
                                    0x010135f5
                                    0x010135fa
                                    0x01013603
                                    0x01013604
                                    0x01013609
                                    0x0101360a
                                    0x01013612
                                    0x01013613
                                    0x0101361e
                                    0x01013622
                                    0x01013628
                                    0x0101362f
                                    0x0101362f
                                    0x01013636
                                    0x01013638
                                    0x0101363b
                                    0x01013642
                                    0x01013642
                                    0x01013636
                                    0x01013657
                                    0x01013657
                                    0x0101365c
                                    0x01013662
                                    0x01013669
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: BinaryHash
                                    • API String ID: 0-2202222882
                                    • Opcode ID: 53cc4458560d91113fe79bb21d845b2b46663330fd7ba97f5b138f1f0871fb1e
                                    • Instruction ID: ad2df603377883eb5ab5a37cdb49893fc2addc3276a9d07e2988941caf388168
                                    • Opcode Fuzzy Hash: 53cc4458560d91113fe79bb21d845b2b46663330fd7ba97f5b138f1f0871fb1e
                                    • Instruction Fuzzy Hash: 3F4175F1D0052D9BDB21DB50CC81FDEB77DAB44724F0085E5EA49AB241DB359E888F94
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 010605AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 71%
                                    			E010605AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E010607DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E00FD9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0105A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0105A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01061293(_t79, _v40, E010607DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E00FB7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0105138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                    0x010605c5
                                    0x010605ca
                                    0x010605d3
                                    0x010606db
                                    0x010606db
                                    0x010606dd
                                    0x010606e3
                                    0x010606e3
                                    0x010605dd
                                    0x010605e7
                                    0x010605f6
                                    0x01060600
                                    0x01060607
                                    0x01060610
                                    0x01060615
                                    0x0106061a
                                    0x0106061c
                                    0x0106061e
                                    0x01060624
                                    0x01060625
                                    0x01060627
                                    0x01060628
                                    0x01060631
                                    0x01060640
                                    0x0106064d
                                    0x01060654
                                    0x01060654
                                    0x01060631
                                    0x0106066d
                                    0x01060674
                                    0x00000000
                                    0x00000000
                                    0x01060692
                                    0x0106069e
                                    0x010606b0
                                    0x010606a0
                                    0x010606a9
                                    0x010606a9
                                    0x010606b8
                                    0x010606d6
                                    0x010606d6
                                    0x00000000

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: `
                                    • API String ID: 0-2679148245
                                    • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                    • Instruction ID: 7ce2f365b0332cc8659d366d6351fa6349c2204e6ca2cda8dc7a0cc3ffe49245
                                    • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                    • Instruction Fuzzy Hash: 4131F032744306ABE710DE28CC45F9B7BDDAF88754F144229BA989B2C4D770ED04CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01013884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 72%
                                    			E01013884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E00FD9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L00FB4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E00FD9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                    0x01013893
                                    0x01013896
                                    0x01013899
                                    0x0101389f
                                    0x010138a0
                                    0x010138a4
                                    0x010138a9
                                    0x010138ac
                                    0x010138ad
                                    0x010138ae
                                    0x010138af
                                    0x010138b1
                                    0x010138b4
                                    0x010138bb
                                    0x010138bc
                                    0x010138bd
                                    0x010138c4
                                    0x010138c8
                                    0x010138ca
                                    0x010138ca
                                    0x010138d5
                                    0x0101393e
                                    0x01013940
                                    0x01013942
                                    0x01013952
                                    0x01013954
                                    0x01013961
                                    0x01013961
                                    0x01013967
                                    0x0101396e
                                    0x0101396e
                                    0x01013947
                                    0x0101394c
                                    0x00000000
                                    0x0101394c
                                    0x010138ea
                                    0x010138ee
                                    0x010138f8
                                    0x010138f9
                                    0x010138ff
                                    0x01013900
                                    0x01013902
                                    0x01013903
                                    0x0101390b
                                    0x0101390f
                                    0x01013950
                                    0x00000000
                                    0x01013950
                                    0x01013915
                                    0x0101391d
                                    0x0101391d
                                    0x01013922
                                    0x01013926
                                    0x00000000
                                    0x01013928
                                    0x0101392b
                                    0x0101392b
                                    0x01013935
                                    0x01013937
                                    0x01013937
                                    0x00000000
                                    0x01013935
                                    0x01013926
                                    0x010138f0
                                    0x00000000

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: BinaryName
                                    • API String ID: 0-215506332
                                    • Opcode ID: 8b8e6499833daae26d867114aaea0e4c570ea6e237cd67512e9bcbc1c5db80d0
                                    • Instruction ID: 23f62c45db24af8b5881df30d9fee2d55f1be575688183f3357da5f5212c5ec5
                                    • Opcode Fuzzy Hash: 8b8e6499833daae26d867114aaea0e4c570ea6e237cd67512e9bcbc1c5db80d0
                                    • Instruction Fuzzy Hash: BC310572D00609AFDB16DB58C946DAFBBB6FB80B30F014169E984AB245D7359E00C7E0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FCD294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 33%
                                    			E00FCD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x108d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E00FB4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E00FDB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E00FD98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E00FD95D0();
					L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                    0x00fcd29c
                                    0x00fcd2a6
                                    0x00fcd2b1
                                    0x00fcd2b5
                                    0x00fcd2b6
                                    0x00fcd2bc
                                    0x00fcd2bd
                                    0x00fcd2be
                                    0x00fcd2bf
                                    0x00fcd2c2
                                    0x00fcd2c4
                                    0x00fcd2cc
                                    0x00fcd384
                                    0x00fcd34b
                                    0x00fcd34f
                                    0x00fcd350
                                    0x00fcd351
                                    0x00fcd35c
                                    0x00fcd35c
                                    0x00fcd2d6
                                    0x00fcd2da
                                    0x00fcd2e1
                                    0x00fcd361
                                    0x00fcd369
                                    0x00fcd36d
                                    0x00fcd2e3
                                    0x00fcd2e3
                                    0x00fcd2e3
                                    0x00fcd2e5
                                    0x00fcd2ed
                                    0x00fcd2f5
                                    0x00fcd2fa
                                    0x00fcd302
                                    0x00fcd303
                                    0x00fcd30b
                                    0x00fcd30f
                                    0x00fcd313
                                    0x00fcd318
                                    0x00fcd31c
                                    0x00fcd320
                                    0x00fcd379
                                    0x00fcd37d
                                    0x00000000
                                    0x00000000
                                    0x0100affe
                                    0x0100b001
                                    0x0100b011
                                    0x00000000
                                    0x00fcd322
                                    0x00fcd322
                                    0x00fcd330
                                    0x00fcd337
                                    0x00fcd35d
                                    0x00fcd339
                                    0x00fcd33f
                                    0x00fcd38c
                                    0x00fcd38c
                                    0x00fcd33f
                                    0x00fcd349
                                    0x00000000
                                    0x00fcd349

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @
                                    • API String ID: 0-2766056989
                                    • Opcode ID: 33c2c24ea1247040f8505279d9899b3ea11c85a334885b7c5fc8d35aed309584
                                    • Instruction ID: ceee0bfb3f06f0a219acf7a654b7c203fa4b075e8396c6203338ebd22a82d001
                                    • Opcode Fuzzy Hash: 33c2c24ea1247040f8505279d9899b3ea11c85a334885b7c5fc8d35aed309584
                                    • Instruction Fuzzy Hash: 4C3161725083869FC311DF28CA82E6FBBE8EB85754F14092EF99483251D635DD04EB93
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FA1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 72%
                                    			E00FA1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E00FDBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E00FDA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E00FDA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L00FB4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                    0x00fa1b8f
                                    0x00fa1b9a
                                    0x00fa1b9c
                                    0x00fa1b9e
                                    0x00fa1ba3
                                    0x00ff7010
                                    0x00ff7010
                                    0x00000000
                                    0x00fa1ba9
                                    0x00fa1ba9
                                    0x00fa1bae
                                    0x00000000
                                    0x00fa1bc5
                                    0x00fa1bca
                                    0x00fa1bcf
                                    0x00fa1bd0
                                    0x00fa1bd1
                                    0x00fa1bd2
                                    0x00fa1bd6
                                    0x00fa1bdc
                                    0x00fa1be0
                                    0x00ff6ffc
                                    0x00ff7000
                                    0x00000000
                                    0x00ff7006
                                    0x00ff7009
                                    0x00ff7009
                                    0x00fa1be6
                                    0x00fa1bec
                                    0x00fa1c0b
                                    0x00fa1c0b
                                    0x00fa1c0c
                                    0x00fa1c11
                                    0x00fa1c12
                                    0x00fa1c15
                                    0x00fa1c1b
                                    0x00fa1c1f
                                    0x00fa1c31
                                    0x00fa1c33
                                    0x00ff7026
                                    0x00ff7026
                                    0x00fa1c21
                                    0x00fa1c24
                                    0x00fa1c24
                                    0x00fa1bee
                                    0x00fa1bee
                                    0x00fa1bf2
                                    0x00fa1c3a
                                    0x00fa1bf4
                                    0x00fa1bf4
                                    0x00fa1c05
                                    0x00fa1c05
                                    0x00fa1c09
                                    0x00fa1c3e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fa1c09
                                    0x00fa1bec
                                    0x00fa1be0
                                    0x00fa1bae
                                    0x00fa1c2e

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: WindowsExcludedProcs
                                    • API String ID: 0-3583428290
                                    • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                    • Instruction ID: 9c106d3805f0a02a84f0f2d078a5c30a4fa556aacaaba3e0a6f6acf509e40c59
                                    • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                    • Instruction Fuzzy Hash: 0F2198B7941228ABDB21AA55C940FABB76DBF92770F164426F9049B210DB34DD00F7A1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FBF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FBF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                    0x00fbf71d
                                    0x00fbf722
                                    0x00fbf726
                                    0x01004770
                                    0x00fbf765
                                    0x00fbf769
                                    0x00fbf769
                                    0x00fbf732
                                    0x0100477a
                                    0x00000000
                                    0x0100477a
                                    0x00fbf738
                                    0x00fbf73a
                                    0x00fbf73c
                                    0x00fbf73f
                                    0x00fbf746
                                    0x00fbf778
                                    0x00fbf7a9
                                    0x00fbf7a9
                                    0x00fbf754
                                    0x00fbf75a
                                    0x00fbf75d
                                    0x00fbf75f
                                    0x00fbf761
                                    0x00fbf76f
                                    0x00fbf771
                                    0x00fbf771
                                    0x00fbf76f
                                    0x00fbf763
                                    0x00000000
                                    0x00fbf763
                                    0x00fbf77d
                                    0x00fbf7a3
                                    0x00fbf7a5
                                    0x00000000
                                    0x00fbf7a5
                                    0x00fbf77f
                                    0x00fbf782
                                    0x00fbf784
                                    0x00fbf786
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fbf788
                                    0x00fbf748
                                    0x00fbf74d
                                    0x00fbf78d
                                    0x00fbf793
                                    0x00fbf7b7
                                    0x00fbf7bc
                                    0x00000000
                                    0x00fbf7bc
                                    0x00fbf798
                                    0x00000000
                                    0x00000000
                                    0x00fbf79d
                                    0x00fbf7b0
                                    0x00000000
                                    0x00fbf7b0
                                    0x00fbf79f
                                    0x00000000
                                    0x00fbf74f
                                    0x00fbf74f
                                    0x00000000
                                    0x00fbf74f

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Actx
                                    • API String ID: 0-89312691
                                    • Opcode ID: 3d20f687e97f73ddbca9de30121b2a276c01d27bf97648d7d16c5733ce35b17c
                                    • Instruction ID: e8443b5ae410f5230f19b5194bf3c2bd79f094547c578083de6cba60a599fbf1
                                    • Opcode Fuzzy Hash: 3d20f687e97f73ddbca9de30121b2a276c01d27bf97648d7d16c5733ce35b17c
                                    • Instruction Fuzzy Hash: A0119336B046029BEB244E1F8C907B67295EB95734F3445BAE865CB391DE70CC48BF40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01048DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 71%
                                    			E01048DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1070d50);
				E00FED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01025720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = E00FEDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				E00FEDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E00FED130(_t34, _t39, _t40);
			}





                                    0x01048df1
                                    0x01048df1
                                    0x01048df1
                                    0x01048df1
                                    0x01048df1
                                    0x01048df1
                                    0x01048df3
                                    0x01048df8
                                    0x01048dfd
                                    0x01048e00
                                    0x01048e0e
                                    0x01048e2a
                                    0x01048e36
                                    0x01048e38
                                    0x01048e3c
                                    0x01048e46
                                    0x01048e46
                                    0x01048e36
                                    0x01048e50
                                    0x01048e56
                                    0x01048e59
                                    0x01048e5c
                                    0x01048e60
                                    0x01048e67
                                    0x01048e6d
                                    0x01048e73
                                    0x01048e74
                                    0x01048eb1
                                    0x01048ebd

                                    Strings
                                    • Critical error detected %lx, xrefs: 01048E21
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Critical error detected %lx
                                    • API String ID: 0-802127002
                                    • Opcode ID: 345dbbf6cbe3865d8e83d9740ef5d8c4edf44f61a5bf06371e7bb365b18224bc
                                    • Instruction ID: 4ed9d1297ca3c5c68bdc74b46e4d598cd34a11263c32c008ac0470fd232bf48b
                                    • Opcode Fuzzy Hash: 345dbbf6cbe3865d8e83d9740ef5d8c4edf44f61a5bf06371e7bb365b18224bc
                                    • Instruction Fuzzy Hash: BA11A1B1D00348DBDF24DFAA89457DCBBB0BB04710F20866EE558AB282C3344601DF14
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01065BA5 Relevance: .6, Instructions: 592COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 88%
                                    			E01065BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1071178);
				E00FED0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01064C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E00FDD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01065542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x10860e8;
								if( *0x10860e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x10860e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E00FD9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E00FD6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E00FDF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E00FDF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E00FDF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E00FDFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E00FDFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E00FDF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E00FDF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01064CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E00FED130(_t427, _t494, _t511);
				}
			}










































































                                    0x01065ba5
                                    0x01065baa
                                    0x01065baf
                                    0x01065bb4
                                    0x01065bb6
                                    0x01065bbc
                                    0x01065bbe
                                    0x01065bc4
                                    0x01065bcd
                                    0x01065bd3
                                    0x01065bd6
                                    0x01065bdc
                                    0x01065be0
                                    0x01065be3
                                    0x01065beb
                                    0x01065bf2
                                    0x01065bf8
                                    0x01065bfe
                                    0x01065c04
                                    0x01065c0e
                                    0x01065c18
                                    0x01065c1f
                                    0x01065c25
                                    0x01065c2a
                                    0x01065c2c
                                    0x01065c32
                                    0x01065c3a
                                    0x01065c3f
                                    0x01065c42
                                    0x01065c48
                                    0x01065c5b
                                    0x01065c5b
                                    0x01065c2c
                                    0x01065cb7
                                    0x01065cb9
                                    0x01065cbf
                                    0x01065cc2
                                    0x01065cca
                                    0x01065ccb
                                    0x01065ccb
                                    0x01065cd1
                                    0x01065cd7
                                    0x01065cda
                                    0x01065ce1
                                    0x01065ce4
                                    0x01065ce7
                                    0x01065ced
                                    0x01065cf3
                                    0x01065cf9
                                    0x01065cff
                                    0x01065d08
                                    0x01065d0a
                                    0x01065d0e
                                    0x01065d10
                                    0x00000000
                                    0x00000000
                                    0x01065d16
                                    0x01065d1a
                                    0x00000000
                                    0x00000000
                                    0x01065d20
                                    0x01065d22
                                    0x01065d25
                                    0x01065d2f
                                    0x01065d2f
                                    0x01065d33
                                    0x01065d3d
                                    0x01065d49
                                    0x01065d4b
                                    0x00000000
                                    0x00000000
                                    0x01065d5a
                                    0x01065d5d
                                    0x01065d60
                                    0x00000000
                                    0x00000000
                                    0x01065d66
                                    0x01065d69
                                    0x00000000
                                    0x00000000
                                    0x01065d6f
                                    0x01065d6f
                                    0x01065d73
                                    0x01065d79
                                    0x01065d7f
                                    0x01065d86
                                    0x01065d95
                                    0x01065d98
                                    0x01065dba
                                    0x01065dcb
                                    0x01065dce
                                    0x01065dd3
                                    0x01065dd6
                                    0x01065dd8
                                    0x01065de6
                                    0x01065dec
                                    0x01065dee
                                    0x01065df1
                                    0x01065df3
                                    0x0106635a
                                    0x0106635a
                                    0x00000000
                                    0x0106635a
                                    0x01065dfe
                                    0x01065e02
                                    0x01065e05
                                    0x01065e07
                                    0x01065e10
                                    0x01065e13
                                    0x01065e1b
                                    0x01065e1c
                                    0x01065e21
                                    0x01065e22
                                    0x01065e23
                                    0x01065e25
                                    0x01065e2a
                                    0x01065e2c
                                    0x01065e2e
                                    0x01065e36
                                    0x01065e39
                                    0x01065e42
                                    0x01065e47
                                    0x01065e4d
                                    0x01065e54
                                    0x01065e54
                                    0x01065e54
                                    0x01065e2e
                                    0x01065e5c
                                    0x01065e5f
                                    0x01065e62
                                    0x01065e64
                                    0x01065e6b
                                    0x01065e70
                                    0x01065e7a
                                    0x01065e7a
                                    0x01065e7a
                                    0x01065e6b
                                    0x01065e7e
                                    0x01065e7f
                                    0x01065e7f
                                    0x01065e81
                                    0x01065e87
                                    0x01065e8b
                                    0x01065e8c
                                    0x01065e8c
                                    0x01065e8c
                                    0x01065e9a
                                    0x01065e9c
                                    0x01065ea2
                                    0x01065ea6
                                    0x01065f50
                                    0x01065f50
                                    0x01065f57
                                    0x01065f66
                                    0x01065f66
                                    0x01065f66
                                    0x01065f68
                                    0x01065f6a
                                    0x010663d0
                                    0x00000000
                                    0x01065f70
                                    0x01065f70
                                    0x01065f91
                                    0x01065f9c
                                    0x01065f9e
                                    0x01065fa4
                                    0x01065fa6
                                    0x0106638c
                                    0x01066392
                                    0x010663a1
                                    0x010663a7
                                    0x010663af
                                    0x010663af
                                    0x010663bd
                                    0x010663d8
                                    0x00000000
                                    0x010663d8
                                    0x01065fac
                                    0x01065fb2
                                    0x01065fb4
                                    0x01065fbd
                                    0x01065fc6
                                    0x01065fce
                                    0x01065fd4
                                    0x01065fdc
                                    0x01065fec
                                    0x01065fed
                                    0x01065fee
                                    0x01065fef
                                    0x01065ff9
                                    0x01065ffa
                                    0x01065ffb
                                    0x01065ffc
                                    0x01066000
                                    0x01066004
                                    0x01066012
                                    0x01066012
                                    0x01066018
                                    0x01066019
                                    0x0106601a
                                    0x0106601b
                                    0x0106601c
                                    0x01066020
                                    0x01066059
                                    0x0106605c
                                    0x01066061
                                    0x01066061
                                    0x01066022
                                    0x01066022
                                    0x01066022
                                    0x01066025
                                    0x0106602a
                                    0x0106602b
                                    0x01066031
                                    0x01066037
                                    0x01066038
                                    0x0106603e
                                    0x01066048
                                    0x01066049
                                    0x0106604a
                                    0x0106604b
                                    0x0106604c
                                    0x0106604d
                                    0x01066053
                                    0x01066054
                                    0x01066054
                                    0x01066062
                                    0x01066065
                                    0x01066067
                                    0x0106606a
                                    0x01066070
                                    0x01066075
                                    0x01066076
                                    0x01066081
                                    0x01066087
                                    0x01066095
                                    0x01066099
                                    0x0106609e
                                    0x010660a4
                                    0x010660ae
                                    0x010660b0
                                    0x010660b3
                                    0x010660b6
                                    0x010660b8
                                    0x010660ba
                                    0x010660ba
                                    0x010660ba
                                    0x010660ba
                                    0x010660be
                                    0x010660c0
                                    0x010660c5
                                    0x010660c5
                                    0x010660c5
                                    0x010660c6
                                    0x010660cd
                                    0x01066114
                                    0x010660cf
                                    0x010660cf
                                    0x010660d4
                                    0x010660d5
                                    0x010660da
                                    0x010660db
                                    0x010660e1
                                    0x010660e2
                                    0x010660e8
                                    0x010660f8
                                    0x010660fd
                                    0x010660fe
                                    0x01066102
                                    0x01066104
                                    0x01066107
                                    0x01066109
                                    0x0106610b
                                    0x0106610b
                                    0x0106610b
                                    0x0106610b
                                    0x0106610f
                                    0x0106610f
                                    0x01066117
                                    0x0106611a
                                    0x0106611f
                                    0x01066125
                                    0x01066134
                                    0x01066139
                                    0x0106613f
                                    0x01066146
                                    0x01066148
                                    0x0106614b
                                    0x0106614d
                                    0x0106614f
                                    0x0106614f
                                    0x0106614f
                                    0x0106614f
                                    0x01066153
                                    0x01066159
                                    0x01066159
                                    0x0106615c
                                    0x01066163
                                    0x01066169
                                    0x0106616c
                                    0x01066172
                                    0x01066181
                                    0x01066186
                                    0x01066187
                                    0x0106618b
                                    0x01066191
                                    0x01066195
                                    0x010661a3
                                    0x010661bb
                                    0x010661c0
                                    0x010661c3
                                    0x010661cc
                                    0x010661d0
                                    0x010661dc
                                    0x010661de
                                    0x010661e1
                                    0x010661e4
                                    0x010661e6
                                    0x010661e8
                                    0x010661e8
                                    0x010661e8
                                    0x010661e8
                                    0x010661e6
                                    0x010661ec
                                    0x010661f3
                                    0x01066203
                                    0x01066209
                                    0x0106620a
                                    0x01066216
                                    0x0106621d
                                    0x01066227
                                    0x01066241
                                    0x01066246
                                    0x0106624c
                                    0x01066257
                                    0x01066259
                                    0x0106625c
                                    0x0106625e
                                    0x01066260
                                    0x01066260
                                    0x01066260
                                    0x01066260
                                    0x0106625e
                                    0x01066264
                                    0x01066267
                                    0x01066269
                                    0x01066315
                                    0x01066315
                                    0x0106631b
                                    0x0106631e
                                    0x01066324
                                    0x01066327
                                    0x0106632f
                                    0x01066330
                                    0x01066333
                                    0x0106633a
                                    0x0106633c
                                    0x01066335
                                    0x01066335
                                    0x01066335
                                    0x0106633f
                                    0x01066342
                                    0x0106634c
                                    0x01066352
                                    0x01066355
                                    0x01066355
                                    0x01066359
                                    0x00000000
                                    0x0106626f
                                    0x01066275
                                    0x01066275
                                    0x01066278
                                    0x0106627e
                                    0x0106627e
                                    0x01066281
                                    0x01066287
                                    0x0106628d
                                    0x01066298
                                    0x0106629c
                                    0x010662a2
                                    0x0106629e
                                    0x0106629e
                                    0x0106629e
                                    0x010662a7
                                    0x010662a7
                                    0x010662aa
                                    0x010662b0
                                    0x010662f0
                                    0x010662f0
                                    0x010662f2
                                    0x010662f8
                                    0x010662fd
                                    0x010662b2
                                    0x010662b2
                                    0x010662b2
                                    0x010662b5
                                    0x010662dd
                                    0x010662e2
                                    0x010662e5
                                    0x010662b7
                                    0x010662b8
                                    0x010662bb
                                    0x010662bd
                                    0x010662c0
                                    0x010662c4
                                    0x010662cd
                                    0x010662cd
                                    0x010662c0
                                    0x010662bb
                                    0x010662b5
                                    0x01066302
                                    0x01066303
                                    0x01066305
                                    0x01066305
                                    0x01066305
                                    0x0106630c
                                    0x0106630c
                                    0x00000000
                                    0x0106627e
                                    0x01066269
                                    0x01065eac
                                    0x01065ebb
                                    0x01065ebe
                                    0x01065ecb
                                    0x01065ecb
                                    0x01065ece
                                    0x01065ece
                                    0x01065ed4
                                    0x01065ed7
                                    0x01065ed9
                                    0x01065edb
                                    0x01065edb
                                    0x01065ee1
                                    0x01065ee1
                                    0x01065ee3
                                    0x01065f20
                                    0x01065f20
                                    0x01065ee5
                                    0x01065ee5
                                    0x01065ee5
                                    0x01065ee8
                                    0x01065f11
                                    0x01065f18
                                    0x01065eea
                                    0x01065eea
                                    0x01065eed
                                    0x01065ef2
                                    0x01065ef8
                                    0x01065efb
                                    0x01065f0a
                                    0x01065f0a
                                    0x01065eed
                                    0x01065ee8
                                    0x01065f22
                                    0x01065f28
                                    0x00000000
                                    0x00000000
                                    0x01065f30
                                    0x01065f31
                                    0x01065f37
                                    0x01065f3a
                                    0x01065f3d
                                    0x01065f44
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x01065f46
                                    0x01065f48
                                    0x01065f4d
                                    0x00000000
                                    0x01065f4d
                                    0x01065dda
                                    0x01065ddf
                                    0x00000000
                                    0x01065ddf
                                    0x01065dd8
                                    0x01065da7
                                    0x01065da9
                                    0x01065dac
                                    0x01065dae
                                    0x00000000
                                    0x01065db4
                                    0x01065db4
                                    0x00000000
                                    0x01065db4
                                    0x01065dae
                                    0x01065d88
                                    0x01065d8d
                                    0x01066363
                                    0x01066369
                                    0x0106636a
                                    0x01066370
                                    0x01066372
                                    0x0106637a
                                    0x0106637b
                                    0x0106637d
                                    0x00000000
                                    0x00000000
                                    0x0106637f
                                    0x01066385
                                    0x00000000
                                    0x01066385
                                    0x01065d38
                                    0x01065d3b
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x01065d3b
                                    0x01065d27
                                    0x01065d29
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x01066360
                                    0x00000000
                                    0x01066360
                                    0x01065c10
                                    0x01065c10
                                    0x010663da
                                    0x010663e5
                                    0x010663e5

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c6ff218fa086288bb2cf8d8c19ef85f2a095091b71b2d1bdf50615818e66c28b
                                    • Instruction ID: 61b3bc6e09561c65f7f8186cab60b830c91378d69a273c41bce8c7d4ad64f647
                                    • Opcode Fuzzy Hash: c6ff218fa086288bb2cf8d8c19ef85f2a095091b71b2d1bdf50615818e66c28b
                                    • Instruction Fuzzy Hash: 22424871900229CFDB64CF68C881BA9BBF5BF49304F1581EAD98DAB242D7359985CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FB4120 Relevance: .4, Instructions: 444COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 92%
                                    			E00FB4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x108d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E00FCF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E00FB6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L00FB4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E00FB6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M00FB45F8))) {
												case 0:
													_v568 = 0xf71078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0xf711c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L00FB4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E00FDF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E00FDF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E00F952A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E00FAEB70(1, 0x10879a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E00FAAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E00FD95D0();
																			L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E00FDB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E00FD3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E00FDB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                    0x00fb4128
                                    0x00fb4135
                                    0x00fb413c
                                    0x00fb4141
                                    0x00fb4145
                                    0x00fb4147
                                    0x00fb414e
                                    0x00fb4151
                                    0x00fb4159
                                    0x00fb415c
                                    0x00fb4160
                                    0x00fb4164
                                    0x00fb4168
                                    0x00fb416c
                                    0x00fb417f
                                    0x00fb4181
                                    0x00fb446a
                                    0x00fb446a
                                    0x00fb418c
                                    0x00fb4195
                                    0x00fb4199
                                    0x00fb4432
                                    0x00fb4439
                                    0x00fb443d
                                    0x00fb4442
                                    0x00fb4447
                                    0x00000000
                                    0x00fb419f
                                    0x00fb41a3
                                    0x00fb41b1
                                    0x00fb41b9
                                    0x00fb41bd
                                    0x00fb45db
                                    0x00fb45db
                                    0x00000000
                                    0x00fb41c3
                                    0x00fb41c3
                                    0x00fb41ce
                                    0x00fb41d4
                                    0x00ffe138
                                    0x00ffe13e
                                    0x00ffe169
                                    0x00ffe16d
                                    0x00ffe19e
                                    0x00ffe16f
                                    0x00ffe16f
                                    0x00ffe175
                                    0x00ffe179
                                    0x00ffe18f
                                    0x00ffe193
                                    0x00000000
                                    0x00ffe199
                                    0x00000000
                                    0x00ffe199
                                    0x00ffe193
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fb41da
                                    0x00fb41da
                                    0x00fb41df
                                    0x00fb41e4
                                    0x00fb41ec
                                    0x00fb4203
                                    0x00fb4207
                                    0x00ffe1fd
                                    0x00fb4222
                                    0x00fb4226
                                    0x00ffe1f3
                                    0x00ffe1f3
                                    0x00fb422c
                                    0x00fb422c
                                    0x00fb4233
                                    0x00ffe1ed
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fb4239
                                    0x00fb4239
                                    0x00fb4239
                                    0x00fb4239
                                    0x00fb4233
                                    0x00fb4226
                                    0x00fb41ee
                                    0x00fb41ee
                                    0x00fb41f4
                                    0x00fb4575
                                    0x00ffe1b1
                                    0x00ffe1b1
                                    0x00000000
                                    0x00fb457b
                                    0x00fb457b
                                    0x00fb4582
                                    0x00ffe1ab
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fb4588
                                    0x00fb4588
                                    0x00fb458c
                                    0x00ffe1c4
                                    0x00ffe1c4
                                    0x00000000
                                    0x00fb4592
                                    0x00fb4592
                                    0x00fb4599
                                    0x00ffe1be
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fb459f
                                    0x00fb459f
                                    0x00fb45a3
                                    0x00ffe1d7
                                    0x00ffe1e4
                                    0x00000000
                                    0x00fb45a9
                                    0x00fb45a9
                                    0x00fb45b0
                                    0x00ffe1d1
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fb45b6
                                    0x00fb45b6
                                    0x00fb45b6
                                    0x00000000
                                    0x00fb45b6
                                    0x00fb45b0
                                    0x00fb45a3
                                    0x00fb4599
                                    0x00fb458c
                                    0x00fb4582
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fb41f4
                                    0x00fb423e
                                    0x00fb4241
                                    0x00fb45c0
                                    0x00fb45c4
                                    0x00000000
                                    0x00fb45ca
                                    0x00fb45ca
                                    0x00000000
                                    0x00ffe207
                                    0x00ffe20f
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fb45d1
                                    0x00000000
                                    0x00000000
                                    0x00fb45ca
                                    0x00000000
                                    0x00fb4247
                                    0x00fb4247
                                    0x00fb4247
                                    0x00fb4249
                                    0x00fb4249
                                    0x00fb4249
                                    0x00fb4251
                                    0x00fb4251
                                    0x00fb4257
                                    0x00fb425f
                                    0x00fb426e
                                    0x00fb4270
                                    0x00fb427a
                                    0x00ffe219
                                    0x00ffe219
                                    0x00fb4280
                                    0x00fb4282
                                    0x00fb4456
                                    0x00fb45ea
                                    0x00000000
                                    0x00fb45f0
                                    0x00ffe223
                                    0x00000000
                                    0x00ffe223
                                    0x00fb445c
                                    0x00fb445c
                                    0x00000000
                                    0x00fb445c
                                    0x00000000
                                    0x00fb4288
                                    0x00fb428c
                                    0x00ffe298
                                    0x00fb4292
                                    0x00fb4292
                                    0x00fb429e
                                    0x00fb42a3
                                    0x00fb42a7
                                    0x00fb42ac
                                    0x00ffe22d
                                    0x00fb42b2
                                    0x00fb42b2
                                    0x00fb42b9
                                    0x00fb42bc
                                    0x00fb42c2
                                    0x00fb42ca
                                    0x00fb42cd
                                    0x00fb42cd
                                    0x00fb42d4
                                    0x00fb433f
                                    0x00fb433f
                                    0x00fb42d6
                                    0x00fb42d6
                                    0x00fb42d9
                                    0x00fb42dd
                                    0x00fb42eb
                                    0x00ffe23a
                                    0x00fb42f1
                                    0x00fb4305
                                    0x00fb430d
                                    0x00fb4315
                                    0x00fb4318
                                    0x00fb431f
                                    0x00fb4322
                                    0x00fb432e
                                    0x00fb433b
                                    0x00fb433b
                                    0x00000000
                                    0x00fb432e
                                    0x00fb42eb
                                    0x00fb434c
                                    0x00fb434e
                                    0x00fb4352
                                    0x00fb4359
                                    0x00fb435e
                                    0x00fb4361
                                    0x00fb436e
                                    0x00fb438a
                                    0x00fb438e
                                    0x00fb4396
                                    0x00fb439e
                                    0x00fb43a1
                                    0x00fb43ad
                                    0x00fb43bb
                                    0x00fb43bb
                                    0x00fb43ad
                                    0x00fb436e
                                    0x00fb43bf
                                    0x00fb43c5
                                    0x00fb4463
                                    0x00fb4463
                                    0x00fb43ce
                                    0x00fb43d5
                                    0x00fb43d9
                                    0x00fb43df
                                    0x00fb4475
                                    0x00fb4479
                                    0x00fb4491
                                    0x00fb4491
                                    0x00fb4479
                                    0x00fb43e5
                                    0x00fb43eb
                                    0x00fb43f4
                                    0x00fb43f6
                                    0x00fb43f9
                                    0x00fb43fc
                                    0x00fb43ff
                                    0x00fb44e8
                                    0x00fb44ed
                                    0x00fb44f3
                                    0x00ffe247
                                    0x00000000
                                    0x00fb44f9
                                    0x00fb4504
                                    0x00fb4508
                                    0x00fb450f
                                    0x00ffe269
                                    0x00000000
                                    0x00fb4515
                                    0x00fb4519
                                    0x00fb4531
                                    0x00fb4534
                                    0x00fb4537
                                    0x00fb453e
                                    0x00fb4541
                                    0x00fb454a
                                    0x00ffe255
                                    0x00ffe255
                                    0x00ffe25b
                                    0x00ffe25e
                                    0x00ffe261
                                    0x00ffe261
                                    0x00fb4555
                                    0x00fb4559
                                    0x00fb455d
                                    0x00ffe26d
                                    0x00ffe270
                                    0x00ffe274
                                    0x00ffe27a
                                    0x00ffe27d
                                    0x00ffe28e
                                    0x00ffe28e
                                    0x00fb4563
                                    0x00fb4563
                                    0x00fb4569
                                    0x00fb4569
                                    0x00000000
                                    0x00fb455d
                                    0x00fb450f
                                    0x00000000
                                    0x00fb44f3
                                    0x00fb43ff
                                    0x00fb4405
                                    0x00fb4405
                                    0x00fb4405
                                    0x00fb42ac
                                    0x00fb428c
                                    0x00fb4282
                                    0x00fb4407
                                    0x00fb440d
                                    0x00ffe2af
                                    0x00ffe2af
                                    0x00fb4413
                                    0x00fb4413
                                    0x00000000
                                    0x00fb41d4
                                    0x00000000
                                    0x00fb41c3
                                    0x00fb41bd
                                    0x00fb4415
                                    0x00fb4415
                                    0x00fb4416
                                    0x00fb4417
                                    0x00fb4429
                                    0x00fb416e
                                    0x00fb416e
                                    0x00fb4175
                                    0x00fb4498
                                    0x00fb449f
                                    0x00ffe12d
                                    0x00000000
                                    0x00ffe133
                                    0x00000000
                                    0x00ffe133
                                    0x00fb44a5
                                    0x00fb44a5
                                    0x00fb44aa
                                    0x00000000
                                    0x00fb44bb
                                    0x00fb44ca
                                    0x00fb44d6
                                    0x00fb44d7
                                    0x00fb44d8
                                    0x00fb44e3
                                    0x00fb44e3
                                    0x00fb44aa
                                    0x00fb417b
                                    0x00fb417b
                                    0x00fb417b
                                    0x00000000
                                    0x00fb417b
                                    0x00fb4175
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4778a621485f1d1a948458af957fa24fea173739f3a0cf3ea7d7eaba63e60531
                                    • Instruction ID: 759d7d01e7135ac036324dca1821ec9e20103ad66fc2791cd4fa24bd9fbcaf7a
                                    • Opcode Fuzzy Hash: 4778a621485f1d1a948458af957fa24fea173739f3a0cf3ea7d7eaba63e60531
                                    • Instruction Fuzzy Hash: 1CF18071908211CFC724CF1AC580ABAB7E1FF98714F14496EF985CB262E734E895EB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC20A0 Relevance: .4, Instructions: 420COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 92%
                                    			E00FC20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1088714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E00FC2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E00FC2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E00F958EC(_t240);
									_t221 =  *0x1085cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1085cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E00FD4A2C(0x1086e40, 0xfd4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E00FB7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0xf75c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E00FCF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E00FCF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01017016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L00FB2400(_t267 + 0x20);
															}
															L00FB2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E00FC2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E00FB2280(_t134, 0x1088608);
									__eflags =  *0x1086e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E00FAFFB0(_t198, _t241, 0x1088608);
										__eflags = _t253;
										if(_t253 != 0) {
											L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1086e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1088608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E00FC6B90(_t210,  &_v64);
										_t262 =  *0x1088608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E00FCE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E00FD97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E00FD006A(0x1088608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1088608);
												E00FDB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1086904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1086e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E00FAFFB0(_t198, _t240, 0x1088608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E00FD00C2(0x1088608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                    0x00fc20a0
                                    0x00fc20a8
                                    0x00fc20ad
                                    0x00fc20b3
                                    0x00fc20b8
                                    0x00fc20c2
                                    0x00fc20c7
                                    0x00fc20cb
                                    0x00fc20d2
                                    0x00fc2263
                                    0x00fc2266
                                    0x01005836
                                    0x01005836
                                    0x00000000
                                    0x00fc226c
                                    0x00fc226c
                                    0x00fc2270
                                    0x00fc2274
                                    0x00fc20e2
                                    0x00fc20e2
                                    0x00fc20e6
                                    0x00fc20ee
                                    0x010057dc
                                    0x010057de
                                    0x010057ec
                                    0x010057ec
                                    0x010057f1
                                    0x010057f3
                                    0x010057f8
                                    0x00000000
                                    0x010057f8
                                    0x010057e0
                                    0x010057e4
                                    0x010057ea
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x010057ea
                                    0x00fc20f4
                                    0x00fc20f4
                                    0x00fc20f8
                                    0x00fc20f8
                                    0x00fc20fc
                                    0x00fc2100
                                    0x00fc2106
                                    0x00fc2201
                                    0x00fc2206
                                    0x00fc220b
                                    0x00fc220e
                                    0x00fc22a9
                                    0x00fc22ac
                                    0x00000000
                                    0x00000000
                                    0x00fc22b2
                                    0x00fc22b5
                                    0x01005801
                                    0x01005806
                                    0x00000000
                                    0x00000000
                                    0x01005810
                                    0x01005815
                                    0x01005818
                                    0x00000000
                                    0x00000000
                                    0x0100581e
                                    0x00fc22bb
                                    0x00fc22bb
                                    0x00fc2218
                                    0x00fc2218
                                    0x00fc221c
                                    0x00fc2220
                                    0x00fc2222
                                    0x00fc22c2
                                    0x00fc22c4
                                    0x00fc22dc
                                    0x00fc22dc
                                    0x00fc22e1
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fc22e7
                                    0x00fc22c8
                                    0x00fc22cd
                                    0x00fc22d3
                                    0x00fc22d6
                                    0x01005823
                                    0x01005825
                                    0x01005827
                                    0x00000000
                                    0x00000000
                                    0x0100582d
                                    0x00000000
                                    0x0100582d
                                    0x00000000
                                    0x00fc2228
                                    0x00fc2228
                                    0x00000000
                                    0x00fc2228
                                    0x00fc2222
                                    0x00fc2214
                                    0x00fc2214
                                    0x00000000
                                    0x00fc2114
                                    0x00fc2114
                                    0x00fc2114
                                    0x00fc211a
                                    0x00fc211c
                                    0x00fc2348
                                    0x00fc234d
                                    0x01005840
                                    0x01005845
                                    0x01005848
                                    0x0100584e
                                    0x0100584e
                                    0x01005848
                                    0x00fc2353
                                    0x00fc2355
                                    0x00fc2388
                                    0x00fc2388
                                    0x00fc2368
                                    0x00fc236a
                                    0x00fc236c
                                    0x00fc238f
                                    0x00000000
                                    0x00fc236e
                                    0x00fc236e
                                    0x00fc218e
                                    0x00fc218e
                                    0x00fc2191
                                    0x00fc2195
                                    0x01005a03
                                    0x01005a06
                                    0x01005a0c
                                    0x01005a0f
                                    0x01005a11
                                    0x01005a13
                                    0x01005a13
                                    0x01005a19
                                    0x01005a1f
                                    0x00000000
                                    0x00fc219b
                                    0x00fc219b
                                    0x00fc21a0
                                    0x00fc2282
                                    0x00fc2284
                                    0x00fc2284
                                    0x00fc2284
                                    0x00fc2284
                                    0x00fc21a6
                                    0x00fc21a9
                                    0x00fc21ac
                                    0x00fc21ae
                                    0x00fc21b3
                                    0x00fc228b
                                    0x00fc2290
                                    0x00fc2379
                                    0x00fc2296
                                    0x00fc2298
                                    0x00fc2298
                                    0x00fc2290
                                    0x00fc21b9
                                    0x00fc21be
                                    0x00fc22a2
                                    0x00fc22a2
                                    0x00fc21c4
                                    0x00fc21c8
                                    0x00fc21cc
                                    0x00fc21d0
                                    0x00fc21d4
                                    0x00fc21de
                                    0x00fc21e3
                                    0x01005a29
                                    0x01005a2c
                                    0x00000000
                                    0x00000000
                                    0x01005a3b
                                    0x00000000
                                    0x00fc21e9
                                    0x00fc21e9
                                    0x00fc21e9
                                    0x00fc21ee
                                    0x00fc21f1
                                    0x01005a45
                                    0x01005a4b
                                    0x01005a52
                                    0x01005a58
                                    0x01005a5d
                                    0x01005a5f
                                    0x01005a71
                                    0x01005a61
                                    0x01005a6a
                                    0x01005a6a
                                    0x01005a76
                                    0x01005a79
                                    0x01005a7f
                                    0x01005a83
                                    0x01005a85
                                    0x01005a87
                                    0x01005a87
                                    0x01005a8c
                                    0x01005a91
                                    0x01005a97
                                    0x01005a9f
                                    0x01005aa0
                                    0x01005aa1
                                    0x01005aa6
                                    0x01005aab
                                    0x01005ab1
                                    0x01005ab3
                                    0x01005ab9
                                    0x01005aca
                                    0x01005ad4
                                    0x01005ad4
                                    0x01005ade
                                    0x01005ade
                                    0x01005aab
                                    0x01005a79
                                    0x01005a52
                                    0x00fc21f7
                                    0x00fc21f9
                                    0x00fc21fe
                                    0x00fc21fe
                                    0x00fc21e3
                                    0x00fc2195
                                    0x00fc236c
                                    0x00fc2122
                                    0x00fc2122
                                    0x00fc2124
                                    0x00fc2231
                                    0x00fc2236
                                    0x00fc2236
                                    0x00fc2238
                                    0x00fc2238
                                    0x00fc2240
                                    0x00fc2242
                                    0x00fc2244
                                    0x010059fc
                                    0x00fc218c
                                    0x00fc218c
                                    0x00000000
                                    0x00fc218c
                                    0x00fc224a
                                    0x00fc224f
                                    0x00fc2256
                                    0x00fc2304
                                    0x00fc2309
                                    0x00fc230f
                                    0x00fc231e
                                    0x00fc231e
                                    0x00fc231e
                                    0x00fc2320
                                    0x00fc2325
                                    0x00fc232a
                                    0x00fc232c
                                    0x00fc233e
                                    0x00fc233e
                                    0x00000000
                                    0x00fc232c
                                    0x00fc2311
                                    0x00fc2317
                                    0x00fc231a
                                    0x00fc231c
                                    0x00fc2380
                                    0x00fc2380
                                    0x00fc2380
                                    0x00fc2384
                                    0x00000000
                                    0x00000000
                                    0x00fc2386
                                    0x00000000
                                    0x00fc231c
                                    0x00fc225c
                                    0x00fc225c
                                    0x00000000
                                    0x00fc225c
                                    0x00fc212a
                                    0x00fc2134
                                    0x00fc2138
                                    0x00fc213d
                                    0x01005858
                                    0x01005863
                                    0x01005863
                                    0x01005867
                                    0x0100586a
                                    0x00000000
                                    0x00000000
                                    0x0100586c
                                    0x0100586c
                                    0x01005871
                                    0x01005875
                                    0x01005877
                                    0x01005997
                                    0x0100599c
                                    0x010059a1
                                    0x010059a7
                                    0x010059a7
                                    0x00000000
                                    0x010059a7
                                    0x0100587d
                                    0x00000000
                                    0x0100588b
                                    0x0100588b
                                    0x01005890
                                    0x01005892
                                    0x01005894
                                    0x01005899
                                    0x0100589b
                                    0x010058a0
                                    0x010058a0
                                    0x010058aa
                                    0x010058b2
                                    0x010058b6
                                    0x010058be
                                    0x010058c6
                                    0x010058c9
                                    0x0100590d
                                    0x01005917
                                    0x0100591a
                                    0x0100591c
                                    0x01005920
                                    0x01005928
                                    0x0100592a
                                    0x0100592c
                                    0x0100592e
                                    0x0100592e
                                    0x010058cb
                                    0x010058cd
                                    0x010058d8
                                    0x010058e0
                                    0x010058f4
                                    0x010058fe
                                    0x010058fe
                                    0x0100593a
                                    0x0100593e
                                    0x01005940
                                    0x01005942
                                    0x00000000
                                    0x01005944
                                    0x01005944
                                    0x01005949
                                    0x0100594e
                                    0x0100594e
                                    0x01005953
                                    0x0100595b
                                    0x01005976
                                    0x01005976
                                    0x0100597a
                                    0x0100597f
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x01005981
                                    0x01005981
                                    0x01005981
                                    0x01005983
                                    0x01005988
                                    0x0100598d
                                    0x01005991
                                    0x01005991
                                    0x00000000
                                    0x0100595d
                                    0x0100595d
                                    0x01005963
                                    0x01005965
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x01005967
                                    0x01005967
                                    0x0100596b
                                    0x0100596d
                                    0x00000000
                                    0x00000000
                                    0x0100596f
                                    0x01005971
                                    0x01005971
                                    0x01005974
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x01005974
                                    0x00000000
                                    0x01005967
                                    0x0100595b
                                    0x01005942
                                    0x01005863
                                    0x00fc2143
                                    0x00fc2143
                                    0x00fc2149
                                    0x00fc214f
                                    0x00fc22f1
                                    0x00fc22f6
                                    0x00000000
                                    0x00fc2173
                                    0x00fc2173
                                    0x00fc217d
                                    0x00fc2181
                                    0x00fc2186
                                    0x010059ae
                                    0x010059b2
                                    0x010059b5
                                    0x010059b7
                                    0x010059ba
                                    0x010059cd
                                    0x010059d1
                                    0x010059d5
                                    0x010059d9
                                    0x010059db
                                    0x00000000
                                    0x00000000
                                    0x010059dd
                                    0x010059dd
                                    0x010059e1
                                    0x010059e4
                                    0x010059e7
                                    0x010059ee
                                    0x010059ee
                                    0x010059f3
                                    0x010059f3
                                    0x00000000
                                    0x00fc2186
                                    0x00fc214f
                                    0x00fc2106
                                    0x00fc2266
                                    0x00fc20d8
                                    0x00fc20da
                                    0x00fc20e0
                                    0x00000000
                                    0x00000000
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 480e9fab4ac7f0f9778b33aae16008a275ab126b393e331d8478680b7bbf48c9
                                    • Instruction ID: 61d89f93423cfa640c38c46e03b5bfffee3e0ce130a0cef1a43917a8e912086b
                                    • Opcode Fuzzy Hash: 480e9fab4ac7f0f9778b33aae16008a275ab126b393e331d8478680b7bbf48c9
                                    • Instruction Fuzzy Hash: 31F11831A083429FE7A6CF28C942B6A77E1EF85324F18855DF9D59B281D739D840DB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FBB236 Relevance: .3, Instructions: 305COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 86%
                                    			E00FBB236(signed int __ecx, intOrPtr __edx) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				unsigned int _t94;
				signed int _t96;
				intOrPtr _t97;
				unsigned int _t101;
				char _t103;
				signed int _t114;
				signed int _t115;
				signed char* _t118;
				intOrPtr _t119;
				signed int _t120;
				signed char* _t123;
				signed int _t129;
				char* _t132;
				unsigned int _t147;
				signed int _t157;
				unsigned int _t158;
				signed int _t159;
				signed int _t165;
				signed int _t168;
				signed char _t175;
				signed char _t185;
				unsigned int _t197;
				unsigned int _t206;
				unsigned int* _t214;
				signed int _t218;

				_t156 = __edx;
				_v24 = __edx;
				_t218 = __ecx;
				_t3 = _t156 + 0xfff; // 0xfff
				_t210 = 0;
				_v16 = _t3 & 0xfffff000;
				if(E00FBB477(__ecx,  &_v16) == 0) {
					__eflags =  *(__ecx + 0x40) & 0x00000002;
					if(( *(__ecx + 0x40) & 0x00000002) == 0) {
						L32:
						__eflags =  *(_t218 + 0x40) & 0x00000080;
						if(( *(_t218 + 0x40) & 0x00000080) != 0) {
							_t210 = E0103CB4F(_t218);
							__eflags = _t210;
							if(_t210 == 0) {
								goto L33;
							}
							__eflags = ( *_t210 & 0x0000ffff) - _t156;
							if(( *_t210 & 0x0000ffff) < _t156) {
								goto L33;
							}
							_t157 = _t210;
							goto L3;
						}
						L33:
						_t157 = 0;
						__eflags = _t210;
						if(_t210 != 0) {
							__eflags =  *(_t218 + 0x4c);
							if( *(_t218 + 0x4c) != 0) {
								 *(_t210 + 3) =  *(_t210 + 2) ^  *(_t210 + 1) ^  *_t210;
								 *_t210 =  *_t210 ^  *(_t218 + 0x50);
							}
						}
						goto L3;
					}
					_v12 = _v12 & 0;
					_t158 = __edx + 0x2000;
					_t94 =  *((intOrPtr*)(__ecx + 0x64));
					__eflags = _t158 - _t94;
					if(_t158 > _t94) {
						_t94 = _t158;
					}
					__eflags =  *((char*)(_t218 + 0xda)) - 2;
					if( *((char*)(_t218 + 0xda)) != 2) {
						_t165 = 0;
					} else {
						_t165 =  *(_t218 + 0xd4);
					}
					__eflags = _t165;
					if(_t165 == 0) {
						__eflags = _t94 - 0x3f4000;
						if(_t94 >= 0x3f4000) {
							 *(_t218 + 0x48) =  *(_t218 + 0x48) | 0x20000000;
						}
					}
					_t96 = _t94 + 0x0000ffff & 0xffff0000;
					_v8 = _t96;
					__eflags = _t96 - 0xfd0000;
					if(_t96 >= 0xfd0000) {
						_v8 = 0xfd0000;
					}
					_t97 = E00FC0678(_t218, 1);
					_push(_t97);
					_push(0x2000);
					_v28 = _t97;
					_push( &_v8);
					_push(0);
					_push( &_v12);
					_push(0xffffffff);
					_t168 = E00FD9660();
					__eflags = _t168;
					if(_t168 < 0) {
						while(1) {
							_t101 = _v8;
							__eflags = _t101 - _t158;
							if(_t101 == _t158) {
								break;
							}
							_t147 = _t101 >> 1;
							_v8 = _t147;
							__eflags = _t147 - _t158;
							if(_t147 < _t158) {
								_v8 = _t158;
							}
							_push(_v28);
							_push(0x2000);
							_push( &_v8);
							_push(0);
							_push( &_v12);
							_push(0xffffffff);
							_t168 = E00FD9660();
							__eflags = _t168;
							if(_t168 < 0) {
								continue;
							} else {
								_t101 = _v8;
								break;
							}
						}
						__eflags = _t168;
						if(_t168 >= 0) {
							goto L12;
						}
						 *((intOrPtr*)(_t218 + 0x214)) =  *((intOrPtr*)(_t218 + 0x214)) + 1;
						goto L60;
					} else {
						_t101 = _v8;
						L12:
						 *((intOrPtr*)(_t218 + 0x64)) =  *((intOrPtr*)(_t218 + 0x64)) + _t101;
						_t103 = _v24 + 0x1000;
						__eflags = _t103 -  *((intOrPtr*)(_t218 + 0x68));
						if(_t103 <=  *((intOrPtr*)(_t218 + 0x68))) {
							_t103 =  *((intOrPtr*)(_t218 + 0x68));
						}
						_push(_v28);
						_v20 = _t103;
						_push(0x1000);
						_push( &_v20);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						_t159 = E00FD9660();
						__eflags = _t159;
						if(_t159 < 0) {
							L59:
							E00FC174B( &_v12,  &_v8, 0x8000);
							L60:
							_t156 = _v24;
							goto L32;
						} else {
							_t114 = E00FC138B(_t218, _v12, 0x40, _t168, 2, _v12, _v20 + _v12, _v8 + 0xfffff000 + _t192);
							__eflags = _t114;
							if(_t114 == 0) {
								_t159 = 0xc0000017;
							}
							__eflags = _t159;
							if(_t159 < 0) {
								goto L59;
							} else {
								_t115 = E00FB7D50();
								_t212 = 0x7ffe0380;
								__eflags = _t115;
								if(_t115 != 0) {
									_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t118 = 0x7ffe0380;
								}
								__eflags =  *_t118;
								if( *_t118 != 0) {
									_t119 =  *[fs:0x30];
									__eflags =  *(_t119 + 0x240) & 0x00000001;
									if(( *(_t119 + 0x240) & 0x00000001) != 0) {
										E0105138A(0x226, _t218, _v12, _v20, 4);
										__eflags = E00FB7D50();
										if(__eflags != 0) {
											_t212 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E01051582(0x226, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t212 & 0x000000ff);
									}
								}
								_t120 = E00FB7D50();
								_t213 = 0x7ffe038a;
								__eflags = _t120;
								if(_t120 != 0) {
									_t123 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t123 = 0x7ffe038a;
								}
								__eflags =  *_t123;
								if( *_t123 != 0) {
									__eflags = E00FB7D50();
									if(__eflags != 0) {
										_t213 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									}
									E01051582(0x230, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t213 & 0x000000ff);
								}
								_t129 = E00FB7D50();
								__eflags = _t129;
								if(_t129 != 0) {
									_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								} else {
									_t132 = 0x7ffe0388;
								}
								__eflags =  *_t132;
								if( *_t132 != 0) {
									E0104FEC0(0x230, _t218, _v12, _v8);
								}
								__eflags =  *(_t218 + 0x4c);
								_t214 =  *(_v12 + 0x24);
								if( *(_t218 + 0x4c) != 0) {
									_t197 =  *(_t218 + 0x50) ^  *_t214;
									 *_t214 = _t197;
									_t175 = _t197 >> 0x00000010 ^ _t197 >> 0x00000008 ^ _t197;
									__eflags = _t197 >> 0x18 - _t175;
									if(__eflags != 0) {
										_push(_t175);
										E0104FA2B(0x230, _t218, _t214, _t214, _t218, __eflags);
									}
								}
								_t157 =  *(_v12 + 0x24);
								goto L3;
							}
						}
					}
				} else {
					_v16 = _v16 >> 3;
					_t157 = E00FB99BF(__ecx, _t87,  &_v16, 0);
					E00FBA830(__ecx, _t157, _v16);
					if( *(_t218 + 0x4c) != 0) {
						_t206 =  *(_t218 + 0x50) ^  *_t157;
						 *_t157 = _t206;
						_t185 = _t206 >> 0x00000010 ^ _t206 >> 0x00000008 ^ _t206;
						if(_t206 >> 0x18 != _t185) {
							_push(_t185);
							E0104FA2B(_t157, _t218, _t157, 0, _t218, __eflags);
						}
					}
					L3:
					return _t157;
				}
			}






































                                    0x00fbb23f
                                    0x00fbb246
                                    0x00fbb249
                                    0x00fbb24b
                                    0x00fbb251
                                    0x00fbb258
                                    0x00fbb262
                                    0x00fbb2b2
                                    0x00fbb2b6
                                    0x00fbb456
                                    0x00fbb456
                                    0x00fbb45a
                                    0x01002912
                                    0x01002914
                                    0x01002916
                                    0x00000000
                                    0x00000000
                                    0x0100291f
                                    0x01002921
                                    0x00000000
                                    0x00000000
                                    0x01002927
                                    0x00000000
                                    0x01002927
                                    0x00fbb460
                                    0x00fbb460
                                    0x00fbb462
                                    0x00fbb464
                                    0x0100292e
                                    0x01002931
                                    0x0100293f
                                    0x01002945
                                    0x01002945
                                    0x01002931
                                    0x00000000
                                    0x00fbb464
                                    0x00fbb2bc
                                    0x00fbb2bf
                                    0x00fbb2c5
                                    0x00fbb2c8
                                    0x00fbb2ca
                                    0x010027af
                                    0x010027af
                                    0x00fbb2d0
                                    0x00fbb2d7
                                    0x00fbb437
                                    0x00fbb2dd
                                    0x00fbb2dd
                                    0x00fbb2dd
                                    0x00fbb2e3
                                    0x00fbb2e5
                                    0x00fbb43e
                                    0x00fbb443
                                    0x010027b6
                                    0x010027b6
                                    0x00fbb443
                                    0x00fbb2f5
                                    0x00fbb2fa
                                    0x00fbb2fd
                                    0x00fbb2ff
                                    0x00fbb46f
                                    0x00fbb46f
                                    0x00fbb30a
                                    0x00fbb30f
                                    0x00fbb310
                                    0x00fbb315
                                    0x00fbb31b
                                    0x00fbb31c
                                    0x00fbb321
                                    0x00fbb322
                                    0x00fbb329
                                    0x00fbb32b
                                    0x00fbb32d
                                    0x010027c2
                                    0x010027c2
                                    0x010027c5
                                    0x010027c7
                                    0x00000000
                                    0x00000000
                                    0x010027c9
                                    0x010027cb
                                    0x010027ce
                                    0x010027d0
                                    0x010027d2
                                    0x010027d2
                                    0x010027d5
                                    0x010027db
                                    0x010027e0
                                    0x010027e1
                                    0x010027e6
                                    0x010027e7
                                    0x010027ee
                                    0x010027f0
                                    0x010027f2
                                    0x00000000
                                    0x010027f4
                                    0x010027f4
                                    0x00000000
                                    0x010027f4
                                    0x010027f2
                                    0x010027f7
                                    0x010027f9
                                    0x00000000
                                    0x00000000
                                    0x010027ff
                                    0x00000000
                                    0x00fbb333
                                    0x00fbb333
                                    0x00fbb336
                                    0x00fbb336
                                    0x00fbb33c
                                    0x00fbb341
                                    0x00fbb344
                                    0x00fbb44e
                                    0x00fbb44e
                                    0x00fbb34a
                                    0x00fbb34d
                                    0x00fbb353
                                    0x00fbb358
                                    0x00fbb359
                                    0x00fbb35e
                                    0x00fbb35f
                                    0x00fbb366
                                    0x00fbb368
                                    0x00fbb36a
                                    0x010028f2
                                    0x010028fe
                                    0x01002903
                                    0x01002903
                                    0x00000000
                                    0x00fbb370
                                    0x00fbb38c
                                    0x00fbb391
                                    0x00fbb393
                                    0x0100280a
                                    0x0100280a
                                    0x00fbb399
                                    0x00fbb39b
                                    0x00000000
                                    0x00fbb3a1
                                    0x00fbb3a1
                                    0x00fbb3a6
                                    0x00fbb3b0
                                    0x00fbb3b2
                                    0x0100281d
                                    0x00fbb3b8
                                    0x00fbb3b8
                                    0x00fbb3b8
                                    0x00fbb3ba
                                    0x00fbb3bd
                                    0x01002824
                                    0x0100282a
                                    0x01002831
                                    0x01002841
                                    0x0100284b
                                    0x0100284d
                                    0x01002858
                                    0x01002858
                                    0x01002858
                                    0x01002870
                                    0x01002870
                                    0x01002831
                                    0x00fbb3c3
                                    0x00fbb3c8
                                    0x00fbb3d2
                                    0x00fbb3d4
                                    0x01002883
                                    0x00fbb3da
                                    0x00fbb3da
                                    0x00fbb3da
                                    0x00fbb3dc
                                    0x00fbb3df
                                    0x0100288f
                                    0x01002891
                                    0x0100289c
                                    0x0100289c
                                    0x0100289c
                                    0x010028b4
                                    0x010028b4
                                    0x00fbb3e5
                                    0x00fbb3ea
                                    0x00fbb3ec
                                    0x010028c7
                                    0x00fbb3f2
                                    0x00fbb3f2
                                    0x00fbb3f2
                                    0x00fbb3f7
                                    0x00fbb3fa
                                    0x010028d9
                                    0x010028d9
                                    0x00fbb400
                                    0x00fbb407
                                    0x00fbb40a
                                    0x00fbb40f
                                    0x00fbb413
                                    0x00fbb41f
                                    0x00fbb424
                                    0x00fbb426
                                    0x010028e3
                                    0x010028e8
                                    0x010028e8
                                    0x00fbb426
                                    0x00fbb42f
                                    0x00000000
                                    0x00fbb42f
                                    0x00fbb39b
                                    0x00fbb36a
                                    0x00fbb264
                                    0x00fbb264
                                    0x00fbb279
                                    0x00fbb27f
                                    0x00fbb287
                                    0x00fbb28c
                                    0x00fbb290
                                    0x00fbb29c
                                    0x00fbb2a3
                                    0x010027a0
                                    0x010027a5
                                    0x010027a5
                                    0x00fbb2a3
                                    0x00fbb2a9
                                    0x00fbb2b1
                                    0x00fbb2b1

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                    • Instruction ID: c412814f843dc46b2665e308cfe7e5e099f8efb9adfe36342c08fd653ac22004
                                    • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                    • Instruction Fuzzy Hash: 35B1D231B046059FDB16DBAAC895BBEB7F5BF84300F2401A9E582D7382D770DA01EB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FA849B Relevance: .3, Instructions: 290COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 92%
                                    			E00FA849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x106f9c0);
				E00FED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x1087b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E00FACEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E00FB2280( *[fs:0x30], 0x1088550);
						_t139 =  *0x1087b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E00FCF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E00FAFFB0(_t193, _t235, 0x1088550);
								L5:
								return E00FED130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E00F91C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x1087b9c; // 0x0
							_t235 = L00FB4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x1087b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E00FCA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E00FAFFB0(_t193, _t235, 0x1088550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L00FB77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L00FB77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x1087b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x1087b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E00FD37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x1087b9c; // 0x0
									_t214 = L00FB4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E00FD37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x1087b10 =  *0x1087b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x1087b04 =  *0x1087b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L00FB77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L00FB77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x1087b08 =  *0x1087b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E00FD57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E00FDF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L00FB77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E00FCA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L00FB77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E00FD96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                    0x00fa849b
                                    0x00fa849b
                                    0x00fa849b
                                    0x00fa849b
                                    0x00fa849d
                                    0x00fa84a2
                                    0x00fa84a7
                                    0x00fa84b1
                                    0x00fa84d8
                                    0x00000000
                                    0x00fa84b3
                                    0x00fa84c4
                                    0x00fa84c9
                                    0x00fa84cd
                                    0x00fa84cf
                                    0x00fa84cf
                                    0x00fa84d6
                                    0x00fa84e6
                                    0x00fa84e9
                                    0x00fa84ec
                                    0x00fa84ef
                                    0x00fa84f2
                                    0x00fa84f4
                                    0x00fa84fc
                                    0x00fa8501
                                    0x00fa8506
                                    0x00fa8509
                                    0x00fa86e0
                                    0x00fa86e5
                                    0x00fa86e8
                                    0x00fa86ed
                                    0x00fa86f0
                                    0x00fa86f2
                                    0x00ff9afd
                                    0x00ff9b02
                                    0x00fa84da
                                    0x00fa84df
                                    0x00fa84df
                                    0x00fa86fa
                                    0x00fa86fd
                                    0x00fa86fe
                                    0x00fa8701
                                    0x00fa8706
                                    0x00fa8709
                                    0x00fa870b
                                    0x00000000
                                    0x00000000
                                    0x00fa8711
                                    0x00fa8725
                                    0x00fa8727
                                    0x00fa872a
                                    0x00fa872c
                                    0x00ff9af0
                                    0x00ff9af5
                                    0x00fa8732
                                    0x00fa8732
                                    0x00fa8732
                                    0x00fa8735
                                    0x00fa8737
                                    0x00fa8515
                                    0x00fa8515
                                    0x00fa8518
                                    0x00fa851d
                                    0x00fa8523
                                    0x00fa8527
                                    0x00fa852b
                                    0x00fa8537
                                    0x00fa8539
                                    0x00fa853c
                                    0x00fa853e
                                    0x00fa868c
                                    0x00fa8691
                                    0x00fa8699
                                    0x00fa869b
                                    0x00fa8744
                                    0x00fa8748
                                    0x00fa86a1
                                    0x00fa86a1
                                    0x00fa86a1
                                    0x00fa86a4
                                    0x00fa86a8
                                    0x00ff9bdf
                                    0x00ff9bdf
                                    0x00fa86ae
                                    0x00fa86b0
                                    0x00000000
                                    0x00fa86b6
                                    0x00000000
                                    0x00ff9be9
                                    0x00fa86b0
                                    0x00fa8544
                                    0x00fa854a
                                    0x00fa854d
                                    0x00fa8551
                                    0x00fa876e
                                    0x00fa8778
                                    0x00fa877b
                                    0x00fa8780
                                    0x00fa8557
                                    0x00fa8557
                                    0x00fa855d
                                    0x00fa855d
                                    0x00fa856b
                                    0x00fa856e
                                    0x00fa8570
                                    0x00fa8573
                                    0x00fa8576
                                    0x00fa8576
                                    0x00fa8579
                                    0x00fa857b
                                    0x00000000
                                    0x00000000
                                    0x00fa8581
                                    0x00fa85a0
                                    0x00fa85a2
                                    0x00fa85a5
                                    0x00fa85a7
                                    0x00ff9b1b
                                    0x00ff9b1b
                                    0x00fa862e
                                    0x00fa862e
                                    0x00fa8631
                                    0x00fa8631
                                    0x00fa8634
                                    0x00fa8636
                                    0x00fa8669
                                    0x00fa8669
                                    0x00fa866b
                                    0x00ff9bbf
                                    0x00ff9bc4
                                    0x00ff9bc8
                                    0x00ff9bce
                                    0x00ff9bce
                                    0x00fa8671
                                    0x00fa8671
                                    0x00fa8674
                                    0x00fa8676
                                    0x00ff9bae
                                    0x00ff9bae
                                    0x00fa8676
                                    0x00fa867c
                                    0x00fa867e
                                    0x00fa8688
                                    0x00fa8688
                                    0x00000000
                                    0x00fa867e
                                    0x00fa8638
                                    0x00fa8638
                                    0x00fa863b
                                    0x00fa863e
                                    0x00fa863f
                                    0x00fa8642
                                    0x00fa8645
                                    0x00fa8648
                                    0x00fa864d
                                    0x00ff9b69
                                    0x00ff9b6e
                                    0x00ff9b7b
                                    0x00ff9b81
                                    0x00ff9b85
                                    0x00ff9b89
                                    0x00ff9ba7
                                    0x00ff9b8b
                                    0x00ff9b91
                                    0x00ff9b9a
                                    0x00ff9b9f
                                    0x00ff9b9f
                                    0x00fa8788
                                    0x00fa878d
                                    0x00fa8763
                                    0x00fa8763
                                    0x00fa8766
                                    0x00000000
                                    0x00fa8766
                                    0x00ff9b70
                                    0x00000000
                                    0x00ff9b70
                                    0x00fa8656
                                    0x00fa865a
                                    0x00fa865c
                                    0x00fa8752
                                    0x00fa8756
                                    0x00000000
                                    0x00000000
                                    0x00fa875e
                                    0x00000000
                                    0x00fa875e
                                    0x00fa8662
                                    0x00fa8662
                                    0x00fa8662
                                    0x00fa8666
                                    0x00000000
                                    0x00fa8666
                                    0x00fa85b7
                                    0x00fa85b9
                                    0x00fa85bc
                                    0x00fa85bf
                                    0x00fa85cc
                                    0x00fa85d1
                                    0x00fa85d4
                                    0x00fa85db
                                    0x00fa85de
                                    0x00fa85e0
                                    0x00ff9b5f
                                    0x00000000
                                    0x00ff9b5f
                                    0x00fa85e6
                                    0x00fa85ea
                                    0x00fa86c3
                                    0x00fa86c5
                                    0x00fa86c8
                                    0x00fa86ca
                                    0x00ff9b16
                                    0x00000000
                                    0x00ff9b16
                                    0x00fa86d6
                                    0x00fa85f6
                                    0x00fa85f6
                                    0x00fa85f9
                                    0x00fa8602
                                    0x00fa8606
                                    0x00fa860a
                                    0x00fa860b
                                    0x00fa860e
                                    0x00fa8611
                                    0x00000000
                                    0x00fa8611
                                    0x00fa85f3
                                    0x00000000
                                    0x00fa85f3
                                    0x00fa8619
                                    0x00fa861e
                                    0x00fa861e
                                    0x00fa8621
                                    0x00fa8622
                                    0x00fa8623
                                    0x00fa8625
                                    0x00fa862c
                                    0x00000000
                                    0x00fa873d
                                    0x00000000
                                    0x00fa873d
                                    0x00fa8737
                                    0x00fa850f
                                    0x00fa8512
                                    0x00000000
                                    0x00fa8512
                                    0x00000000
                                    0x00fa84d6

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1b9351ce55923d2bd0f4a6d48d5c5f49f226db613219d4ff6f15ca9fdf6bcb26
                                    • Instruction ID: 05fa246788813567487e6d6f3d378d64e897bb9d829b3063fcf11a17c896dc17
                                    • Opcode Fuzzy Hash: 1b9351ce55923d2bd0f4a6d48d5c5f49f226db613219d4ff6f15ca9fdf6bcb26
                                    • Instruction Fuzzy Hash: C3B1ACB0E04209DFDB14DF99C980BADBBB6BF49304F20412AE501AB355DBB4AD42EF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC6A60 Relevance: .2, Instructions: 227COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 66%
                                    			E00FC6A60(intOrPtr* _a4) {
				signed int _v8;
				char _v24;
				signed char _v25;
				intOrPtr* _v32;
				signed char _v36;
				signed int _v40;
				intOrPtr* _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr* _v68;
				signed char _v72;
				signed char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed char _v88;
				signed int _v92;
				signed char _v96;
				char _v100;
				signed int _v104;
				void* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t101;
				void* _t105;
				signed int _t112;
				signed int* _t113;
				signed int* _t114;
				intOrPtr _t117;
				intOrPtr _t118;
				void* _t122;
				signed int _t127;
				intOrPtr* _t128;
				signed int _t131;
				signed char _t134;
				signed int _t136;
				intOrPtr* _t138;
				intOrPtr* _t139;
				intOrPtr _t143;
				signed char _t144;
				signed short _t145;
				signed char _t146;
				intOrPtr* _t147;
				intOrPtr _t148;
				void* _t150;
				char _t152;
				signed int _t153;
				signed char _t154;

				_v8 =  *0x108d360 ^ _t153;
				_t144 =  *0x7ffe03c6;
				_v25 = _t144;
				_t128 = _a4;
				_v44 = _t128;
				if((_t144 & 0x00000001) == 0) {
					L54:
					_push(0);
					_push( &_v100);
					E00FD9810();
					 *_t128 = _v100;
					 *(_t128 + 4) = _v96;
					goto L20;
				} else {
					do {
						_t148 =  *0x7ffe03b8;
						_t134 =  *0x7FFE03BC;
						_t146 =  *0x7FFE03BC;
						_v60 = _t148;
						_v76 = _t134;
					} while (_t148 !=  *0x7ffe03b8 || _t134 != _t146);
					_t128 = _v44;
					if((_t144 & 0x00000002) != 0) {
						_t147 =  *0x1086908; // 0x0
						_v68 = _t147;
						if(_t147 == 0) {
							goto L54;
						} else {
							goto L22;
						}
						while(1) {
							L22:
							_t101 =  *_t147;
							_v32 = _t101;
							if(_t101 == 0) {
								break;
							}
							if(_t144 >= 0) {
								if((_t144 & 0x00000020) == 0) {
									if((_t144 & 0x00000010) != 0) {
										asm("mfence");
									}
								} else {
									asm("lfence");
								}
								asm("rdtsc");
							} else {
								asm("rdtscp");
								_v72 = _t134;
							}
							_v52 = _t101;
							_v84 =  *((intOrPtr*)(_t147 + 8));
							_v64 =  *((intOrPtr*)(_t147 + 0x10));
							_v80 =  *((intOrPtr*)(_t147 + 0x14));
							_t105 = E00FDCF90(_t144, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t146 = _t144;
							E00FDCF90(_v52, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t150 = _t105 + _t144;
							_t144 = _v25;
							asm("adc edi, 0x0");
							_v40 = _t150 + _v64;
							_t147 = _v68;
							asm("adc edi, [ebp-0x4c]");
							_v36 = _t146;
							if( *_t147 != _v32) {
								continue;
							} else {
								_t128 = _v44;
								_t147 = _v60;
								L19:
								_t144 = _v36;
								asm("adc edx, [ebp-0x48]");
								 *_t128 = E00FDD340(_v40 + _t147,  *0x7ffe03c7 & 0x000000ff, _t144);
								 *(_t128 + 4) = _t144;
								L20:
								return E00FDB640(1, _t128, _v8 ^ _t153, _t144, _t146, _t147);
							}
						}
						_t128 = _v44;
						goto L54;
					}
					_v56 = 0xffffffff;
					if( *((intOrPtr*)( *[fs:0x18] + 0xfdc)) == 0) {
						_t136 = 0x14c;
						L14:
						_t112 = _t136 & 0x0000ffff;
						L15:
						if(_t112 == 0xaa64) {
							_t113 =  &_v40;
							_v32 = _t113;
							_t138 = _v32;
							asm("int 0x81");
							 *_t138 = _t113;
							 *(_t138 + 4) = _t144;
							if((_t144 & 0x00000040) == 0) {
								goto L19;
							}
							_t114 =  &_v92;
							_v32 = _t114;
							_t139 = _v32;
							asm("int 0x81");
							 *_t139 = _t114;
							 *(_t139 + 4) = _t144;
							_t144 = _v88;
							if(((_t144 ^ _v36) & 0x00000001) != 0) {
								goto L19;
							}
							_t112 = _v92;
							L18:
							_v40 = _t112;
							_v36 = _t144;
							goto L19;
						}
						if(_t144 >= 0) {
							if((_t144 & 0x00000020) == 0) {
								if((_t144 & 0x00000010) != 0) {
									asm("mfence");
								}
							} else {
								asm("lfence");
							}
							asm("rdtsc");
						} else {
							asm("rdtscp");
						}
						goto L18;
					}
					_t117 =  *[fs:0x18];
					_t143 =  *((intOrPtr*)(_t117 + 0xfdc));
					if(_t143 < 0) {
						_t117 = _t117 + _t143;
					}
					if(_t117 ==  *((intOrPtr*)(_t117 + 0x18))) {
						_t118 =  *((intOrPtr*)(_t117 + 0xe38));
					} else {
						_t118 =  *((intOrPtr*)(_t117 + 0x14d0));
					}
					if(_t118 == 0 ||  *((short*)(_t118 + 0x22)) == 0) {
						L34:
						_v48 = 0x10;
						_push( &_v48);
						_push(0x10);
						_t146 =  &_v24;
						_push(_t146);
						_push(4);
						_push( &_v56);
						_push(0xb5);
						_t122 = E00FDAA90();
						if(_t122 == 0xc0000023) {
							_t152 = _v48;
							E00FDD000(_t152);
							_t146 = _t154;
							_push( &_v48);
							_push(_t152);
							_push(_t146);
							_push(4);
							_push( &_v56);
							_push(0xb5);
							_t122 = E00FDAA90();
							_t147 = _v60;
						}
						if(_t122 < 0) {
							_t112 = _v104;
							_t144 = _v25;
							goto L15;
						} else {
							_t145 =  *_t146;
							_t136 = 0;
							if(_t145 == 0) {
								L43:
								_t144 = _v25;
								goto L14;
							}
							_t131 = 0;
							do {
								if((_t145 & 0x00040000) != 0) {
									_t136 = _t145 & 0x0000ffff;
								}
								_t145 =  *(_t146 + 4 + _t131 * 4);
								_t131 = _t131 + 1;
							} while (_t145 != 0);
							_t128 = _v44;
							goto L43;
						}
					} else {
						_t127 =  *(_t118 + 0x20) & 0x0000ffff;
						if(_t127 == 0) {
							goto L34;
						}
						_t136 = _t127;
						goto L14;
					}
				}
			}






















































                                    0x00fc6a6f
                                    0x00fc6a72
                                    0x00fc6a78
                                    0x00fc6a7c
                                    0x00fc6a7f
                                    0x00fc6a87
                                    0x01008049
                                    0x01008049
                                    0x0100804e
                                    0x0100804f
                                    0x01008057
                                    0x0100805c
                                    0x00000000
                                    0x00fc6a8d
                                    0x00fc6a92
                                    0x00fc6a92
                                    0x00fc6a94
                                    0x00fc6a99
                                    0x00fc6a9c
                                    0x00fc6a9f
                                    0x00fc6aa2
                                    0x00fc6aaa
                                    0x00fc6ab0
                                    0x01007eae
                                    0x01007eb4
                                    0x01007eb9
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x01007ebf
                                    0x01007ebf
                                    0x01007ebf
                                    0x01007ec1
                                    0x01007ec6
                                    0x00000000
                                    0x00000000
                                    0x01007ece
                                    0x01007edb
                                    0x01007ee5
                                    0x01007ee7
                                    0x01007ee7
                                    0x01007edd
                                    0x01007edd
                                    0x01007edd
                                    0x01007eea
                                    0x01007ed0
                                    0x01007ed0
                                    0x01007ed3
                                    0x01007ed3
                                    0x01007eec
                                    0x01007ef8
                                    0x01007f00
                                    0x01007f07
                                    0x01007f0a
                                    0x01007f19
                                    0x01007f1b
                                    0x01007f23
                                    0x01007f25
                                    0x01007f28
                                    0x01007f2e
                                    0x01007f31
                                    0x01007f34
                                    0x01007f37
                                    0x01007f3c
                                    0x00000000
                                    0x01007f3e
                                    0x01007f3e
                                    0x01007f41
                                    0x00fc6b35
                                    0x00fc6b38
                                    0x00fc6b44
                                    0x00fc6b4c
                                    0x00fc6b4e
                                    0x00fc6b51
                                    0x00fc6b69
                                    0x00fc6b69
                                    0x01007f3c
                                    0x01008046
                                    0x00000000
                                    0x01008046
                                    0x00fc6abc
                                    0x00fc6aca
                                    0x01007f49
                                    0x00fc6b13
                                    0x00fc6b13
                                    0x00fc6b16
                                    0x00fc6b1e
                                    0x01007fe7
                                    0x01007fea
                                    0x01007fed
                                    0x01007ff0
                                    0x01007ff2
                                    0x01007ff4
                                    0x01007ffa
                                    0x00000000
                                    0x00000000
                                    0x01008000
                                    0x01008003
                                    0x01008006
                                    0x01008009
                                    0x0100800b
                                    0x0100800d
                                    0x01008010
                                    0x0100801f
                                    0x00000000
                                    0x00000000
                                    0x01008025
                                    0x00fc6b2f
                                    0x00fc6b2f
                                    0x00fc6b32
                                    0x00000000
                                    0x00fc6b32
                                    0x00fc6b26
                                    0x01008030
                                    0x0100803a
                                    0x0100803c
                                    0x0100803c
                                    0x01008032
                                    0x01008032
                                    0x01008032
                                    0x0100803f
                                    0x00fc6b2c
                                    0x00fc6b2c
                                    0x00fc6b2c
                                    0x00000000
                                    0x00fc6b26
                                    0x00fc6ad0
                                    0x00fc6ad6
                                    0x00fc6ade
                                    0x00fc6ae0
                                    0x00fc6ae0
                                    0x00fc6ae5
                                    0x01007f53
                                    0x00fc6aeb
                                    0x00fc6aeb
                                    0x00fc6aeb
                                    0x00fc6af3
                                    0x01007f5e
                                    0x01007f61
                                    0x01007f68
                                    0x01007f69
                                    0x01007f6b
                                    0x01007f70
                                    0x01007f71
                                    0x01007f76
                                    0x01007f77
                                    0x01007f7c
                                    0x01007f86
                                    0x01007f88
                                    0x01007f8d
                                    0x01007f92
                                    0x01007f97
                                    0x01007f98
                                    0x01007f99
                                    0x01007f9a
                                    0x01007f9f
                                    0x01007fa0
                                    0x01007fa5
                                    0x01007faa
                                    0x01007faa
                                    0x01007faf
                                    0x01007fdc
                                    0x01007fdf
                                    0x00000000
                                    0x01007fb1
                                    0x01007fb1
                                    0x01007fb3
                                    0x01007fb8
                                    0x01007fd4
                                    0x01007fd4
                                    0x00000000
                                    0x01007fd4
                                    0x01007fba
                                    0x01007fbc
                                    0x01007fc2
                                    0x01007fc4
                                    0x01007fc4
                                    0x01007fc7
                                    0x01007fcb
                                    0x01007fcc
                                    0x01007fd1
                                    0x00000000
                                    0x01007fd1
                                    0x00fc6b04
                                    0x00fc6b04
                                    0x00fc6b0b
                                    0x00000000
                                    0x00000000
                                    0x00fc6b11
                                    0x00000000
                                    0x00fc6b11
                                    0x00fc6af3

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d31e927a6e4fa78db74334a5e50aefe2f089730dfc19da18ca0c97dc7b922422
                                    • Instruction ID: 8f4a81c035ae9f7ab52649b6fd45d7315b7e5e2234cffe59fa756bcbfca30eb2
                                    • Opcode Fuzzy Hash: d31e927a6e4fa78db74334a5e50aefe2f089730dfc19da18ca0c97dc7b922422
                                    • Instruction Fuzzy Hash: B0817071E002199FEB51CF98C981BEEBBF5AF48350F148069E984EB381D739AD05DB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F9C600 Relevance: .2, Instructions: 225COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 67%
                                    			E00F9C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x108d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E00FA6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E00FDB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x1087b9c; // 0x0
					_t74 = L00FB4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E00FD9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L00FB77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E00FDF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E00FD13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L00FB77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E00FD9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                    0x00f9c608
                                    0x00f9c615
                                    0x00f9c625
                                    0x00f9c62d
                                    0x00f9c635
                                    0x00f9c640
                                    0x00f9c680
                                    0x00f9c687
                                    0x00f9c688
                                    0x00f9c689
                                    0x00f9c694
                                    0x00f9c694
                                    0x00f9c642
                                    0x00f9c64a
                                    0x00f9c697
                                    0x01007a25
                                    0x01007a2b
                                    0x01007a2e
                                    0x01007a30
                                    0x01007bea
                                    0x01007bea
                                    0x00000000
                                    0x01007bea
                                    0x01007a36
                                    0x01007a43
                                    0x01007a48
                                    0x01007a4c
                                    0x01007a4e
                                    0x00000000
                                    0x00000000
                                    0x01007a58
                                    0x01007a5a
                                    0x01007a5b
                                    0x01007a5c
                                    0x01007a5d
                                    0x01007a63
                                    0x01007a64
                                    0x01007a6a
                                    0x01007a6c
                                    0x01007a6e
                                    0x010079cb
                                    0x010079cb
                                    0x010079ce
                                    0x010079d0
                                    0x01007a98
                                    0x01007a9b
                                    0x01007a9b
                                    0x01007a9e
                                    0x01007aa1
                                    0x01007bbe
                                    0x01007bbe
                                    0x01007bc0
                                    0x01007be0
                                    0x01007be0
                                    0x01007a01
                                    0x01007a01
                                    0x01007a05
                                    0x01007a07
                                    0x01007a15
                                    0x01007a15
                                    0x01007a1a
                                    0x00000000
                                    0x01007a1a
                                    0x01007bc2
                                    0x01007bc6
                                    0x01007bc9
                                    0x01007bcd
                                    0x01007bcf
                                    0x010079e6
                                    0x010079e6
                                    0x010079eb
                                    0x010079eb
                                    0x010079ef
                                    0x010079f1
                                    0x00000000
                                    0x00000000
                                    0x010079f3
                                    0x010079f5
                                    0x010079ff
                                    0x010079ff
                                    0x00000000
                                    0x010079ff
                                    0x010079f7
                                    0x010079fd
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x010079fd
                                    0x01007bd5
                                    0x01007bd8
                                    0x00000000
                                    0x00000000
                                    0x01007ba9
                                    0x01007bac
                                    0x01007bb0
                                    0x01007bb1
                                    0x01007bb1
                                    0x01007bb6
                                    0x00000000
                                    0x01007bb6
                                    0x01007aa7
                                    0x01007aaa
                                    0x00000000
                                    0x00000000
                                    0x01007ab2
                                    0x01007ab3
                                    0x01007ab5
                                    0x01007aec
                                    0x01007aef
                                    0x01007b25
                                    0x01007b28
                                    0x01007b62
                                    0x01007b64
                                    0x01007b8f
                                    0x01007b92
                                    0x01007b96
                                    0x01007b98
                                    0x00000000
                                    0x00000000
                                    0x01007b9e
                                    0x01007b9f
                                    0x01007ba3
                                    0x00000000
                                    0x01007ba3
                                    0x01007b66
                                    0x01007b68
                                    0x01007ae2
                                    0x01007ae2
                                    0x00000000
                                    0x01007ae2
                                    0x01007b6e
                                    0x01007b72
                                    0x01007b75
                                    0x01007b81
                                    0x01007b85
                                    0x01007b87
                                    0x00000000
                                    0x00000000
                                    0x01007b31
                                    0x01007b34
                                    0x01007b3c
                                    0x01007b45
                                    0x01007b46
                                    0x01007b4f
                                    0x01007b51
                                    0x01007b57
                                    0x01007b59
                                    0x01007b59
                                    0x00000000
                                    0x01007b59
                                    0x01007b77
                                    0x00000000
                                    0x01007b77
                                    0x01007b2a
                                    0x00000000
                                    0x01007b2a
                                    0x01007af1
                                    0x01007af3
                                    0x00000000
                                    0x00000000
                                    0x01007afb
                                    0x01007afc
                                    0x01007afe
                                    0x00000000
                                    0x00000000
                                    0x01007b00
                                    0x01007b03
                                    0x00000000
                                    0x00000000
                                    0x01007b05
                                    0x01007b09
                                    0x01007b0d
                                    0x01007b0f
                                    0x00000000
                                    0x00000000
                                    0x01007b18
                                    0x01007b1d
                                    0x00000000
                                    0x01007b1d
                                    0x01007ab7
                                    0x01007ab9
                                    0x00000000
                                    0x00000000
                                    0x01007abf
                                    0x01007ac1
                                    0x00000000
                                    0x00000000
                                    0x01007ac3
                                    0x01007ac6
                                    0x00000000
                                    0x00000000
                                    0x01007ac8
                                    0x01007acc
                                    0x01007ad0
                                    0x01007ad2
                                    0x00000000
                                    0x00000000
                                    0x01007adb
                                    0x00000000
                                    0x01007adb
                                    0x010079d6
                                    0x010079d9
                                    0x010079dc
                                    0x01007a91
                                    0x01007a94
                                    0x00000000
                                    0x01007a94
                                    0x010079e2
                                    0x00000000
                                    0x010079e2
                                    0x01007a74
                                    0x01007a7a
                                    0x00000000
                                    0x00000000
                                    0x01007a8a
                                    0x01007a21
                                    0x01007a21
                                    0x00000000
                                    0x01007a21
                                    0x00f9c650
                                    0x00f9c651
                                    0x00f9c656
                                    0x00f9c65c
                                    0x00f9c65d
                                    0x00f9c663
                                    0x00f9c664
                                    0x00f9c66a
                                    0x00f9c66e
                                    0x010079c5
                                    0x010079c7
                                    0x00000000
                                    0x010079c7
                                    0x00f9c67a
                                    0x00000000
                                    0x00000000
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3f3b82238875785147c299c559b3ffdf0960b5e93e2408e37cef9cbfa31964bb
                                    • Instruction ID: bcba9db9577cc00427a6e721af547625f470ef2f4c8121e7ddd137c339a757d2
                                    • Opcode Fuzzy Hash: 3f3b82238875785147c299c559b3ffdf0960b5e93e2408e37cef9cbfa31964bb
                                    • Instruction Fuzzy Hash: EE81B2756046018BEB67CE58C881B6E77E9FB84350F14486AFEC58B281D338FD41CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC138B Relevance: .2, Instructions: 206COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 85%
                                    			E00FC138B(signed int __ecx, signed int* __edx, intOrPtr _a4, signed int _a12, signed int _a16, char _a20, intOrPtr _a24) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				signed int _t97;
				signed int _t102;
				void* _t105;
				char* _t112;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				signed int* _t122;
				signed int _t124;
				signed int _t130;
				signed int _t136;
				char _t150;
				intOrPtr _t153;
				signed int _t161;
				signed int _t163;
				signed int _t170;
				signed int _t175;
				signed int _t176;
				signed int _t182;
				signed int* _t183;
				signed int* _t184;

				_t182 = __ecx;
				_t153 = _a24;
				_t183 = __edx;
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x68));
				_t97 = _t153 - _a16;
				if(_t97 > 0xfffff000) {
					L19:
					return 0;
				}
				asm("cdq");
				_t150 = _a20;
				_v16 = _t97 / 0x1000;
				_t102 = _a4 + 0x00000007 & 0xfffffff8;
				_t170 = _t102 + __edx;
				_v20 = _t102 >> 0x00000003 & 0x0000ffff;
				_t105 = _t170 + 0x28;
				_v12 = _t170;
				if(_t105 >= _t150) {
					if(_t105 >= _t153) {
						goto L19;
					}
					_v8 = _t170 - _t150 + 8;
					_push(E00FC0678(__ecx, 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push( &_a20);
					_push(0xffffffff);
					if(E00FD9660() < 0) {
						 *((intOrPtr*)(_t182 + 0x214)) =  *((intOrPtr*)(_t182 + 0x214)) + 1;
						goto L19;
					}
					if(E00FB7D50() == 0) {
						_t112 = 0x7ffe0380;
					} else {
						_t112 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t112 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0105138A(_t150, _t182, _a20, _v8, 3);
					}
					_t150 = _a20 + _v8;
					_t153 = _a24;
					_a20 = _t150;
				}
				_t183[0] = 1;
				_t113 = _t153 - _t150;
				_t183[1] = 1;
				asm("cdq");
				_t175 = _t113 % 0x1000;
				_v28 = _t113 / 0x1000;
				 *_t183 = _v20;
				_t183[1] =  *(_t182 + 0x54);
				if((_v24 & 0x00001000) != 0) {
					_t117 = E00FC16C7(1, _t175);
					_t150 = _a20;
					_t183[0xd] = _t117;
				}
				_t183[0xb] = _t183[0xb] & 0x00000000;
				_t176 = _v12;
				_t183[3] = _a12;
				_t119 = _a16;
				_t183[7] = _t119;
				_t161 = _v16 << 0xc;
				_t183[6] = _t182;
				_t183[0xa] = _t119 + _t161;
				_t183[8] = _v16;
				_t122 =  &(_t183[0xe]);
				_t183[2] = 0xffeeffee;
				_t183[9] = _t176;
				 *((intOrPtr*)(_t182 + 0x1e8)) =  *((intOrPtr*)(_t182 + 0x1e8)) + _t161;
				 *((intOrPtr*)(_t182 + 0x1e4)) =  *((intOrPtr*)(_t182 + 0x1e4)) + _t161;
				_t122[1] = _t122;
				 *_t122 = _t122;
				if(_t183[6] != _t183) {
					_t124 = 1;
				} else {
					_t124 = 0;
				}
				_t183[1] = _t124;
				 *(_t176 + 4) =  *_t183 ^  *(_t182 + 0x54);
				if(_t183[6] != _t183) {
					_t130 = (_t176 - _t183 >> 0x10) + 1;
					_v24 = _t130;
					if(_t130 >= 0xfe) {
						_push(_t161);
						_push(0);
						E0105A80D(_t183[6], 3, _t176, _t183);
						_t150 = _a20;
						_t176 = _v12;
						_t130 = _v24;
					}
				} else {
					_t130 = 0;
				}
				 *(_t176 + 6) = _t130;
				E00FBB73D(_t182, _t183, _t150 - 0x18, _v28 << 0xc, _t176,  &_v8);
				if( *((intOrPtr*)(_t182 + 0x4c)) != 0) {
					_t183[0] = _t183[0] ^  *_t183 ^ _t183[0];
					 *_t183 =  *_t183 ^  *(_t182 + 0x50);
				}
				if(_v8 != 0) {
					E00FBA830(_t182, _v12, _v8);
				}
				_t136 = _t182 + 0xa4;
				_t184 =  &(_t183[4]);
				_t163 =  *(_t136 + 4);
				if( *_t163 != _t136) {
					_push(_t163);
					_push( *_t163);
					E0105A80D(0, 0xd, _t136, 0);
				} else {
					 *_t184 = _t136;
					_t184[1] = _t163;
					 *_t163 = _t184;
					 *(_t136 + 4) = _t184;
				}
				 *((intOrPtr*)(_t182 + 0x1f4)) =  *((intOrPtr*)(_t182 + 0x1f4)) + 1;
				return 1;
			}































                                    0x00fc139f
                                    0x00fc13a1
                                    0x00fc13a4
                                    0x00fc13a6
                                    0x00fc13ab
                                    0x00fc13b3
                                    0x01005522
                                    0x00000000
                                    0x01005522
                                    0x00fc13b9
                                    0x00fc13c1
                                    0x00fc13c4
                                    0x00fc13cd
                                    0x00fc13d0
                                    0x00fc13d9
                                    0x00fc13dc
                                    0x00fc13df
                                    0x00fc13e4
                                    0x0100552b
                                    0x00000000
                                    0x00000000
                                    0x01005534
                                    0x0100553f
                                    0x01005545
                                    0x01005549
                                    0x0100554a
                                    0x0100554f
                                    0x01005550
                                    0x01005559
                                    0x0100551c
                                    0x00000000
                                    0x0100551c
                                    0x01005562
                                    0x01005574
                                    0x01005564
                                    0x0100556d
                                    0x0100556d
                                    0x0100557c
                                    0x01005597
                                    0x01005597
                                    0x0100559f
                                    0x010055a2
                                    0x010055a5
                                    0x010055a5
                                    0x00fc13ec
                                    0x00fc13f2
                                    0x00fc13f4
                                    0x00fc13f8
                                    0x00fc13fe
                                    0x00fc1400
                                    0x00fc1406
                                    0x00fc1412
                                    0x00fc1419
                                    0x010055b0
                                    0x010055b5
                                    0x010055b8
                                    0x010055b8
                                    0x00fc1425
                                    0x00fc1429
                                    0x00fc142c
                                    0x00fc142f
                                    0x00fc1432
                                    0x00fc1435
                                    0x00fc143a
                                    0x00fc143d
                                    0x00fc1443
                                    0x00fc1446
                                    0x00fc1449
                                    0x00fc1450
                                    0x00fc1453
                                    0x00fc1459
                                    0x00fc145f
                                    0x00fc1462
                                    0x00fc1467
                                    0x00fc14fa
                                    0x00fc146d
                                    0x00fc146d
                                    0x00fc146d
                                    0x00fc146f
                                    0x00fc1479
                                    0x00fc1480
                                    0x00fc1507
                                    0x00fc1508
                                    0x00fc1510
                                    0x010055c1
                                    0x010055c2
                                    0x010055cc
                                    0x010055d1
                                    0x010055d4
                                    0x010055d7
                                    0x010055d7
                                    0x00fc1482
                                    0x00fc1482
                                    0x00fc1482
                                    0x00fc1484
                                    0x00fc149b
                                    0x00fc14a4
                                    0x00fc14ae
                                    0x00fc14b4
                                    0x00fc14b4
                                    0x00fc14ba
                                    0x00fc14c4
                                    0x00fc14c4
                                    0x00fc14c9
                                    0x00fc14cf
                                    0x00fc14d2
                                    0x00fc14d7
                                    0x010055df
                                    0x010055e0
                                    0x010055ea
                                    0x00fc14dd
                                    0x00fc14dd
                                    0x00fc14df
                                    0x00fc14e2
                                    0x00fc14e4
                                    0x00fc14e4
                                    0x00fc14e7
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                    • Instruction ID: fb21c086a178c92290bb2754b953623e152b9f349b28f2a7f569cc4e390281de
                                    • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                    • Instruction Fuzzy Hash: 3C819B75A006469FDB25CF68C941BAABBF5FF49300F10856EE986C7682D330E951DBA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0102B8D0 Relevance: .2, Instructions: 199COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 39%
                                    			E0102B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1087b9c; // 0x0
				_t124 = L00FB4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E00FD9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E00FD95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E00FD95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L00FB77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E00FD9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E00FD95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1087b9c; // 0x0
									_t92 = L00FB4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E00FD9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E00F9A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0102E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0102E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E00FD95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                    0x0102b8d9
                                    0x0102b8e4
                                    0x00000000
                                    0x0102b8e6
                                    0x0102b8f3
                                    0x0102b8f5
                                    0x0102b8f5
                                    0x0102b8f8
                                    0x0102b920
                                    0x0102b924
                                    0x0102b936
                                    0x0102b939
                                    0x0102b93d
                                    0x0102b948
                                    0x0102b9a0
                                    0x0102b9a0
                                    0x0102b9a4
                                    0x0102b9bf
                                    0x0102b9c4
                                    0x0102b9c6
                                    0x0102b9cd
                                    0x0102b9d1
                                    0x0102bad4
                                    0x0102bad8
                                    0x0102bada
                                    0x0102badc
                                    0x0102badc
                                    0x0102badf
                                    0x0102bae0
                                    0x0102bae2
                                    0x0102bae4
                                    0x0102baec
                                    0x0102baee
                                    0x0102baf0
                                    0x0102baf0
                                    0x0102baec
                                    0x0102bafb
                                    0x0102bafc
                                    0x0102bafe
                                    0x0102bb01
                                    0x0102bb01
                                    0x00000000
                                    0x0102bb06
                                    0x0102b9d7
                                    0x0102b9db
                                    0x0102b9db
                                    0x0102b9de
                                    0x0102b9de
                                    0x0102b9e4
                                    0x0102b9e7
                                    0x0102b9ea
                                    0x0102b9ec
                                    0x0102b9ef
                                    0x0102b9f3
                                    0x0102ba1b
                                    0x0102ba1b
                                    0x0102ba23
                                    0x0102ba24
                                    0x0102ba27
                                    0x0102ba2a
                                    0x0102ba2b
                                    0x0102ba2e
                                    0x0102ba30
                                    0x0102ba37
                                    0x0102ba3f
                                    0x0102ba9c
                                    0x0102baa2
                                    0x0102bb13
                                    0x0102bb15
                                    0x0102baae
                                    0x0102baae
                                    0x0102bab3
                                    0x0102bab5
                                    0x0102baba
                                    0x0102bac8
                                    0x0102bac8
                                    0x0102baba
                                    0x0102bacd
                                    0x0102bacf
                                    0x00000000
                                    0x0102bacf
                                    0x0102bb1a
                                    0x00000000
                                    0x0102bb1c
                                    0x0102baa7
                                    0x0102bb11
                                    0x00000000
                                    0x0102bb11
                                    0x0102baa9
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0102ba41
                                    0x0102ba41
                                    0x0102ba41
                                    0x0102ba58
                                    0x0102ba5d
                                    0x0102ba62
                                    0x00000000
                                    0x00000000
                                    0x0102ba64
                                    0x0102ba67
                                    0x0102ba68
                                    0x0102ba69
                                    0x0102ba6c
                                    0x0102ba6f
                                    0x0102ba71
                                    0x0102ba78
                                    0x0102ba80
                                    0x00000000
                                    0x00000000
                                    0x0102ba90
                                    0x0102ba90
                                    0x0102ba97
                                    0x00000000
                                    0x0102ba97
                                    0x0102b9f5
                                    0x0102b9f7
                                    0x0102b9f7
                                    0x0102b9fa
                                    0x0102ba03
                                    0x0102ba07
                                    0x0102ba0c
                                    0x0102ba10
                                    0x0102ba17
                                    0x00000000
                                    0x0102b9f7
                                    0x0102b9a6
                                    0x0102b9a8
                                    0x0102b9af
                                    0x0102b9b3
                                    0x00000000
                                    0x00000000
                                    0x0102b9b9
                                    0x00000000
                                    0x0102b9b9
                                    0x0102b94d
                                    0x0102b98f
                                    0x0102b995
                                    0x0102b999
                                    0x0102b960
                                    0x0102b967
                                    0x0102b968
                                    0x0102b96a
                                    0x00000000
                                    0x0102b96a
                                    0x0102b99b
                                    0x0102b99e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0102b99e
                                    0x0102b951
                                    0x0102b954
                                    0x0102b95a
                                    0x0102b95e
                                    0x0102b972
                                    0x0102b979
                                    0x0102b97d
                                    0x0102b97f
                                    0x0102b980
                                    0x0102b982
                                    0x0102b984
                                    0x00000000
                                    0x0102b984
                                    0x00000000
                                    0x0102b926
                                    0x00000000
                                    0x0102b926

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ba6e19505e830a9bd2886803e5cb6a724532309a239b9914c5098555cf5256bb
                                    • Instruction ID: b12952f350fe9b8346e9baf452075328700955b97259997ba5284cdb2814a392
                                    • Opcode Fuzzy Hash: ba6e19505e830a9bd2886803e5cb6a724532309a239b9914c5098555cf5256bb
                                    • Instruction Fuzzy Hash: CC712232200711AFE732DF19CC41F6ABBF6EF40720F244968E6958B6A1DBB5E940DB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01016DC9 Relevance: .2, Instructions: 199COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 79%
                                    			E01016DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L00FB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E01016B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E00FB7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E00FD9AE0();
					_t87 = L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0101795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0101795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0101795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0101795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L00FB4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E01016B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E01016B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E01016B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E01016B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E00FB7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E00FD9AE0();
								L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L00FB2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L00FB2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L00FB2400( &_v52);
							}
							if(_v28 >= 0) {
								return L00FB2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                    0x01016dd4
                                    0x01016dde
                                    0x01016de1
                                    0x01016de3
                                    0x01016de6
                                    0x01016de9
                                    0x01016dec
                                    0x01016def
                                    0x01016df2
                                    0x01016df5
                                    0x01016dfe
                                    0x01016e04
                                    0x01016e09
                                    0x01016e0d
                                    0x01016e18
                                    0x01016e1b
                                    0x01016e22
                                    0x01016e2d
                                    0x01016e30
                                    0x01016e36
                                    0x01016e42
                                    0x01016e4d
                                    0x01016e50
                                    0x01016e55
                                    0x01016e5c
                                    0x01016e6e
                                    0x01016e5e
                                    0x01016e67
                                    0x01016e67
                                    0x01016e73
                                    0x01016e74
                                    0x01016e77
                                    0x01016e7c
                                    0x01016e7d
                                    0x01016e8e
                                    0x01016e93
                                    0x01016e9c
                                    0x01016ea8
                                    0x01016eab
                                    0x01016eac
                                    0x01016eb3
                                    0x01016ecd
                                    0x01016edc
                                    0x01016ee2
                                    0x01016ee5
                                    0x01016ef2
                                    0x01016efb
                                    0x01016f01
                                    0x01016f06
                                    0x01016f0b
                                    0x01016f11
                                    0x01016f1a
                                    0x01016f22
                                    0x01016f26
                                    0x01016f26
                                    0x01016f33
                                    0x01016f41
                                    0x01016f44
                                    0x01016f47
                                    0x01016f54
                                    0x01016f65
                                    0x01016f77
                                    0x01016f7c
                                    0x01016f82
                                    0x01016f91
                                    0x01016f99
                                    0x01016fa3
                                    0x01016fae
                                    0x01016fae
                                    0x01016fba
                                    0x01016fbb
                                    0x01016fbc
                                    0x01016fc1
                                    0x01016fc2
                                    0x01016fd3
                                    0x01016fd8
                                    0x01016fd8
                                    0x01016fdf
                                    0x01016fe8
                                    0x01016fee
                                    0x01016fee
                                    0x01016ff5
                                    0x01016ffb
                                    0x01016ffb
                                    0x01017004
                                    0x00000000
                                    0x0101700a
                                    0x01017004
                                    0x01016eb3
                                    0x01016e9c
                                    0x01017015

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                    • Instruction ID: 4f73c02652c46f2278dc0cbdecb58902228e4ab334fdd176ebbe38ea4488c1da
                                    • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                    • Instruction Fuzzy Hash: 2B718B71E00219EFCB11EFA9C984AEEBBF9FF48700F104069E545E7251DB38AA41CB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F952A5 Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 80%
                                    			E00F952A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E00FAEEF0(0x10879a0);
					_t104 =  *0x1088210; // 0xb32be0
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					_t2 = _t104 + 8; // 0x2e000000
					 *((intOrPtr*)(_t108 + 0x18)) =  *_t2;
					E00FAEB70(_t93, 0x10879a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_t10 = _t104 + 4; // 0x0
							_push( *_t10);
							_t53 = E00FD9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E00FAEEF0(0x10879a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E00FAEB70(0, 0x10879a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t11 = _t104 + 0xe; // 0xb32bf802
								_t13 = _t104 + 0xc; // 0xb32bed
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E00FCF0BF(_t13,  *_t11 & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E00FAEEF0(0x10879a0);
									__eflags =  *0x1088210 - _t104; // 0xb32be0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1088210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t37 = _t104 + 0x10; // 0x2000b32b
											_t95 =  *((intOrPtr*)( *_t37));
											E01014888(_t89,  *((intOrPtr*)( *_t37)), __eflags);
										}
										E00FAEB70(_t95, 0x10879a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_t38 = _t104 + 4; // 0x0
											_push( *_t38);
											E00FD95D0();
											L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_t41 = _t104 + 4; // 0x0
											_push( *_t41);
											E00FD95D0();
											L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E00FAEB70(_t93, 0x10879a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_t25 = _t104 + 4; // 0x0
										_push( *_t25);
										E00FD95D0();
										L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E00FD95D0();
										L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t15 = _t104 + 0x10; // 0x2000b32b
								_t93 =  &_v20;
								_t17 = _t104 + 0xe; // 0xb32bf802
								 *((intOrPtr*)(_t108 + 0x20)) =  *_t15;
								_t85 = 6;
								_v20 = _t85;
								_t87 = E00FCF0BF( &_v20,  *_t17 & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                    0x00f952a5
                                    0x00f952ad
                                    0x00f952b0
                                    0x00f952b3
                                    0x00f952b7
                                    0x00f952ba
                                    0x00f952bf
                                    0x00f952c4
                                    0x00f952cc
                                    0x00000000
                                    0x00000000
                                    0x00f952ce
                                    0x00f952d1
                                    0x00f952d9
                                    0x00f952dd
                                    0x00f952e7
                                    0x00f952f7
                                    0x00f952f9
                                    0x00f952fd
                                    0x00ff0dcf
                                    0x00ff0dd5
                                    0x00ff0dd6
                                    0x00ff0dd7
                                    0x00ff0dd8
                                    0x00ff0dd9
                                    0x00ff0dde
                                    0x00ff0ddf
                                    0x00ff0de0
                                    0x00ff0de1
                                    0x00ff0de2
                                    0x00ff0de2
                                    0x00ff0de5
                                    0x00ff0dea
                                    0x00ff0dec
                                    0x00ff0f60
                                    0x00ff0f64
                                    0x00ff0f70
                                    0x00ff0f76
                                    0x00ff0f79
                                    0x00ff0f79
                                    0x00000000
                                    0x00ff0f64
                                    0x00ff0df2
                                    0x00ff0df7
                                    0x00ff0e04
                                    0x00ff0e04
                                    0x00ff0e0d
                                    0x00ff0e0d
                                    0x00ff0e10
                                    0x00ff0e1a
                                    0x00ff0e1c
                                    0x00ff0e4c
                                    0x00ff0e52
                                    0x00ff0e61
                                    0x00ff0e67
                                    0x00ff0e6b
                                    0x00ff0e70
                                    0x00ff0e76
                                    0x00ff0ed7
                                    0x00ff0edc
                                    0x00ff0ee0
                                    0x00ff0ee6
                                    0x00ff0eea
                                    0x00ff0eed
                                    0x00ff0ef0
                                    0x00ff0ef3
                                    0x00ff0ef6
                                    0x00ff0ef9
                                    0x00ff0efb
                                    0x00ff0efe
                                    0x00ff0f01
                                    0x00ff0f01
                                    0x00ff0f0b
                                    0x00ff0f12
                                    0x00ff0f16
                                    0x00ff0f18
                                    0x00ff0f18
                                    0x00ff0f1b
                                    0x00ff0f2c
                                    0x00ff0f31
                                    0x00ff0f31
                                    0x00ff0f35
                                    0x00ff0f39
                                    0x00ff0f3a
                                    0x00ff0f3c
                                    0x00ff0f3c
                                    0x00ff0f3f
                                    0x00ff0f50
                                    0x00ff0f55
                                    0x00ff0f55
                                    0x00ff0f59
                                    0x00f952eb
                                    0x00f952f1
                                    0x00f952f1
                                    0x00ff0e7d
                                    0x00ff0e84
                                    0x00ff0e88
                                    0x00ff0e8a
                                    0x00ff0e8a
                                    0x00ff0e8d
                                    0x00ff0e9e
                                    0x00ff0ea3
                                    0x00ff0ea3
                                    0x00ff0ea7
                                    0x00ff0eaf
                                    0x00ff0eb3
                                    0x00ff0eb9
                                    0x00ff0eb9
                                    0x00ff0ebc
                                    0x00ff0ecd
                                    0x00ff0ecd
                                    0x00000000
                                    0x00ff0eb3
                                    0x00ff0e1e
                                    0x00ff0e21
                                    0x00ff0e25
                                    0x00ff0e2b
                                    0x00ff0e2f
                                    0x00ff0e30
                                    0x00ff0e3a
                                    0x00ff0e3f
                                    0x00ff0e41
                                    0x00000000
                                    0x00000000
                                    0x00ff0e47
                                    0x00000000
                                    0x00ff0e47
                                    0x00ff0df9
                                    0x00ff0dfe
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00ff0dfe
                                    0x00f95303
                                    0x00f95307
                                    0x00000000
                                    0x00f95309
                                    0x00000000
                                    0x00f95309
                                    0x00f95307
                                    0x00f952e9
                                    0x00f952e9
                                    0x00000000
                                    0x00f952e9
                                    0x00f9530e
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 74770afe53cce17a7985eabfa3c2b78f29d3db23bff0af69dab32b146fcb725f
                                    • Instruction ID: fa10820616f9703028ba3f0b7a4824a74f7ba09f5984c1831faf09b350741a43
                                    • Opcode Fuzzy Hash: 74770afe53cce17a7985eabfa3c2b78f29d3db23bff0af69dab32b146fcb725f
                                    • Instruction Fuzzy Hash: 4051AF711097419BD722AF64CC45B2AB7E4FF50B20F14091EF4D587662EB74E804EB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC2AE4 Relevance: .2, Instructions: 159COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FC2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1088204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1088208; // 0x1088207
				_t8 = _t57 + 0x1088208; // 0x1088207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1088450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x108821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1086d5c; // 0x7f4e0654
							_t72 =  *0x1086d5c; // 0x7f4e0654
							_t75 =  *0x1086d5c; // 0x7f4e0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1086d5c; // 0x7f4e0654
							_t84 =  *0x1086d5c; // 0x7f4e0654
							_t87 =  *0x1086d5c; // 0x7f4e0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E00FDF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                    0x00fc2ae4
                                    0x00fc2aec
                                    0x00fc2aef
                                    0x00fc2af4
                                    0x00fc2af7
                                    0x00fc2afd
                                    0x00fc2b92
                                    0x00fc2b92
                                    0x00fc2b97
                                    0x00fc2b9c
                                    0x00fc2b9c
                                    0x00fc2b03
                                    0x00fc2b06
                                    0x00fc2b09
                                    0x00fc2b09
                                    0x00fc2b0f
                                    0x00fc2b15
                                    0x00fc2b15
                                    0x00fc2b1b
                                    0x00fc2b1e
                                    0x00fc2b21
                                    0x00fc2b26
                                    0x00fc2b29
                                    0x00fc2b81
                                    0x00fc2b84
                                    0x00fc2c0e
                                    0x00fc2c15
                                    0x00fc2c24
                                    0x00fc2c24
                                    0x00fc2b8a
                                    0x00fc2b8a
                                    0x00fc2b8a
                                    0x00fc2b8a
                                    0x00fc2b90
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fc2b4a
                                    0x00fc2b4a
                                    0x00fc2b4d
                                    0x00fc2b53
                                    0x00000000
                                    0x00000000
                                    0x00fc2b55
                                    0x00fc2b58
                                    0x00fc2bb7
                                    0x01005d1b
                                    0x01005d37
                                    0x01005d47
                                    0x01005d53
                                    0x00fc2bbd
                                    0x00fc2bbd
                                    0x00fc2bbd
                                    0x00fc2bb7
                                    0x00fc2b5d
                                    0x00fc2c2f
                                    0x01005d5b
                                    0x01005d77
                                    0x01005d87
                                    0x01005d93
                                    0x00fc2c35
                                    0x00fc2c35
                                    0x00fc2c35
                                    0x00fc2c2f
                                    0x00fc2b65
                                    0x00fc2b9f
                                    0x00fc2ba2
                                    0x00fc2b67
                                    0x00fc2b67
                                    0x00fc2b69
                                    0x00fc2b6b
                                    0x00fc2b6e
                                    0x00fc2bc9
                                    0x00fc2bcc
                                    0x00fc2bcf
                                    0x00fc2bd4
                                    0x00fc2bd6
                                    0x00fc2bd6
                                    0x00fc2bdb
                                    0x00fc2c02
                                    0x00fc2c05
                                    0x00fc2c07
                                    0x00000000
                                    0x00fc2c07
                                    0x00fc2be0
                                    0x00fc2c00
                                    0x00fc2c3f
                                    0x00fc2c3f
                                    0x00000000
                                    0x00fc2c00
                                    0x00fc2be5
                                    0x00fc2be7
                                    0x00fc2bec
                                    0x00fc2bf4
                                    0x00fc2bf6
                                    0x00000000
                                    0x00fc2bf6
                                    0x00fc2b70
                                    0x00fc2b76
                                    0x00fc2b2b
                                    0x00fc2b2b
                                    0x00fc2b2d
                                    0x00fc2b2f
                                    0x00fc2b32
                                    0x00fc2b35
                                    0x00fc2b3a
                                    0x00000000
                                    0x00fc2b40
                                    0x00fc2b43
                                    0x00fc2b45
                                    0x00fc2b47
                                    0x00fc2b4a
                                    0x00fc2b4d
                                    0x00fc2b53
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fc2b53
                                    0x00fc2b78
                                    0x00fc2b78
                                    0x00fc2b7b
                                    0x00fc2b7e
                                    0x00000000
                                    0x00fc2b7e
                                    0x00fc2b76
                                    0x00fc2ba5
                                    0x00fc2ba5
                                    0x00fc2ba8
                                    0x00fc2bad
                                    0x00000000
                                    0x00000000
                                    0x00fc2baf
                                    0x00fc2baf
                                    0x00fc2bc2
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 534322ce7f3306785405ddbdc2e60e8ac8e9a80ad828972f31e780bc4dfe4b1d
                                    • Instruction ID: 07bcc4db23ea40430fb3ef3a4c761fe938278862a931510ff0572342ce7f2610
                                    • Opcode Fuzzy Hash: 534322ce7f3306785405ddbdc2e60e8ac8e9a80ad828972f31e780bc4dfe4b1d
                                    • Instruction Fuzzy Hash: F151BF76E001168FCB68DF1CC981ABDB7B1FBC8710716845EE886AB314D735AE41EB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC3C3E Relevance: .2, Instructions: 153COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 78%
                                    			E00FC3C3E(void* __ecx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v32;
				intOrPtr _v36;
				void* _v40;
				void* _v44;
				void* _v52;
				void* __ebx;
				signed char _t59;
				intOrPtr _t65;
				signed int _t67;
				void* _t75;
				signed char* _t78;
				intOrPtr _t79;
				signed int _t91;
				signed int _t104;
				void* _t127;
				signed int _t134;
				void* _t136;

				_t136 = (_t134 & 0xfffffff8) - 0x14;
				_t127 = __ecx;
				_v20 = 0;
				E00FC4E70(0x10886d0, 0xfc5330, 0, 0);
				if(E00FC3FCD( &_v24) < 0 ||  *((intOrPtr*)(_t136 + 0x1c)) > 0xa) {
					_t59 = _v20;
				} else {
					_t59 = 3;
					_v20 = _t59;
				}
				_v20 = E00FC3F33(_t127, _t59);
				_v28 = 0;
				_push(E00FC0678(_t127, 1));
				_push(0x2000);
				_push( &_v20);
				_push(0);
				_push( &_v28);
				_push(0xffffffff);
				if(E00FD9660() < 0) {
					L16:
					_t65 = 0;
					goto L13;
				} else {
					if((_v20 & 0x00000001) != 0) {
						_t67 = 1;
					} else {
						_t67 =  *0x1086240; // 0x4
					}
					_t104 = _t67 * 0x18;
					_t12 = _t104 + 0x7d0; // 0x7d1
					 *((intOrPtr*)(_t136 + 0x18)) = _t12;
					_push(E00FC0678(_t127, 1));
					_push(0x1000);
					_push(_t136 + 0x20);
					_push(0);
					_push( &_v24);
					_push(0xffffffff);
					if(E00FD9660() < 0) {
						 *((intOrPtr*)(_t136 + 0x18)) = 0;
						E00FC174B( &_v24, _t136 + 0x18, 0x8000);
						goto L16;
					} else {
						_t75 = E00FB7D50();
						_t132 = 0x7ffe0380;
						if(_t75 != 0) {
							_t78 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						} else {
							_t78 = 0x7ffe0380;
						}
						if( *_t78 != 0) {
							_t79 =  *[fs:0x30];
							__eflags =  *(_t79 + 0x240) & 0x00000001;
							if(( *(_t79 + 0x240) & 0x00000001) == 0) {
								goto L10;
							}
							__eflags = E00FB7D50();
							if(__eflags != 0) {
								_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							}
							E01051582(_t104, _t127, _v24, __eflags,  *((intOrPtr*)(_t136 + 0x20)),  *(_t127 + 0x74) << 3,  *_t132 & 0x000000ff);
							E0105138A(_t104, _t127, _v36, _v24, 9);
							goto L10;
						} else {
							L10:
							E00FC3EA8(_t127, _v24, _v20);
							 *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e4)) =  *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e4)) + _v20;
							 *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e8)) =  *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e8)) +  *((intOrPtr*)(_t136 + 0x18));
							 *((intOrPtr*)(_v28 + 0x18)) = _v20 + _v28;
							 *((intOrPtr*)(_v28 + 0x14)) =  *((intOrPtr*)(_t136 + 0x18)) + _v28;
							_t35 = _v28 + 0x7d0; // 0x7d0
							 *((intOrPtr*)(_v28 + 0x10)) = _t35 + _t104;
							_t91 =  *0x10884b4; // 0x0
							if((_t91 & 0x00000003) == 0) {
								 *0x10884b4 = _t91 | 0x00000001;
								E00FC1129();
							}
							 *(_v24 + 0x1b8) = _v20;
							_t65 = _v24;
							L13:
							return _t65;
						}
					}
				}
			}























                                    0x00fc3c46
                                    0x00fc3c4e
                                    0x00fc3c5c
                                    0x00fc3c60
                                    0x00fc3c70
                                    0x00fc3c7d
                                    0x010062a2
                                    0x010062a4
                                    0x010062a5
                                    0x010062a5
                                    0x00fc3c8b
                                    0x00fc3c90
                                    0x00fc3c99
                                    0x00fc3c9a
                                    0x00fc3ca3
                                    0x00fc3ca4
                                    0x00fc3ca9
                                    0x00fc3caa
                                    0x00fc3cb3
                                    0x010062c5
                                    0x010062c5
                                    0x00000000
                                    0x00fc3cb9
                                    0x00fc3cbe
                                    0x010062ce
                                    0x00fc3cc4
                                    0x00fc3cc4
                                    0x00fc3cc4
                                    0x00fc3cc9
                                    0x00fc3cd1
                                    0x00fc3cd7
                                    0x00fc3ce0
                                    0x00fc3ce1
                                    0x00fc3cea
                                    0x00fc3ceb
                                    0x00fc3cf0
                                    0x00fc3cf1
                                    0x00fc3cfa
                                    0x010062b7
                                    0x010062c0
                                    0x00000000
                                    0x00fc3d00
                                    0x00fc3d00
                                    0x00fc3d05
                                    0x00fc3d0c
                                    0x010062dd
                                    0x00fc3d12
                                    0x00fc3d12
                                    0x00fc3d12
                                    0x00fc3d17
                                    0x010062e7
                                    0x010062ed
                                    0x010062f4
                                    0x00000000
                                    0x00000000
                                    0x010062ff
                                    0x01006301
                                    0x0100630c
                                    0x0100630c
                                    0x0100630c
                                    0x01006327
                                    0x01006338
                                    0x00000000
                                    0x00fc3d1d
                                    0x00fc3d1d
                                    0x00fc3d27
                                    0x00fc3d37
                                    0x00fc3d48
                                    0x00fc3d58
                                    0x00fc3d65
                                    0x00fc3d6c
                                    0x00fc3d74
                                    0x00fc3d77
                                    0x00fc3d7e
                                    0x00fc3d83
                                    0x00fc3d88
                                    0x00fc3d88
                                    0x00fc3d95
                                    0x00fc3d9b
                                    0x00fc3d9f
                                    0x00fc3da5
                                    0x00fc3da5
                                    0x00fc3d17
                                    0x00fc3cfa

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 63c5cda775c480d37cc3a83b33c2a67aa946e118417af7d59f9029c854b2df2e
                                    • Instruction ID: 73ac602de74b7b587d4207baa73ec000c7d3631f68bcaae9267eb0aa088c60bb
                                    • Opcode Fuzzy Hash: 63c5cda775c480d37cc3a83b33c2a67aa946e118417af7d59f9029c854b2df2e
                                    • Instruction Fuzzy Hash: C8519E716083429FD700DF28C941F6AB7E9EF84364F14896EB899C7282D735DA05DB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0105AE44 Relevance: .2, Instructions: 152COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 86%
                                    			E0105AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0105C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0105ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0105FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0105EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E00FB7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E01051608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E01061536(0x1088ae4, (_t74 -  *0x1088b04 >> 0x14) + (_t74 -  *0x1088b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0105C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0105A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0103CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0105ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                    0x0105ae44
                                    0x0105ae4c
                                    0x0105ae53
                                    0x0105ae55
                                    0x0105ae5c
                                    0x0105ae64
                                    0x0105ae68
                                    0x0105ae75
                                    0x0105ae75
                                    0x0105ae78
                                    0x0105ae7a
                                    0x0105ae7c
                                    0x0105ae7f
                                    0x0105aea8
                                    0x0105aeab
                                    0x0105aead
                                    0x00000000
                                    0x00000000
                                    0x0105aeb3
                                    0x0105aeb8
                                    0x0105aebb
                                    0x0105aebd
                                    0x00000000
                                    0x0105ae81
                                    0x0105ae88
                                    0x0105ae8f
                                    0x0105ae9b
                                    0x0105ae96
                                    0x0105ae96
                                    0x0105ae96
                                    0x0105aea0
                                    0x0105aea3
                                    0x0105aebf
                                    0x0105aebf
                                    0x0105aec3
                                    0x0105aec9
                                    0x0105af0d
                                    0x0105af14
                                    0x0105af3d
                                    0x0105af3d
                                    0x0105af41
                                    0x0105af44
                                    0x0105af67
                                    0x0105af67
                                    0x0105af6a
                                    0x0105afca
                                    0x0105afd1
                                    0x00000000
                                    0x0105afd1
                                    0x0105af6c
                                    0x0105af6d
                                    0x0105af75
                                    0x0105af7c
                                    0x0105af7e
                                    0x0105af80
                                    0x0105af85
                                    0x0105af87
                                    0x0105af99
                                    0x0105af89
                                    0x0105af92
                                    0x0105af92
                                    0x0105af9e
                                    0x0105afa1
                                    0x0105afa3
                                    0x0105afa9
                                    0x0105afb0
                                    0x0105afb2
                                    0x0105afb4
                                    0x0105afbc
                                    0x0105afbc
                                    0x0105afb4
                                    0x0105afb0
                                    0x00000000
                                    0x0105afa1
                                    0x0105af4f
                                    0x0105af57
                                    0x0105af5c
                                    0x0105af5e
                                    0x00000000
                                    0x00000000
                                    0x0105af60
                                    0x0105af64
                                    0x0105af64
                                    0x00000000
                                    0x0105af64
                                    0x0105af1a
                                    0x0105af25
                                    0x00000000
                                    0x00000000
                                    0x0105af27
                                    0x0105af28
                                    0x0105af33
                                    0x00000000
                                    0x0105aed0
                                    0x0105aed0
                                    0x0105aed2
                                    0x0105aee1
                                    0x0105aee4
                                    0x00000000
                                    0x00000000
                                    0x0105aee6
                                    0x0105aeec
                                    0x00000000
                                    0x00000000
                                    0x0105aefb
                                    0x0105af07
                                    0x0105afd3
                                    0x0105afdb
                                    0x0105afdb
                                    0x00000000
                                    0x0105af07
                                    0x0105aed6
                                    0x0105aed8
                                    0x0105aedf
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0105aedf
                                    0x0105aec9

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fb58edf749fe7202c89b0b1c481424e2c7dc7cc62c9732c47509449a68ca24d4
                                    • Instruction ID: bcb9652e7d522785cfd4f686cac1a33ed0d909a20572b1cbdc116055c065b7a7
                                    • Opcode Fuzzy Hash: fb58edf749fe7202c89b0b1c481424e2c7dc7cc62c9732c47509449a68ca24d4
                                    • Instruction Fuzzy Hash: CF4112B0700201DBE7A69A69C894B7BBBDAEF84720F048359FDD6872C1DB34D801D7A0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FBDBE9 Relevance: .1, Instructions: 149COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 86%
                                    			E00FBDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E00F9CC50(E00F94510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E00FB7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E01068ED6(_t102, _t98);
						}
						_t76 = _v44;
						E00FB2280(_t58, _v44);
						E00FBDD82(_v44, _t102, _t98);
						E00FBB944(_t102, _v5);
						return E00FAFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1088628; // 0x0
							_v28 = _t67;
							_t68 =  *0x108862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1088628; // 0x0
						_t105 = _v28;
						_t80 =  *0x108862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x105fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                    0x00fbdbe9
                                    0x00fbdbf2
                                    0x00fbdbf7
                                    0x00fbdbf9
                                    0x00fbdbfc
                                    0x00fbdc00
                                    0x00fbdc03
                                    0x00fbdc14
                                    0x00fbdd54
                                    0x00fbdd54
                                    0x00fbdd54
                                    0x00fbdc18
                                    0x00fbdc1d
                                    0x00fbdc1d
                                    0x00fbdc32
                                    0x00fbdc3b
                                    0x00fbdc3e
                                    0x00fbdc46
                                    0x00fbdd5b
                                    0x00fbdd62
                                    0x00fbdd64
                                    0x00fbdd67
                                    0x00fbdd69
                                    0x00fbdd6b
                                    0x00fbdd6e
                                    0x00fbdd70
                                    0x00fbdd73
                                    0x00fbdd73
                                    0x00000000
                                    0x00fbdc4c
                                    0x00fbdc4e
                                    0x01003ae3
                                    0x01003ae8
                                    0x01003aea
                                    0x00fbdce7
                                    0x00fbdce9
                                    0x00fbdcec
                                    0x00fbdcee
                                    0x00fbdcf0
                                    0x00fbdcf3
                                    0x00fbdcf5
                                    0x01003af2
                                    0x01003af5
                                    0x01003af5
                                    0x00fbdd06
                                    0x00fbdd08
                                    0x00fbdd0b
                                    0x00fbdd12
                                    0x01003b08
                                    0x00fbdd18
                                    0x00fbdd18
                                    0x00fbdd18
                                    0x00fbdd20
                                    0x00fbdd23
                                    0x01003b16
                                    0x01003b16
                                    0x00fbdd29
                                    0x00fbdd2d
                                    0x00fbdd36
                                    0x00fbdd40
                                    0x00fbdd51
                                    0x00fbdd51
                                    0x00fbdc54
                                    0x00fbdc59
                                    0x00fbdc59
                                    0x00fbdc5e
                                    0x00fbdc5e
                                    0x00fbdc63
                                    0x00fbdc66
                                    0x00fbdc6b
                                    0x00fbdc78
                                    0x00fbdc7b
                                    0x00fbdc81
                                    0x00fbdc81
                                    0x00fbdc83
                                    0x00fbdc89
                                    0x00000000
                                    0x00000000
                                    0x00fbdd7b
                                    0x00fbdd7b
                                    0x00fbdc8f
                                    0x00fbdc8f
                                    0x00fbdc92
                                    0x00fbdc99
                                    0x00fbdc9f
                                    0x00fbdca5
                                    0x00fbdcaa
                                    0x00fbdcaa
                                    0x00fbdcb3
                                    0x00fbdcb8
                                    0x00fbdcbb
                                    0x00fbdcc1
                                    0x00fbdccf
                                    0x00fbdcd2
                                    0x00fbdcd5
                                    0x00fbdcd7
                                    0x00fbdcda
                                    0x00fbdcdc
                                    0x00fbdcdc
                                    0x00fbdce2
                                    0x00fbdce4
                                    0x00000000
                                    0x00fbdce4

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 08becdc3d76351312ba3e77b44d7d727e5804c96870019df12ffdec342294d5d
                                    • Instruction ID: 12b1863f3a4b08e49da7285fd3cb97063361266a38adfbfde6302741d21c7723
                                    • Opcode Fuzzy Hash: 08becdc3d76351312ba3e77b44d7d727e5804c96870019df12ffdec342294d5d
                                    • Instruction Fuzzy Hash: AA51ABB1E00209CFCB14CFA9C490AAEBBF5BB4C310F20815AD995AB340EB35AD44DF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FAEF40 Relevance: .1, Instructions: 147COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 96%
                                    			E00FAEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E00F99080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7746c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E00F92D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                    0x00faef4b
                                    0x00faef4d
                                    0x00faef57
                                    0x00faf0bd
                                    0x00faf0c2
                                    0x00faf0d2
                                    0x00faf0d2
                                    0x00faf0c2
                                    0x00faef5d
                                    0x00faef5f
                                    0x00faef67
                                    0x00faef6a
                                    0x00faef6d
                                    0x00faef74
                                    0x00faef7f
                                    0x00faef82
                                    0x00faef82
                                    0x00faef86
                                    0x00faef88
                                    0x00faef8c
                                    0x00faef8f
                                    0x00faef8f
                                    0x00faef8f
                                    0x00000000
                                    0x00faef91
                                    0x00faef93
                                    0x00faefc4
                                    0x00faefc4
                                    0x00faefc4
                                    0x00faefca
                                    0x00faefd0
                                    0x00faf0a6
                                    0x00000000
                                    0x00000000
                                    0x00faf0af
                                    0x00ffbb06
                                    0x00ffbb0a
                                    0x00faf0b5
                                    0x00faf0b5
                                    0x00faf0b5
                                    0x00faf0b5
                                    0x00000000
                                    0x00faefd6
                                    0x00faefd9
                                    0x00faf0de
                                    0x00faf0e2
                                    0x00faefdf
                                    0x00faefdf
                                    0x00faefdf
                                    0x00faefe5
                                    0x00ffbafc
                                    0x00ffbafc
                                    0x00faefe5
                                    0x00faefeb
                                    0x00faefed
                                    0x00faf00f
                                    0x00faf011
                                    0x00faf01a
                                    0x00faf01d
                                    0x00faf021
                                    0x00faf028
                                    0x00faf029
                                    0x00faf029
                                    0x00faf02c
                                    0x00000000
                                    0x00faf02c
                                    0x00faeff3
                                    0x00faeff9
                                    0x00faf0ea
                                    0x00faf0ed
                                    0x00faf0ef
                                    0x00000000
                                    0x00faf0ef
                                    0x00faf003
                                    0x00ffbb12
                                    0x00faf045
                                    0x00faf049
                                    0x00faf051
                                    0x00faf09e
                                    0x00faf0a0
                                    0x00faf0a0
                                    0x00faf09e
                                    0x00faf053
                                    0x00faf064
                                    0x00faf064
                                    0x00faf06b
                                    0x00ffbb1a
                                    0x00ffbb1a
                                    0x00faf071
                                    0x00faf071
                                    0x00faf07d
                                    0x00faf082
                                    0x00faf08f
                                    0x00faf08f
                                    0x00faf009
                                    0x00faf00d
                                    0x00000000
                                    0x00faf00d
                                    0x00faefd0
                                    0x00faef97
                                    0x00faefa5
                                    0x00faefaa
                                    0x00000000
                                    0x00faefac
                                    0x00faefac
                                    0x00faefac
                                    0x00000000
                                    0x00faefb2
                                    0x00faf036
                                    0x00faf03a
                                    0x00faf040
                                    0x00faf090
                                    0x00000000
                                    0x00faf092
                                    0x00faf042
                                    0x00000000
                                    0x00faf042
                                    0x00faefb7
                                    0x00faefb9
                                    0x00faefbc
                                    0x00faefb0
                                    0x00faefb0
                                    0x00000000
                                    0x00faefbe
                                    0x00faefbe
                                    0x00faefc1
                                    0x00000000
                                    0x00faefc1
                                    0x00faefbc
                                    0x00faefaa
                                    0x00faef91

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                    • Instruction ID: 524406321091fabcdc8739e472fd5ea2114efccc8255362ce0887acde0891da0
                                    • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                    • Instruction Fuzzy Hash: EB51E4B1E042499FDB24CBA8C0D07AEBBB1EF56324F24C1B8D5459B282C375AD89E751
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0106740D Relevance: .1, Instructions: 141COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 84%
                                    			E0106740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E00FED4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E00FDF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L00FB4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L00FB4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E00FDF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L00FB4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                    0x0106740d
                                    0x0106740d
                                    0x01067412
                                    0x01067413
                                    0x01067416
                                    0x01067418
                                    0x0106741c
                                    0x0106741f
                                    0x01067422
                                    0x01067422
                                    0x01067428
                                    0x0106742a
                                    0x0106742a
                                    0x01067451
                                    0x01067432
                                    0x0106744f
                                    0x0106744f
                                    0x00000000
                                    0x01067434
                                    0x01067438
                                    0x01067443
                                    0x01067517
                                    0x01067517
                                    0x0106751a
                                    0x01067535
                                    0x01067520
                                    0x01067527
                                    0x0106752c
                                    0x01067531
                                    0x01067533
                                    0x00000000
                                    0x01067533
                                    0x00000000
                                    0x01067531
                                    0x0106754b
                                    0x0106754f
                                    0x0106755c
                                    0x0106755c
                                    0x0106755f
                                    0x01067560
                                    0x01067561
                                    0x01067562
                                    0x01067563
                                    0x01067568
                                    0x0106756a
                                    0x0106756c
                                    0x0106756d
                                    0x0106756d
                                    0x0106756f
                                    0x01067572
                                    0x01067574
                                    0x01067577
                                    0x0106757c
                                    0x0106757f
                                    0x00000000
                                    0x01067551
                                    0x01067551
                                    0x01067551
                                    0x01067553
                                    0x01067553
                                    0x01067449
                                    0x01067449
                                    0x0106744c
                                    0x0106744c
                                    0x00000000
                                    0x0106744c
                                    0x01067443
                                    0x0106750e
                                    0x01067514
                                    0x01067514
                                    0x01067455
                                    0x01067469
                                    0x0106746d
                                    0x00000000
                                    0x01067473
                                    0x01067473
                                    0x01067476
                                    0x01067480
                                    0x01067484
                                    0x0106748e
                                    0x01067493
                                    0x01067493
                                    0x01067496
                                    0x01067499
                                    0x010674a1
                                    0x010674b1
                                    0x010674b5
                                    0x00000000
                                    0x010674bb
                                    0x010674c1
                                    0x010674c1
                                    0x010674c4
                                    0x010674c5
                                    0x010674c6
                                    0x010674c7
                                    0x010674c8
                                    0x010674cd
                                    0x00000000
                                    0x010674d3
                                    0x010674d3
                                    0x010674d6
                                    0x010674d8
                                    0x010674db
                                    0x010674dd
                                    0x010674e0
                                    0x010674e7
                                    0x010674ee
                                    0x010674ee
                                    0x010674f4
                                    0x010674f9
                                    0x00000000
                                    0x010674fb
                                    0x010674fb
                                    0x010674fd
                                    0x01067500
                                    0x01067503
                                    0x01067505
                                    0x01067505
                                    0x010674f9
                                    0x00000000
                                    0x010674cd
                                    0x010674b5
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                    • Instruction ID: a75f48a3cf83bf8ae651d70640053dc981aafa27ad50e078c738ecd0c090e9d9
                                    • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                    • Instruction Fuzzy Hash: 44517D71600646EFDB16CF18C981A96BBF9FF45308F1581EAE9089F212E7B1E945CF90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC2990 Relevance: .1, Instructions: 133COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 97%
                                    			E00FC2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x106ff00);
				E00FED08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0xf71664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E00FDE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0xf71668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E010151BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0xf7166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E00FC2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E00FA6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E00FC2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E00FAEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E00FC2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E00FC2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E00FC2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E00FED0D1(_t62);
				goto L28;
			}





















                                    0x00fc2990
                                    0x00fc2992
                                    0x00fc2997
                                    0x00fc29a3
                                    0x00fc29a6
                                    0x00fc29ab
                                    0x00fc29ad
                                    0x00fc29b2
                                    0x01005c80
                                    0x00fc29b8
                                    0x00fc29b8
                                    0x00fc29bb
                                    0x00fc29c0
                                    0x00fc29c5
                                    0x00fc29c6
                                    0x00fc29c6
                                    0x00fc29cb
                                    0x00000000
                                    0x00000000
                                    0x00fc29cd
                                    0x00fc29d0
                                    0x00fc29d9
                                    0x00fc29db
                                    0x00fc29dd
                                    0x00fc2a7f
                                    0x00fc2a84
                                    0x00fc2a87
                                    0x00fc2a89
                                    0x01005ca1
                                    0x01005ca3
                                    0x00000000
                                    0x00fc2a8f
                                    0x00fc2a8f
                                    0x00000000
                                    0x00fc2a8f
                                    0x00000000
                                    0x00fc29e3
                                    0x00fc29e3
                                    0x00fc29e3
                                    0x00000000
                                    0x00fc29e3
                                    0x00fc29dd
                                    0x00000000
                                    0x00fc29db
                                    0x00fc29e6
                                    0x00fc29e9
                                    0x00fc29eb
                                    0x00fc29ed
                                    0x00fc29f3
                                    0x00fc29f5
                                    0x00fc29f8
                                    0x00fc29fa
                                    0x00fc2a97
                                    0x00fc2a9a
                                    0x00fc2a9d
                                    0x00fc2add
                                    0x00000000
                                    0x00fc2a9f
                                    0x00fc2aa2
                                    0x00fc2aa5
                                    0x00fc2aa8
                                    0x00fc2aab
                                    0x01005cab
                                    0x01005caf
                                    0x01005cc5
                                    0x01005cda
                                    0x01005cdc
                                    0x01005cdf
                                    0x01005ce5
                                    0x00000000
                                    0x01005ceb
                                    0x01005ced
                                    0x01005cee
                                    0x00000000
                                    0x01005cee
                                    0x01005cb1
                                    0x01005cb4
                                    0x01005cb9
                                    0x01005cbb
                                    0x00000000
                                    0x01005cbd
                                    0x01005cbd
                                    0x00000000
                                    0x01005cbd
                                    0x01005cbb
                                    0x00fc2ab1
                                    0x00fc2ab1
                                    0x00fc2ac4
                                    0x00fc2ac6
                                    0x00fc2ac6
                                    0x00000000
                                    0x00fc2ac6
                                    0x00fc2aab
                                    0x00000000
                                    0x00fc2a00
                                    0x00fc2a09
                                    0x00fc2a0e
                                    0x00fc2a21
                                    0x00fc2a24
                                    0x00fc2a35
                                    0x00fc2a3a
                                    0x00fc2a3d
                                    0x00fc2a42
                                    0x00fc2a59
                                    0x00fc2a59
                                    0x00fc2a5c
                                    0x00fc2a5f
                                    0x00fc2a5f
                                    0x00fc29fa
                                    0x00fc29f3
                                    0x00fc2a64
                                    0x00fc2a64
                                    0x00fc2a6b
                                    0x00fc2a6b
                                    0x00fc2a6d
                                    0x00fc2a72
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 51c4ec862ab57387162cf31de6e5a93e727aebad5a35b562ec3df309869f39a2
                                    • Instruction ID: 01e1cb49d70f878fde9256b4516aac275e4ced91f29e046d908cd7e4156f909f
                                    • Opcode Fuzzy Hash: 51c4ec862ab57387162cf31de6e5a93e727aebad5a35b562ec3df309869f39a2
                                    • Instruction Fuzzy Hash: 1D51577190020A9FDF65DF59C982EDEBBB5FF08710F148059E804AB261C7799D52EFA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC4BAD Relevance: .1, Instructions: 131COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 85%
                                    			E00FC4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x108d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E00F9CC50(_t86);
					L11:
					return E00FDB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x1088504
				E00FB2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E00FDFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E00FDB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L00FB4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E00F9CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x1088504
								E00FAFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E00FC4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                    0x00fc4bad
                                    0x00fc4bbf
                                    0x00fc4bc2
                                    0x00fc4bc6
                                    0x00fc4bcd
                                    0x00fc4bd9
                                    0x010067fe
                                    0x01006800
                                    0x00fc4ccc
                                    0x00fc4ccd
                                    0x00fc4cb7
                                    0x00fc4cc9
                                    0x00fc4cc9
                                    0x00fc4bdf
                                    0x00fc4be5
                                    0x00000000
                                    0x00000000
                                    0x00fc4beb
                                    0x00fc4bef
                                    0x00000000
                                    0x00000000
                                    0x00fc4bf5
                                    0x00fc4bf9
                                    0x00fc4c06
                                    0x00fc4c0b
                                    0x00fc4c17
                                    0x00fc4c1c
                                    0x00fc4c1f
                                    0x00fc4c25
                                    0x00fc4c33
                                    0x00fc4c3d
                                    0x00fc4c40
                                    0x00fc4c43
                                    0x00fc4c47
                                    0x00fc4c4d
                                    0x00fc4c53
                                    0x00fc4c54
                                    0x00fc4c55
                                    0x00fc4c56
                                    0x00fc4c5b
                                    0x00fc4c5c
                                    0x00fc4c63
                                    0x00fc4c6b
                                    0x00000000
                                    0x00000000
                                    0x01006776
                                    0x01006784
                                    0x01006784
                                    0x0100679f
                                    0x010067a7
                                    0x010067af
                                    0x010067ce
                                    0x00000000
                                    0x010067b1
                                    0x010067b7
                                    0x010067b8
                                    0x010067c1
                                    0x010067d3
                                    0x010067d9
                                    0x010067dd
                                    0x00fc4c94
                                    0x00fc4c94
                                    0x00fc4c98
                                    0x00fc4c9c
                                    0x00fc4ca3
                                    0x010067f4
                                    0x010067f4
                                    0x00fc4cb5
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fc4cb5
                                    0x00fc4c79
                                    0x00fc4c7e
                                    0x00fc4c89
                                    0x00fc4c8b
                                    0x00fc4c8f
                                    0x00fc4c8f
                                    0x00000000
                                    0x00fc4c89
                                    0x010067c3
                                    0x00000000
                                    0x010067c3
                                    0x010067af
                                    0x00fc4c73
                                    0x00000000
                                    0x00000000
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 62f6972a34339455022317049fd6862f8bebdd34f4d8b02a8a22e85037ef66ae
                                    • Instruction ID: 7a52acac52bbf452aba091f7d873995fd96dcc7b6689b1468fa4a58c93aac0cd
                                    • Opcode Fuzzy Hash: 62f6972a34339455022317049fd6862f8bebdd34f4d8b02a8a22e85037ef66ae
                                    • Instruction Fuzzy Hash: 6C41C232A002289BDB21DF68CD41FEA77B5BF45710F0100A9E948AB251DB39EE84DF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC4D3B Relevance: .1, Instructions: 131COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 78%
                                    			E00FC4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x108d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E00FDFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1087bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E00FDB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L00FB4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E00F9CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E00FDB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E00FDF380(_t67 + 0xc, 0xf75138, 0x10) == 0) {
								 *0x10860d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E00FC4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E00FC4E70(0x10886b0, 0xfc5690, 0, 0) != 0) {
					_t46 = E00F9CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                    0x00fc4d3b
                                    0x00fc4d4d
                                    0x00fc4d53
                                    0x00fc4d58
                                    0x00fc4d65
                                    0x00fc4d6c
                                    0x00fc4d71
                                    0x00fc4d77
                                    0x00fc4d7f
                                    0x00fc4d8c
                                    0x00fc4d8e
                                    0x00fc4dad
                                    0x00fc4db0
                                    0x00fc4db7
                                    0x00fc4db8
                                    0x00fc4db9
                                    0x00fc4dba
                                    0x00fc4dbb
                                    0x00fc4dc1
                                    0x00fc4dc8
                                    0x00fc4dcc
                                    0x00fc4dd5
                                    0x00fc4dde
                                    0x00fc4ddf
                                    0x00fc4de0
                                    0x00fc4de1
                                    0x00fc4de6
                                    0x00fc4de7
                                    0x00fc4de9
                                    0x00fc4df3
                                    0x00000000
                                    0x00000000
                                    0x01006c7c
                                    0x01006c8a
                                    0x01006c8a
                                    0x01006c9d
                                    0x01006ca7
                                    0x01006cac
                                    0x01006cb2
                                    0x01006cb9
                                    0x00000000
                                    0x01006cbf
                                    0x01006cbf
                                    0x00000000
                                    0x01006cbf
                                    0x01006cb9
                                    0x00fc4dfb
                                    0x01006ccf
                                    0x01006cd3
                                    0x00fc4e32
                                    0x00fc4e39
                                    0x01006ce0
                                    0x01006cf2
                                    0x01006cf2
                                    0x01006ce0
                                    0x00fc4e3f
                                    0x00fc4e41
                                    0x00fc4e51
                                    0x00fc4e51
                                    0x00fc4e03
                                    0x00fc4e03
                                    0x00fc4e09
                                    0x00fc4e0f
                                    0x00fc4e57
                                    0x00000000
                                    0x00000000
                                    0x00fc4e1b
                                    0x00fc4e30
                                    0x00fc4e5b
                                    0x00fc4e5b
                                    0x00000000
                                    0x00fc4e30
                                    0x00fc4e11
                                    0x00fc4e11
                                    0x00fc4e16
                                    0x00000000
                                    0x00fc4e16
                                    0x00fc4e01
                                    0x00000000
                                    0x00fc4e01
                                    0x00fc4da5
                                    0x01006c6b
                                    0x00000000
                                    0x00fc4dab
                                    0x00fc4dab
                                    0x00000000
                                    0x00fc4dab

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3bce1578cd3a796bca71b04cd79fd83435452c26bc8d48b8851df0b506e29207
                                    • Instruction ID: a4d6a34e492beb34d25704bf5e475fd3f01d6878ebfc93b2fac2c393f0bc3ea0
                                    • Opcode Fuzzy Hash: 3bce1578cd3a796bca71b04cd79fd83435452c26bc8d48b8851df0b506e29207
                                    • Instruction Fuzzy Hash: 56411371A403189FEB22DF14CD92FAAB7AAEB44710F0500AEF9459B281D775ED40EB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FA8A0A Relevance: .1, Instructions: 120COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 94%
                                    			E00FA8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x108d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E00FDB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E00FAE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0xf71180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E00FC1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E00FD3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E00FA8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                    0x00fa8a0a
                                    0x00fa8a1c
                                    0x00fa8a23
                                    0x00fa8a2e
                                    0x00fa8a30
                                    0x00fa8a36
                                    0x00fa8a3c
                                    0x00fa8a3e
                                    0x00fa8a4a
                                    0x00fa8a52
                                    0x00fa8a9c
                                    0x00fa8aae
                                    0x00fa8a58
                                    0x00fa8a5e
                                    0x00fa8a6a
                                    0x00fa8a6f
                                    0x00fa8a75
                                    0x00fa8a7d
                                    0x00fa8a85
                                    0x00fa8a86
                                    0x00fa8a89
                                    0x00fa8a93
                                    0x00fa8a99
                                    0x00fa8a9b
                                    0x00000000
                                    0x00fa8aaf
                                    0x00fa8abe
                                    0x00fa8ac3
                                    0x00fa8acb
                                    0x00fa8ad7
                                    0x00fa8ae0
                                    0x00fa8af1
                                    0x00000000
                                    0x00fa8af1
                                    0x00fa8acd
                                    0x00fa8ad5
                                    0x00fa8afb
                                    0x00fa8afd
                                    0x00fa8aff
                                    0x00fa8b07
                                    0x00fa8b22
                                    0x00fa8b24
                                    0x00fa8b2a
                                    0x00fa8b2e
                                    0x00fa8b3f
                                    0x00fa8b78
                                    0x00fa8b41
                                    0x00fa8b52
                                    0x00fa8b54
                                    0x00fa8b5c
                                    0x00fa8b74
                                    0x00fa8b74
                                    0x00fa8b5c
                                    0x00fa8b3f
                                    0x00fa8b5e
                                    0x00fa8b61
                                    0x00fa8b64
                                    0x00fa8b64
                                    0x00fa8b6c
                                    0x00fa8b6c
                                    0x00fa8b11
                                    0x00ff9cd5
                                    0x00ff9cd5
                                    0x00fa8b17
                                    0x00fa8b1a
                                    0x00fa8b1a
                                    0x00000000
                                    0x00fa8ad5
                                    0x00fa8a89

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1e58c269c0da30225fee6bb872f51e1b8b04476f2c896f8fced2b7e94dd74a0d
                                    • Instruction ID: 901ed1a7deee30f6b0456e18259d3574913e65163fe98cb0d4af1c73b91bee50
                                    • Opcode Fuzzy Hash: 1e58c269c0da30225fee6bb872f51e1b8b04476f2c896f8fced2b7e94dd74a0d
                                    • Instruction Fuzzy Hash: 6C4174F5A0022C9BDB24DF15CC88BA9B7F4FB95390F1041EAD81997252DBB49E81DF60
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0105AA16 Relevance: .1, Instructions: 120COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0105AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0105ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0105AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0105AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0103CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L00FB77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E00FB7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0105131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0103CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                    0x0105aa1f
                                    0x0105aa21
                                    0x0105aa23
                                    0x0105aa2b
                                    0x0105aa30
                                    0x0105aa36
                                    0x0105aa39
                                    0x0105aa42
                                    0x0105aa75
                                    0x0105aa7a
                                    0x0105aa7c
                                    0x0105aa7c
                                    0x0105aa88
                                    0x0105aa8a
                                    0x0105aa8f
                                    0x0105ab02
                                    0x0105ab04
                                    0x0105aa99
                                    0x0105aaa8
                                    0x0105aaaf
                                    0x0105aab3
                                    0x0105aacc
                                    0x0105aad1
                                    0x0105aad6
                                    0x0105aae0
                                    0x0105aaf3
                                    0x0105aaf9
                                    0x0105aafe
                                    0x0105aafe
                                    0x0105aaf3
                                    0x0105aad6
                                    0x0105aab3
                                    0x0105ab07
                                    0x0105ab0a
                                    0x0105ab11
                                    0x0105ab23
                                    0x0105ab13
                                    0x0105ab1c
                                    0x0105ab1c
                                    0x0105ab2b
                                    0x0105ab44
                                    0x0105ab44
                                    0x0105ab51
                                    0x0105ab51
                                    0x0105aa44
                                    0x0105aa47
                                    0x0105aa4c
                                    0x00000000
                                    0x00000000
                                    0x0105aa5a
                                    0x0105aa64
                                    0x0105aa72
                                    0x00000000
                                    0x0105aa66
                                    0x0105aa66
                                    0x0105aa68
                                    0x0105aa6a
                                    0x00000000
                                    0x0105aa6a

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                    • Instruction ID: 49dd21873ebe24333e70672d8d00c0917cb23d386ecee0ebfff0eae774c6e2a1
                                    • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                    • Instruction Fuzzy Hash: 03312631F00205ABFF958B69CC49BAFFBBBEF84210F0545A9ED80A7242DB749D00C690
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0105FDE2 Relevance: .1, Instructions: 116COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 76%
                                    			E0105FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0105FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E01060A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E00FB7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E01051608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E01062B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0105C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0105DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E00FB7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0105A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                    0x0105fde7
                                    0x0105fde8
                                    0x0105fdec
                                    0x0105fdee
                                    0x0105fdf5
                                    0x0105fdf7
                                    0x0105fdfc
                                    0x0105fe19
                                    0x0105fe22
                                    0x0105fe26
                                    0x0105fec6
                                    0x0105fecd
                                    0x0105fed5
                                    0x0105fee7
                                    0x0105fed7
                                    0x0105fee0
                                    0x0105fee0
                                    0x0105feef
                                    0x0105ff00
                                    0x0105ff02
                                    0x0105ff07
                                    0x0105ff07
                                    0x00000000
                                    0x0105feef
                                    0x0105fe33
                                    0x0105fe55
                                    0x0105fe59
                                    0x0105fe5b
                                    0x0105fe5e
                                    0x0105fe69
                                    0x0105fe6d
                                    0x0105fe6d
                                    0x0105fe69
                                    0x0105fe35
                                    0x0105fe41
                                    0x0105fe41
                                    0x0105fe79
                                    0x0105fe8b
                                    0x0105fe7b
                                    0x0105fe84
                                    0x0105fe84
                                    0x0105fe93
                                    0x00000000
                                    0x0105fea8
                                    0x0105feba
                                    0x00000000
                                    0x0105feba
                                    0x0105fdfe
                                    0x0105fe01
                                    0x0105fe02
                                    0x0105fe08
                                    0x0105ff0c
                                    0x0105ff14
                                    0x0105ff14

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                    • Instruction ID: 9f8afb01adf993dce6a74f5bc62b9ca65130bb69bdac1f759731892974017257
                                    • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                    • Instruction Fuzzy Hash: 28311A323006426FD7A2A768C848F6B7BE9EFC5750F144498EDC68B742DA78DC41C760
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0105EA55 Relevance: .1, Instructions: 111COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 70%
                                    			E0105EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E00FB2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0105E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E00F9F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E00FAFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0105AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0105BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E00FB7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0104FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E00FAFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0105A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                    0x0105ea55
                                    0x0105ea66
                                    0x0105ea68
                                    0x0105ea6c
                                    0x0105ea6f
                                    0x0105ea72
                                    0x0105ea75
                                    0x0105ea7a
                                    0x0105ea7a
                                    0x0105ea7e
                                    0x0105ea80
                                    0x0105ea85
                                    0x0105ea8b
                                    0x0105eab5
                                    0x0105eabc
                                    0x0105eabf
                                    0x0105eabf
                                    0x0105eaca
                                    0x0105eace
                                    0x0105ead0
                                    0x0105eae4
                                    0x0105eaeb
                                    0x0105eaf0
                                    0x0105eaf5
                                    0x0105eb09
                                    0x0105eb0d
                                    0x0105eb1d
                                    0x0105eb2d
                                    0x0105eb38
                                    0x0105eb3d
                                    0x0105eb41
                                    0x0105eb4a
                                    0x0105eb60
                                    0x0105eb4c
                                    0x0105eb52
                                    0x0105eb59
                                    0x0105eb59
                                    0x0105eb68
                                    0x0105eb71
                                    0x0105eb71
                                    0x0105ea8d
                                    0x0105ea8f
                                    0x0105ea92
                                    0x0105ea97
                                    0x0105ea97
                                    0x0105ea9b
                                    0x0105ea9c
                                    0x0105ea9e
                                    0x0105eaa6
                                    0x0105eaa6
                                    0x0105eb7e

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                    • Instruction ID: cea6d34f0d6de12bf25407150a0ac7b5e8e3e368b93119be1e1e17e418ec60d2
                                    • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                    • Instruction Fuzzy Hash: 9D318E726047059BD759DF28CC80A6BB7EAFBC4350B048A2DF9D687641DA34E909CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 010169A6 Relevance: .1, Instructions: 108COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 69%
                                    			E010169A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x108d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L00FA6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E01016BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E00FD9980() >= 0) {
							E00FB2280(_t56, 0x1088778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1088774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1088774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E00F9B6F0(0xf7c338, 0xf7c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E00FD9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E00FD95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E00FAFFB0(_t68, _t77, 0x1088778);
				}
				_pop(_t78);
				return E00FDB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                    0x010169b5
                                    0x010169be
                                    0x010169c3
                                    0x010169c9
                                    0x010169cc
                                    0x010169d1
                                    0x010169d3
                                    0x010169de
                                    0x010169e1
                                    0x010169ea
                                    0x010169f6
                                    0x010169fe
                                    0x01016a13
                                    0x01016a14
                                    0x01016a15
                                    0x01016a16
                                    0x01016a1e
                                    0x01016a26
                                    0x01016a31
                                    0x01016a36
                                    0x01016a37
                                    0x01016a40
                                    0x01016a49
                                    0x01016a4a
                                    0x01016a53
                                    0x01016a59
                                    0x01016a5d
                                    0x01016a5e
                                    0x01016a64
                                    0x01016a67
                                    0x01016a6a
                                    0x01016a6d
                                    0x01016a70
                                    0x01016a77
                                    0x01016a7d
                                    0x01016a86
                                    0x01016a89
                                    0x01016a9c
                                    0x01016a9f
                                    0x01016aa2
                                    0x01016aa5
                                    0x01016aaf
                                    0x01016ab1
                                    0x01016ab8
                                    0x01016ab9
                                    0x01016abb
                                    0x01016abe
                                    0x01016ac5
                                    0x01016ac5
                                    0x01016aaf
                                    0x01016a40
                                    0x01016a26
                                    0x010169fe
                                    0x01016ace
                                    0x01016ad0
                                    0x01016ad3
                                    0x01016ad8
                                    0x01016adf
                                    0x01016adf
                                    0x01016ae8
                                    0x01016aef
                                    0x01016aef
                                    0x01016af9
                                    0x01016b06

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0c7fc2fcb1ce1dbf152d04826e62e1ac50d8da7455acdbe48b8237d5a608343d
                                    • Instruction ID: 82b52d552f56f9159e5dbbdba6dca46ed1bf92fa17826a54bbf35da73a4372c3
                                    • Opcode Fuzzy Hash: 0c7fc2fcb1ce1dbf152d04826e62e1ac50d8da7455acdbe48b8237d5a608343d
                                    • Instruction Fuzzy Hash: 44418CB1D00208AFDB20DFA9D841BEEBBF4EF48714F04816AE994A7241DB799905DB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F95210 Relevance: .1, Instructions: 107COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 85%
                                    			E00F95210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E00F952A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E00FD95D0();
							L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E00FAEB70(_t54, 0x10879a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E00FD95D0();
								L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E00FAEB70(_t54, 0x10879a0);
						}
						return _t52;
					}
					L5:
					_t33 = E00FDF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E00FAEB70(_t54, 0x10879a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E00FD95D0();
							L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                    0x00f95220
                                    0x00f95224
                                    0x00ff0d13
                                    0x00ff0d16
                                    0x00ff0d19
                                    0x00f9522a
                                    0x00f9522a
                                    0x00f9522d
                                    0x00f9522d
                                    0x00f95231
                                    0x00f95235
                                    0x00f95239
                                    0x00ff0d5c
                                    0x00ff0d62
                                    0x00000000
                                    0x00000000
                                    0x00ff0d6a
                                    0x00ff0d7b
                                    0x00ff0d7f
                                    0x00ff0d81
                                    0x00ff0d84
                                    0x00ff0d95
                                    0x00ff0d95
                                    0x00ff0d6c
                                    0x00ff0d71
                                    0x00ff0d71
                                    0x00ff0d9a
                                    0x00000000
                                    0x00f9524a
                                    0x00f9524a
                                    0x00f95250
                                    0x00ff0d24
                                    0x00ff0d35
                                    0x00ff0d39
                                    0x00ff0d3b
                                    0x00ff0d3e
                                    0x00ff0d50
                                    0x00ff0d50
                                    0x00ff0d26
                                    0x00ff0d2b
                                    0x00ff0d2b
                                    0x00000000
                                    0x00ff0d55
                                    0x00f95256
                                    0x00f9525b
                                    0x00f95265
                                    0x00ff0da7
                                    0x00f9526b
                                    0x00f9526e
                                    0x00f95272
                                    0x00ff0db1
                                    0x00ff0db4
                                    0x00ff0dc5
                                    0x00ff0dc5
                                    0x00f95272
                                    0x00f95278
                                    0x00f9527e
                                    0x00f9528a
                                    0x00f9528c
                                    0x00f9528d
                                    0x00000000
                                    0x00f95280
                                    0x00f95282
                                    0x00f95288
                                    0x00f9529f
                                    0x00f95292
                                    0x00000000
                                    0x00f95292
                                    0x00000000
                                    0x00f95288
                                    0x00f9527e

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 23ad5c194f66edf83a2c8fc7ed1464c5d5c42f30dd735f713bcb77570c47d17f
                                    • Instruction ID: 930990607acb534989559614ba0e712be90675aa2f59e76b7130a5392785bfe4
                                    • Opcode Fuzzy Hash: 23ad5c194f66edf83a2c8fc7ed1464c5d5c42f30dd735f713bcb77570c47d17f
                                    • Instruction Fuzzy Hash: E2312532641A049BCB26AB58CC41B7AB7A5FF50B60F20462AF9550B2A2DF60EC00F790
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD3D43 Relevance: .1, Instructions: 106COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FD3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E00FA7B60(0, _t61, 0xf711c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E00FA7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						_t12 =  &(_t61[2]); // 0x3b0bb70f
						 *((short*)( *_t12 + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L00FB4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                    0x00fd3d4c
                                    0x00fd3d50
                                    0x00fd3d55
                                    0x00fd3d5e
                                    0x0100e79a
                                    0x00000000
                                    0x0100e79a
                                    0x00fd3d68
                                    0x0100e789
                                    0x00fd3d9d
                                    0x00fd3da3
                                    0x00fd3daf
                                    0x00fd3db5
                                    0x00fd3dbc
                                    0x00fd3dc4
                                    0x00fd3dc9
                                    0x00fd3dce
                                    0x0100e7ae
                                    0x0100e7ae
                                    0x00fd3dd9
                                    0x00fd3dde
                                    0x00fd3de2
                                    0x00fd3de7
                                    0x00fd3e0d
                                    0x00fd3e13
                                    0x00fd3e16
                                    0x00fd3e1e
                                    0x00fd3e25
                                    0x00fd3e28
                                    0x00000000
                                    0x00000000
                                    0x00fd3e2a
                                    0x00fd3e2f
                                    0x00fd3e37
                                    0x00fd3e37
                                    0x00000000
                                    0x00fd3e37
                                    0x00fd3e31
                                    0x00000000
                                    0x00fd3e31
                                    0x00fd3e20
                                    0x00fd3e20
                                    0x00fd3e35
                                    0x00000000
                                    0x00fd3de9
                                    0x00fd3de9
                                    0x00fd3de9
                                    0x00fd3dee
                                    0x00fd3dfd
                                    0x00fd3dff
                                    0x00fd3e02
                                    0x00fd3e05
                                    0x00fd3e05
                                    0x00000000
                                    0x00fd3df0
                                    0x00fd3de7
                                    0x0100e78f
                                    0x0100e794
                                    0x00fd3d79
                                    0x00fd3d84
                                    0x00fd3d89
                                    0x00fd3d8e
                                    0x00000000
                                    0x0100e7a4
                                    0x00fd3d96
                                    0x00fd3d9a
                                    0x00000000
                                    0x00fd3d9a
                                    0x00000000
                                    0x0100e794
                                    0x00fd3d6e
                                    0x00fd3d73
                                    0x00000000
                                    0x0100e7b5
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d03d44e99865df798dc0f02b63a65fe5b747a1495d3e06d14bd28fe95c88a527
                                    • Instruction ID: b0543361a0897c27c2fcfb7668363b2da66ec5420c7b03ad448e8f5950369756
                                    • Opcode Fuzzy Hash: d03d44e99865df798dc0f02b63a65fe5b747a1495d3e06d14bd28fe95c88a527
                                    • Instruction Fuzzy Hash: 5431F232A00214DBD7258F2DC841A2BBBE6FF85710B19806BE649DB390E730D940EB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FCA61C Relevance: .1, Instructions: 106COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 78%
                                    			E00FCA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x1070220);
				E00FED08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x1087b9c; // 0x0
				_t55 = L00FB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E00FED0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x1087b10 =  *0x1087b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x108536c; // 0x77575368
					if( *_t51 != 0x1085368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x1085368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x108536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E00FCA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                    0x00fca61c
                                    0x00fca61e
                                    0x00fca623
                                    0x00fca628
                                    0x00fca62b
                                    0x00fca62d
                                    0x00fca648
                                    0x00fca64a
                                    0x00fca64f
                                    0x01009b44
                                    0x00fca6ec
                                    0x00fca6f1
                                    0x00fca6f1
                                    0x00fca655
                                    0x00fca657
                                    0x00fca65a
                                    0x00fca65d
                                    0x00fca662
                                    0x00fca663
                                    0x00fca667
                                    0x00fca668
                                    0x00fca66d
                                    0x00fca706
                                    0x00fca706
                                    0x01009bda
                                    0x01009be6
                                    0x01009beb
                                    0x00000000
                                    0x01009beb
                                    0x00fca679
                                    0x01009b7a
                                    0x00000000
                                    0x01009b7a
                                    0x00fca683
                                    0x00fca6f4
                                    0x00fca6f7
                                    0x00fca6f9
                                    0x00fca6fd
                                    0x00fca6a0
                                    0x00fca6a0
                                    0x00fca6ad
                                    0x00fca6af
                                    0x00fca6b4
                                    0x01009ba7
                                    0x01009bac
                                    0x00000000
                                    0x00000000
                                    0x01009bc6
                                    0x01009bce
                                    0x01009bd1
                                    0x01009bd3
                                    0x01009bd3
                                    0x00000000
                                    0x01009bd1
                                    0x00fca6bd
                                    0x00fca6c3
                                    0x00fca6c6
                                    0x00fca6d2
                                    0x00fca701
                                    0x00fca704
                                    0x00000000
                                    0x00fca704
                                    0x00fca6d4
                                    0x00fca6d6
                                    0x00fca6d9
                                    0x00fca6db
                                    0x00fca6e1
                                    0x00fca6e6
                                    0x00fca6e8
                                    0x00fca6e8
                                    0x00fca6ea
                                    0x00000000
                                    0x00fca6ea
                                    0x00fca688
                                    0x00fca692
                                    0x00fca694
                                    0x00fca699
                                    0x00000000
                                    0x00000000
                                    0x00fca69d
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5127a9ddf47965b4442b1f578fb11d17fbe87f322eccf6145bcf27eaf371b6a1
                                    • Instruction ID: 5e67f0054a4233a25c2534fe7cd59a2d83d5a1224c418d6ccc884eaffb5725a6
                                    • Opcode Fuzzy Hash: 5127a9ddf47965b4442b1f578fb11d17fbe87f322eccf6145bcf27eaf371b6a1
                                    • Instruction Fuzzy Hash: 5A419A75A00209DFCB15CF58C980B9DBBF2BF49318F1880ADE948AB385D779AD01EB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01017016 Relevance: .1, Instructions: 104COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 76%
                                    			E01017016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x108d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E01016B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E01016B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E00FB7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E00FD9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E00FDB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L00FB4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                    0x01017016
                                    0x0101701e
                                    0x0101702b
                                    0x01017033
                                    0x01017037
                                    0x0101703c
                                    0x0101703e
                                    0x01017041
                                    0x01017045
                                    0x0101704a
                                    0x01017050
                                    0x01017055
                                    0x0101705a
                                    0x01017062
                                    0x01017062
                                    0x0101705a
                                    0x01017064
                                    0x01017064
                                    0x01017067
                                    0x01017071
                                    0x01017096
                                    0x0101709b
                                    0x010170a2
                                    0x010170a6
                                    0x010170a7
                                    0x010170ad
                                    0x010170b3
                                    0x010170b6
                                    0x010170bb
                                    0x010170c3
                                    0x010170c3
                                    0x010170c6
                                    0x010170cd
                                    0x010170dd
                                    0x010170e0
                                    0x010170e2
                                    0x010170e2
                                    0x010170ee
                                    0x01017101
                                    0x010170f0
                                    0x010170f9
                                    0x010170f9
                                    0x0101710a
                                    0x0101710e
                                    0x01017112
                                    0x01017117
                                    0x01017118
                                    0x01017118
                                    0x010170bb
                                    0x0101711d
                                    0x01017123
                                    0x01017131
                                    0x01017131
                                    0x01017136
                                    0x0101713d
                                    0x0101713e
                                    0x0101713f
                                    0x0101714a
                                    0x0101714a
                                    0x01017084
                                    0x01017088
                                    0x00000000
                                    0x0101708e
                                    0x0101708e
                                    0x01017092
                                    0x00000000
                                    0x01017092

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a322ec8ad884a128757b11a62003c624aba9f35510ad8779a3e3b9ce7ff227b5
                                    • Instruction ID: 2db669372739797675ad87c56e72a31731362b2b1aa26d436ac5d4540a284a96
                                    • Opcode Fuzzy Hash: a322ec8ad884a128757b11a62003c624aba9f35510ad8779a3e3b9ce7ff227b5
                                    • Instruction Fuzzy Hash: 6B31E6726087519BC321DF2CCC41A6AB7E6BFC8700F044A69F99587795E738E904CBA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FBC182 Relevance: .1, Instructions: 104COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 68%
                                    			E00FBC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E00FB7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01068D34(_v8, _t80);
					}
					E00FB2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E00FAFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01068833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E00FAFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E00FDB180();
						if(_a4 != 0) {
							E00FB2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E00FBBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E00FBBB2D(_t16, _t15);
						E00FBB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E00FAFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E00FAFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E00FAFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                    0x00fbc18d
                                    0x00fbc18f
                                    0x00fbc191
                                    0x00fbc19b
                                    0x00fbc1a0
                                    0x00fbc1d4
                                    0x00fbc1de
                                    0x01002d6e
                                    0x00fbc1e4
                                    0x00fbc1e4
                                    0x00fbc1e4
                                    0x00fbc1ec
                                    0x01002d7d
                                    0x01002d7d
                                    0x00fbc1f3
                                    0x00fbc1ff
                                    0x01002d88
                                    0x01002d8d
                                    0x01002d94
                                    0x01002d94
                                    0x01002d9f
                                    0x01002da4
                                    0x01002dab
                                    0x01002db0
                                    0x01002db2
                                    0x01002db3
                                    0x01002db4
                                    0x01002dbc
                                    0x01002dc3
                                    0x01002dc3
                                    0x00fbc205
                                    0x00fbc205
                                    0x00fbc208
                                    0x00fbc20e
                                    0x00fbc211
                                    0x00fbc216
                                    0x00fbc219
                                    0x00fbc21f
                                    0x00fbc222
                                    0x00fbc22c
                                    0x00fbc234
                                    0x00fbc23a
                                    0x00fbc23f
                                    0x00fbc245
                                    0x00fbc24b
                                    0x00fbc251
                                    0x00fbc25a
                                    0x00fbc276
                                    0x00fbc27d
                                    0x00fbc27d
                                    0x00fbc25c
                                    0x00fbc25c
                                    0x00000000
                                    0x00fbc25e
                                    0x00fbc1a4
                                    0x00fbc1aa
                                    0x00fbc1b3
                                    0x00fbc265
                                    0x00fbc26c
                                    0x00fbc26c
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                    • Instruction ID: be2af7e08a071d793fbf8eab5baad1e396b7b85d7e0ca7ea7f07b5793900476b
                                    • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                    • Instruction Fuzzy Hash: BB310972A01546BED705EBF5C881BEAF754BF42304F14816AE41C5B242DB385949FFE1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC53C5 Relevance: .1, Instructions: 98COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 96%
                                    			E00FC53C5(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t56;
				unsigned int _t58;
				char _t63;
				unsigned int _t72;
				signed int _t77;
				intOrPtr _t79;
				void* _t80;

				_push(0x18);
				_push(0x106ff80);
				E00FED08C(__ebx, __edi, __esi);
				_t79 = __ecx;
				 *((intOrPtr*)(_t80 - 0x28)) = __ecx;
				 *((char*)(_t80 - 0x1a)) = 0;
				 *((char*)(_t80 - 0x19)) = 0;
				 *((intOrPtr*)(_t80 - 0x20)) = 0;
				 *((intOrPtr*)(_t80 - 4)) = 0;
				if(( *(__ecx + 0x40) & 0x75010f61) != 0 || ( *(__ecx + 0x40) & 0x00000002) == 0 || ( *( *[fs:0x30] + 0x68) & 0x00000800) != 0) {
					_t47 = 0;
					_t63 = 1;
				} else {
					_t63 = 1;
					_t47 = 1;
				}
				if(_t47 == 0) {
					_t77 = 0xc000000d;
					goto L18;
				} else {
					E00FAEEF0( *((intOrPtr*)(_t79 + 0xc8)));
					 *((char*)(_t80 - 0x19)) = _t63;
					if( *((char*)(_t79 + 0xda)) == 2) {
						_t47 =  *(_t79 + 0xd4);
					} else {
						_t47 = 0;
					}
					if(_t47 != 0) {
						_t77 = 0;
						goto L18;
					} else {
						if( *((intOrPtr*)(_t79 + 0xd8)) != 0) {
							_t77 = 0xc000001e;
							L18:
							 *((intOrPtr*)(_t80 - 0x20)) = _t77;
							L19:
							_t64 = 0xffff;
							L14:
							 *((intOrPtr*)(_t80 - 4)) = 0xfffffffe;
							E00FC5520(_t47, _t64, _t79);
							return E00FED0D1(_t77);
						}
						 *((short*)(_t79 + 0xd8)) = _t63;
						 *((char*)(_t80 - 0x1a)) = _t63;
						_t72 =  *0x1085cb4; // 0x4000
						_t69 = _t79;
						_t77 = E00FC55C8(_t79, (_t72 >> 3) + 2);
						 *((intOrPtr*)(_t80 - 0x20)) = _t77;
						if(_t77 < 0) {
							goto L19;
						}
						E00FC5539(_t79,  *((intOrPtr*)(_t79 + 0xb4)), _t69);
						 *(_t79 + 0xd4) =  *(_t79 + 0xd4) & 0x00000000;
						 *((char*)(_t79 + 0xda)) = 0;
						E00FAEB70(_t79,  *((intOrPtr*)(_t79 + 0xc8)));
						 *((char*)(_t80 - 0x19)) = 0;
						_t71 = _t79;
						 *(_t80 - 0x24) = E00FC3C3E(_t79);
						E00FAEEF0( *((intOrPtr*)(_t79 + 0xc8)));
						 *((char*)(_t80 - 0x19)) = _t63;
						_t56 =  *(_t80 - 0x24);
						if(_t56 == 0) {
							_t77 = 0xc0000017;
							 *((intOrPtr*)(_t80 - 0x20)) = 0xc0000017;
						} else {
							 *(_t79 + 0xd4) = _t56;
							 *((short*)(_t79 + 0xda)) = 0x202;
							if((E00FC4190() & 0x00010000) == 0) {
								_t58 =  *0x1085cb4; // 0x4000
								 *(_t79 + 0x6c) = _t58 >> 3;
							}
						}
						_t64 = 0xffff;
						 *((intOrPtr*)(_t79 + 0xd8)) =  *((intOrPtr*)(_t79 + 0xd8)) + 0xffff;
						 *((char*)(_t80 - 0x1a)) = 0;
						 *((char*)(_t80 - 0x19)) = 0;
						_t47 = E00FAEB70(_t71,  *((intOrPtr*)(_t79 + 0xc8)));
						goto L14;
					}
				}
			}










                                    0x00fc53c5
                                    0x00fc53c7
                                    0x00fc53cc
                                    0x00fc53d1
                                    0x00fc53d3
                                    0x00fc53d8
                                    0x00fc53db
                                    0x00fc53de
                                    0x00fc53e1
                                    0x00fc53eb
                                    0x010070b0
                                    0x010070b4
                                    0x00fc540e
                                    0x00fc5410
                                    0x00fc5411
                                    0x00fc5411
                                    0x00fc5415
                                    0x010070ba
                                    0x00000000
                                    0x00fc541b
                                    0x00fc5421
                                    0x00fc5426
                                    0x00fc5432
                                    0x010070d3
                                    0x00fc5438
                                    0x00fc5438
                                    0x00fc5438
                                    0x00fc543c
                                    0x010070de
                                    0x00000000
                                    0x00fc5442
                                    0x00fc5449
                                    0x010070c1
                                    0x010070c6
                                    0x010070c6
                                    0x010070c9
                                    0x010070c9
                                    0x00fc550c
                                    0x00fc550c
                                    0x00fc5513
                                    0x00fc551f
                                    0x00fc551f
                                    0x00fc544f
                                    0x00fc5456
                                    0x00fc5459
                                    0x00fc5465
                                    0x00fc546c
                                    0x00fc546e
                                    0x00fc5473
                                    0x00000000
                                    0x00000000
                                    0x00fc5482
                                    0x00fc5487
                                    0x00fc548e
                                    0x00fc549b
                                    0x00fc54a0
                                    0x00fc54a4
                                    0x00fc54ab
                                    0x00fc54b4
                                    0x00fc54b9
                                    0x00fc54bc
                                    0x00fc54c1
                                    0x010070e2
                                    0x010070e7
                                    0x00fc54c7
                                    0x00fc54c7
                                    0x00fc54cd
                                    0x00fc54e0
                                    0x00fc54e2
                                    0x00fc54ea
                                    0x00fc54ea
                                    0x00fc54e0
                                    0x00fc54ed
                                    0x00fc54f2
                                    0x00fc54f9
                                    0x00fc54fd
                                    0x00fc5507
                                    0x00000000
                                    0x00fc5507
                                    0x00fc543c

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8fd9c458e3ae2820280974e01aed6c6371376c2f1739204b00b454d4a0d16789
                                    • Instruction ID: 58cc63f9fd559e9c5007a1a14d1281c035444820bd9082cccebdfd8b9253d875
                                    • Opcode Fuzzy Hash: 8fd9c458e3ae2820280974e01aed6c6371376c2f1739204b00b454d4a0d16789
                                    • Instruction Fuzzy Hash: 01412870604745CFEB32CBB8891179FBAF2AF41304F14065DE0C567382DB796945D7A5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FCA70E Relevance: .1, Instructions: 96COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 92%
                                    			E00FCA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1087b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1087b10 = 8;
					 *0x1087b14 = 0x1087b0c;
					 *0x1087b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E00FCA990(0x1087b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L00FCA840(__edx, __ecx, __ecx, _t52, 0x1087b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1087b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x1087b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x1087b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L00FB4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1087b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E00FDF3E0(_t50,  *0x1087b14, _t8 >> 3);
						_t28 =  *0x1087b14; // 0x0
						__eflags = _t28 - 0x1087b0c;
						if(_t28 != 0x1087b0c) {
							L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x1087b14 = _t50;
						_t48 = _v12;
						 *0x1087b10 = _t9;
						goto L6;
					}
					 *0x1087b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                    0x00fca713
                                    0x00fca714
                                    0x00fca717
                                    0x00fca71d
                                    0x00fca720
                                    0x00fca722
                                    0x00fca727
                                    0x00fca74a
                                    0x00fca754
                                    0x00fca75e
                                    0x00fca768
                                    0x00fca76a
                                    0x00fca773
                                    0x00fca78b
                                    0x00fca790
                                    0x00fca792
                                    0x00fca741
                                    0x00fca741
                                    0x00fca743
                                    0x00fca749
                                    0x00fca749
                                    0x00fca732
                                    0x00fca73a
                                    0x00fca797
                                    0x00fca79d
                                    0x00fca7a3
                                    0x00fca7a9
                                    0x00fca7b6
                                    0x00fca7bc
                                    0x00fca7ca
                                    0x00fca7e0
                                    0x00fca7e2
                                    0x00fca7e4
                                    0x01009bf2
                                    0x00000000
                                    0x01009bf2
                                    0x00fca7ed
                                    0x00fca7f2
                                    0x00fca800
                                    0x00fca805
                                    0x00fca80d
                                    0x00fca812
                                    0x01009c08
                                    0x01009c08
                                    0x00fca818
                                    0x00fca81b
                                    0x00fca821
                                    0x00fca824
                                    0x00000000
                                    0x00fca824
                                    0x00fca7ae
                                    0x00000000
                                    0x00fca7ae
                                    0x00fca73c
                                    0x00fca73e
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0ff249c60a7c4b349eef07b5390a66828aeeac12b9bc2480c4762880bdb7d198
                                    • Instruction ID: 14ec687c127a5e10ca895b70e77d90477201a9faa9aabeb36a042f1b8a235762
                                    • Opcode Fuzzy Hash: 0ff249c60a7c4b349eef07b5390a66828aeeac12b9bc2480c4762880bdb7d198
                                    • Instruction Fuzzy Hash: 553106B1608205DFC721CF18DDA1F5977FAFB84714F640959E2D587248D37AA900DBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC61A0 Relevance: .1, Instructions: 93COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 97%
                                    			E00FC61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E00FC5E50(0xf767cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01069D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E00F9F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                    0x00fc61b3
                                    0x00fc61b5
                                    0x00fc61bd
                                    0x00fc61c3
                                    0x00fc61c7
                                    0x00fc61d2
                                    0x00fc61ff
                                    0x00fc61ff
                                    0x00fc6201
                                    0x00fc6207
                                    0x00fc6207
                                    0x00fc61d4
                                    0x00fc61d9
                                    0x00000000
                                    0x00000000
                                    0x00fc61df
                                    0x00fc61e2
                                    0x00000000
                                    0x00000000
                                    0x00fc61e6
                                    0x00fc61e8
                                    0x00fc61ee
                                    0x00fc61ee
                                    0x00fc61f9
                                    0x0100762f
                                    0x01007632
                                    0x01007635
                                    0x01007639
                                    0x01007640
                                    0x0100766e
                                    0x01007675
                                    0x00000000
                                    0x00000000
                                    0x01007681
                                    0x01007689
                                    0x0100768d
                                    0x01007691
                                    0x01007695
                                    0x01007699
                                    0x010076af
                                    0x010076b5
                                    0x010076b7
                                    0x010076b7
                                    0x010076d7
                                    0x010076dc
                                    0x00000000
                                    0x010076dc
                                    0x010076a2
                                    0x010076a9
                                    0x01007651
                                    0x01007653
                                    0x01007653
                                    0x01007656
                                    0x01007656
                                    0x00000000
                                    0x01007656
                                    0x01007644
                                    0x01007646
                                    0x01007648
                                    0x01007648
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7b1cdc8e166aa91f48e844f6bed36e5e74fe98057ae1aef92b4c66bab1c3b8dc
                                    • Instruction ID: 13fb5fb25700215dbad376c9de5f9ddd2a6d97774d27125b9b24519578b80422
                                    • Opcode Fuzzy Hash: 7b1cdc8e166aa91f48e844f6bed36e5e74fe98057ae1aef92b4c66bab1c3b8dc
                                    • Instruction Fuzzy Hash: C4318B71A097028FE361CF19C901B2AB7E4FB88B10F08496DE9D9D7391D774E804DB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F9AA16 Relevance: .1, Instructions: 93COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 95%
                                    			E00F9AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x108d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1087b9c; // 0x0
					_t53 = L00FB4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E00FDB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E00FDF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L00FA6C59(_t53, _t51, _t58) != 0) {
							_t28 = E00FC5E50(0xf7c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E00FCB230(_v32, _v28, 0xf7c2d8, 1,  &_v24);
								_t28 = E00F9F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                    0x00f9aa25
                                    0x00f9aa29
                                    0x00f9aa2d
                                    0x00f9aa30
                                    0x00f9aa37
                                    0x00f9aa3c
                                    0x00ff4458
                                    0x00ff4458
                                    0x00ff4472
                                    0x00ff4474
                                    0x00ff4476
                                    0x00f9aa64
                                    0x00f9aa74
                                    0x00ff447c
                                    0x00ff4483
                                    0x00ff4492
                                    0x00f9aa52
                                    0x00f9aa54
                                    0x00f9aa5e
                                    0x00ff44a8
                                    0x00ff44ad
                                    0x00ff44af
                                    0x00ff44b6
                                    0x00ff44b6
                                    0x00ff44b9
                                    0x00ff44bc
                                    0x00ff44cd
                                    0x00ff44d3
                                    0x00ff44d6
                                    0x00ff44e1
                                    0x00ff44e1
                                    0x00ff44e6
                                    0x00ff44e8
                                    0x00ff44fb
                                    0x00ff44fb
                                    0x00ff44e8
                                    0x00000000
                                    0x00f9aa5e
                                    0x00ff4476
                                    0x00f9aa42
                                    0x00f9aa46
                                    0x00f9aa48
                                    0x00f9aa4c
                                    0x00000000
                                    0x00000000
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 098a81ed4f43f2de922f2af0734869a1e31ae2a59e7a05a78b1099020ce7b88f
                                    • Instruction ID: b92995985c103fe53910a94932e43c314b4e1fa52c3425b9caf9e5313aa5556f
                                    • Opcode Fuzzy Hash: 098a81ed4f43f2de922f2af0734869a1e31ae2a59e7a05a78b1099020ce7b88f
                                    • Instruction Fuzzy Hash: 7931D471A00219EBDF10DF64CD42ABFB7B9EF04700B15406AF905E7251E739AD10EBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD8EC7 Relevance: .1, Instructions: 92COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 93%
                                    			E00FD8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x108d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E00FC4E70(0x10886e4, 0xfd9490, 0, 0);
					if( *0x10853e8 > 5 && E00FD8F33(0x10853e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x10853e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x10853e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0xf7bc46;
						_t48 = E01017B9C(0x10853e8, 0xf7bc46, _t67, 0x10853e8, _t70,  &_v140);
					}
				}
				return E00FDB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                    0x00fd8ec7
                                    0x00fd8ed9
                                    0x00fd8edc
                                    0x00fd8ee6
                                    0x00fd8ee9
                                    0x00fd8eee
                                    0x00fd8efc
                                    0x00fd8f08
                                    0x01011349
                                    0x01011353
                                    0x0101135d
                                    0x01011366
                                    0x0101136f
                                    0x01011375
                                    0x0101137c
                                    0x01011385
                                    0x01011390
                                    0x01011391
                                    0x0101139c
                                    0x0101139d
                                    0x010113a6
                                    0x010113ac
                                    0x010113b2
                                    0x010113b5
                                    0x010113bc
                                    0x010113bf
                                    0x010113c2
                                    0x010113c5
                                    0x010113c8
                                    0x010113cb
                                    0x010113ce
                                    0x010113d1
                                    0x010113d4
                                    0x010113d7
                                    0x010113da
                                    0x010113dd
                                    0x010113e0
                                    0x010113e3
                                    0x010113e6
                                    0x010113e9
                                    0x010113f6
                                    0x01011400
                                    0x01011400
                                    0x00fd8f08
                                    0x00fd8f32

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ca23afdf6993c864dc54abe76b36fa7029e504e50a357ff9102411efd3a490b3
                                    • Instruction ID: 8805b125f254cac46f579878a7635c549598168f46f31bd4c217f837b58b5ab4
                                    • Opcode Fuzzy Hash: ca23afdf6993c864dc54abe76b36fa7029e504e50a357ff9102411efd3a490b3
                                    • Instruction Fuzzy Hash: 1641B1B1D003189EDB20CFAAD981AADFBF9FB48310F5081AFE549A7640DB745A45CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FCE730 Relevance: .1, Instructions: 89COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 74%
                                    			E00FCE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E00FD9670() < 0) {
					E00FEDF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x1087b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L00FB4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M00FCE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                    0x00fce730
                                    0x00fce736
                                    0x00fce738
                                    0x00fce73d
                                    0x00fce73e
                                    0x00fce740
                                    0x00fce749
                                    0x00fce765
                                    0x00fce76a
                                    0x00fce76b
                                    0x00fce76c
                                    0x00fce76d
                                    0x00fce76e
                                    0x00fce76f
                                    0x00fce775
                                    0x00fce777
                                    0x00fce77e
                                    0x0100b675
                                    0x00fce784
                                    0x00fce784
                                    0x00fce789
                                    0x00fce7a8
                                    0x00fce7ac
                                    0x00fce807
                                    0x00fce7ae
                                    0x00fce7ae
                                    0x00fce7b1
                                    0x00fce7b4
                                    0x00fce7b9
                                    0x00fce7c0
                                    0x00fce7c4
                                    0x00fce7ca
                                    0x00fce7cc
                                    0x00000000
                                    0x00fce7d3
                                    0x00fce7d6
                                    0x00000000
                                    0x00000000
                                    0x00fce7ff
                                    0x00fce802
                                    0x00000000
                                    0x00000000
                                    0x00fce7f9
                                    0x00fce7fc
                                    0x00000000
                                    0x00000000
                                    0x00fce7f3
                                    0x00fce7f6
                                    0x00000000
                                    0x00000000
                                    0x00fce7ed
                                    0x00fce7f0
                                    0x00000000
                                    0x00000000
                                    0x00fce7e7
                                    0x00fce7ea
                                    0x00000000
                                    0x00000000
                                    0x0100b685
                                    0x0100b688
                                    0x00000000
                                    0x00000000
                                    0x0100b682
                                    0x00000000
                                    0x00000000
                                    0x00fce7cc
                                    0x00fce7d9
                                    0x00fce7dc
                                    0x00fce7de
                                    0x00fce7de
                                    0x00fce7ac
                                    0x00fce7e4
                                    0x00fce74b
                                    0x00fce751
                                    0x00fce759
                                    0x00fce761
                                    0x00fce761

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0e13e1023aa33d9d8e2e0166c6f6bd286579b804880e950aefce3307166df52d
                                    • Instruction ID: 64a97bf754e120324fa4d72deedf878a46c0085a42c12e1e8b05a609e149f722
                                    • Opcode Fuzzy Hash: 0e13e1023aa33d9d8e2e0166c6f6bd286579b804880e950aefce3307166df52d
                                    • Instruction Fuzzy Hash: 2E318D75A1424AAFD704CF58C942F9ABBE8FB09314F14825AF914CB381D635ED80DBA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FCBC2C Relevance: .1, Instructions: 88COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 67%
                                    			E00FCBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x1086100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E00FB2280(0xd, 0x529f1a0);
				_t41 =  *0x10860f8; // 0x0
				if(_t41 != 0) {
					 *0x10860f8 =  *_t41;
					 *0x10860fc =  *0x10860fc + 0xffff;
				}
				E00FAFFB0(_t41, 0x800, 0x529f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x10860f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L00FB4620(0x1086100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x1086100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                    0x00fcbc36
                                    0x00fcbc42
                                    0x00fcbc45
                                    0x00fcbc4a
                                    0x00fcbd35
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fcbc50
                                    0x00fcbc50
                                    0x00fcbc58
                                    0x00fcbc5a
                                    0x00fcbc60
                                    0x00000000
                                    0x00000000
                                    0x0100a4f2
                                    0x0100a4f6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0100a4fc
                                    0x00fcbc79
                                    0x00fcbc7e
                                    0x00fcbc86
                                    0x00fcbd16
                                    0x00fcbd20
                                    0x00fcbd20
                                    0x00fcbc8d
                                    0x00fcbc94
                                    0x00fcbcbd
                                    0x00fcbcca
                                    0x00fcbccb
                                    0x00fcbccc
                                    0x00fcbccd
                                    0x00fcbcce
                                    0x00fcbcd4
                                    0x00fcbcea
                                    0x00fcbcee
                                    0x00fcbcf2
                                    0x00fcbd00
                                    0x00fcbd04
                                    0x00000000
                                    0x00fcbc96
                                    0x00fcbcab
                                    0x00fcbcaf
                                    0x00fcbd2c
                                    0x00fcbd2c
                                    0x00fcbd09
                                    0x00000000
                                    0x00fcbd09
                                    0x00fcbcb1
                                    0x00fcbcb5
                                    0x00fcbcbb
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fcbcbb

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6ec6230f3539dc063675647adc7ba03b7888b860fad2937afc3c9268779798ed
                                    • Instruction ID: ca169f7853199a46c8194d1ba14842536e813227307d64e1e1a20ee301c95426
                                    • Opcode Fuzzy Hash: 6ec6230f3539dc063675647adc7ba03b7888b860fad2937afc3c9268779798ed
                                    • Instruction Fuzzy Hash: 0231053AA046169FCB21DF58D582BAA73B4FF14310F150078EC85DF246EB7ADD45AB80
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F99100 Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 76%
                                    			E00F99100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x106f6e8);
				E00FED0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E010688F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E00FED130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x10886c0; // 0xb307b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x10886b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E00FB2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E010688F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E00FDAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x108b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x10884c0;
										if(_t69 >=  *0x10884c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01069063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E00F9922A(_t82);
							_t53 = E00FB7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01068B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x10886c0; // 0xb307b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x10886b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x10886bc;
										_t72 = 0x10886b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E00F99240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x10886c4;
									_t72 = 0x10886c0;
									L18:
									E00FC9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                    0x00f99100
                                    0x00f99100
                                    0x00f99100
                                    0x00f99100
                                    0x00f99102
                                    0x00f99107
                                    0x00f9910c
                                    0x00f99110
                                    0x00f99115
                                    0x00f99136
                                    0x00f99143
                                    0x00ff37e4
                                    0x00ff37e4
                                    0x00f99149
                                    0x00f9914e
                                    0x00f9914e
                                    0x00f99117
                                    0x00f9911d
                                    0x00000000
                                    0x00000000
                                    0x00f9911f
                                    0x00f99125
                                    0x00000000
                                    0x00f99151
                                    0x00f99158
                                    0x00f9915d
                                    0x00f99161
                                    0x00f99168
                                    0x00ff3715
                                    0x00000000
                                    0x00f9916e
                                    0x00f9916e
                                    0x00f99175
                                    0x00f99177
                                    0x00f9917e
                                    0x00f9917f
                                    0x00f99182
                                    0x00f99182
                                    0x00f99187
                                    0x00f99187
                                    0x00f9918a
                                    0x00f9918d
                                    0x00f9918f
                                    0x00f99192
                                    0x00f99195
                                    0x00f99198
                                    0x00f99198
                                    0x00f99198
                                    0x00f9919a
                                    0x00000000
                                    0x00000000
                                    0x00ff371f
                                    0x00ff3721
                                    0x00ff3727
                                    0x00ff372f
                                    0x00ff3733
                                    0x00ff3735
                                    0x00ff3738
                                    0x00ff373b
                                    0x00ff373d
                                    0x00ff3740
                                    0x00000000
                                    0x00000000
                                    0x00ff3746
                                    0x00ff3749
                                    0x00000000
                                    0x00000000
                                    0x00ff374f
                                    0x00ff3751
                                    0x00000000
                                    0x00000000
                                    0x00ff3757
                                    0x00ff3759
                                    0x00ff375c
                                    0x00ff375c
                                    0x00ff375e
                                    0x00ff375e
                                    0x00ff3761
                                    0x00ff3764
                                    0x00000000
                                    0x00000000
                                    0x00ff3766
                                    0x00ff3768
                                    0x00ff37a3
                                    0x00ff37a3
                                    0x00ff37a5
                                    0x00ff37a7
                                    0x00ff37ad
                                    0x00ff37b0
                                    0x00ff37b2
                                    0x00ff37bc
                                    0x00ff37c2
                                    0x00ff37c2
                                    0x00ff37b2
                                    0x00f99187
                                    0x00f99187
                                    0x00f9918a
                                    0x00f9918d
                                    0x00f9918f
                                    0x00f99192
                                    0x00f99195
                                    0x00000000
                                    0x00f99195
                                    0x00000000
                                    0x00f99187
                                    0x00ff376a
                                    0x00ff376a
                                    0x00ff376c
                                    0x00ff376c
                                    0x00ff376f
                                    0x00ff3775
                                    0x00000000
                                    0x00000000
                                    0x00ff3777
                                    0x00ff3779
                                    0x00000000
                                    0x00000000
                                    0x00ff3782
                                    0x00ff3787
                                    0x00ff3789
                                    0x00ff3790
                                    0x00ff3790
                                    0x00ff378b
                                    0x00ff378b
                                    0x00ff378b
                                    0x00ff3792
                                    0x00ff3795
                                    0x00ff3795
                                    0x00ff3798
                                    0x00ff3798
                                    0x00ff379b
                                    0x00ff379b
                                    0x00f991a3
                                    0x00f991a9
                                    0x00f991b0
                                    0x00f991b4
                                    0x00f991b4
                                    0x00f991bb
                                    0x00f991c0
                                    0x00f991c5
                                    0x00f991c7
                                    0x00ff37da
                                    0x00f991cd
                                    0x00f991cd
                                    0x00f991cd
                                    0x00f991d2
                                    0x00f991d5
                                    0x00f99239
                                    0x00f99239
                                    0x00f991d7
                                    0x00f991db
                                    0x00f991e1
                                    0x00f991e7
                                    0x00f991fd
                                    0x00f99203
                                    0x00f9921e
                                    0x00f99223
                                    0x00000000
                                    0x00f99223
                                    0x00f99205
                                    0x00f99208
                                    0x00f9920c
                                    0x00f99214
                                    0x00f99214
                                    0x00f991e9
                                    0x00f991e9
                                    0x00f991ee
                                    0x00f991f3
                                    0x00f991f3
                                    0x00f991f3
                                    0x00f991e7
                                    0x00000000
                                    0x00f991db
                                    0x00f99187
                                    0x00f99168

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: efa9d15f8251dd3a32974323726e6b7a74aa0c2a2b92bbfd34467081bbce4e82
                                    • Instruction ID: ec8804d68525030db875e7d2b1af638c690dab79238a92e9db5c18564a3e04f2
                                    • Opcode Fuzzy Hash: efa9d15f8251dd3a32974323726e6b7a74aa0c2a2b92bbfd34467081bbce4e82
                                    • Instruction Fuzzy Hash: 1931D271E08286DFEF25DB6DC488BACB7B1BB48324F1A814ED44467251C3B5ADC0EB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC1DB5 Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 60%
                                    			E00FC1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E00FBF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L00FB4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E00FBF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                    0x00fc1dc2
                                    0x00fc1dc5
                                    0x00fc1dc7
                                    0x00fc1dcc
                                    0x00fc1dce
                                    0x00fc1dd6
                                    0x00fc1ddf
                                    0x00fc1de0
                                    0x00fc1de1
                                    0x00fc1de5
                                    0x00fc1de8
                                    0x00fc1def
                                    0x00fc1df0
                                    0x00fc1df6
                                    0x00fc1df7
                                    0x00fc1dfe
                                    0x00fc1e1a
                                    0x00000000
                                    0x00000000
                                    0x00fc1e0b
                                    0x00fc1e12
                                    0x00fc1e12
                                    0x00fc1e00
                                    0x00fc1e00
                                    0x00fc1e05
                                    0x00fc1e1e
                                    0x00fc1e23
                                    0x0100570f
                                    0x01005713
                                    0x00000000
                                    0x00000000
                                    0x01005719
                                    0x01005719
                                    0x00fc1e2c
                                    0x00fc1e2d
                                    0x00fc1e2e
                                    0x00fc1e2f
                                    0x00fc1e31
                                    0x00fc1e32
                                    0x00fc1e35
                                    0x00fc1e3d
                                    0x01005723
                                    0x0100573d
                                    0x0100573d
                                    0x00000000
                                    0x01005723
                                    0x00fc1e49
                                    0x00fc1e4e
                                    0x00fc1e4e
                                    0x00fc1e09
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                    • Instruction ID: 4952640e98b9d011e568c3ebf44972f3f00755f4f8a0ca9aaf9f5c7db47645bd
                                    • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                    • Instruction Fuzzy Hash: DB218032A00119EBD711CF59CD81FABBBB9FF86750F114059E905D7211D634AD11EB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FCF527 Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 80%
                                    			E00FCF527(void* __ecx, void* __edx, signed int* _a4) {
				char _v8;
				signed int _v12;
				void* __ebx;
				signed int _t28;
				signed int _t32;
				signed int _t34;
				signed char* _t37;
				intOrPtr _t38;
				intOrPtr* _t50;
				signed int _t53;
				void* _t69;

				_push(__ecx);
				_push(__ecx);
				_t69 = __ecx;
				_t53 =  *(__ecx + 0x10);
				_t50 = __ecx + 0x14;
				_t28 = _t53 + __edx;
				_v12 = _t28;
				if(_t28 >  *_t50) {
					_v8 = _t28 -  *_t50;
					_push(E00FC0678( *((intOrPtr*)(__ecx + 0xc)), 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push(_t50);
					_push(0xffffffff);
					_t32 = E00FD9660();
					__eflags = _t32;
					if(_t32 < 0) {
						 *_a4 =  *_a4 & 0x00000000;
						L2:
						return _t32;
					}
					 *((intOrPtr*)( *((intOrPtr*)(_t69 + 0xc)) + 0x1e8)) =  *((intOrPtr*)( *((intOrPtr*)(_t69 + 0xc)) + 0x1e8)) + _v8;
					_t34 = E00FB7D50();
					_t66 = 0x7ffe0380;
					__eflags = _t34;
					if(_t34 != 0) {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					} else {
						_t37 = 0x7ffe0380;
					}
					__eflags =  *_t37;
					if( *_t37 != 0) {
						_t38 =  *[fs:0x30];
						__eflags =  *(_t38 + 0x240) & 0x00000001;
						if(( *(_t38 + 0x240) & 0x00000001) == 0) {
							goto L7;
						}
						__eflags = E00FB7D50();
						if(__eflags != 0) {
							_t66 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E01051582(_t50,  *((intOrPtr*)(_t69 + 0xc)),  *_t50, __eflags, _v8,  *( *((intOrPtr*)(_t69 + 0xc)) + 0x74) << 3,  *_t66 & 0x000000ff);
						E0105138A(_t50,  *((intOrPtr*)(_t69 + 0xc)),  *_t50, _v8, 9);
						goto L7;
					} else {
						L7:
						 *_t50 =  *_t50 + _v8;
						_t53 =  *(_t69 + 0x10);
						goto L1;
					}
				}
				L1:
				 *_a4 = _t53;
				 *(_t69 + 0x10) = _v12;
				_t32 = 0;
				goto L2;
			}














                                    0x00fcf52c
                                    0x00fcf52d
                                    0x00fcf530
                                    0x00fcf533
                                    0x00fcf536
                                    0x00fcf539
                                    0x00fcf53c
                                    0x00fcf541
                                    0x00fcf561
                                    0x00fcf569
                                    0x00fcf56a
                                    0x00fcf572
                                    0x00fcf573
                                    0x00fcf575
                                    0x00fcf576
                                    0x00fcf578
                                    0x00fcf57d
                                    0x00fcf57f
                                    0x00fcf5b7
                                    0x00fcf550
                                    0x00fcf556
                                    0x00fcf556
                                    0x00fcf587
                                    0x00fcf58d
                                    0x00fcf592
                                    0x00fcf597
                                    0x00fcf599
                                    0x0100bcc9
                                    0x00fcf59f
                                    0x00fcf59f
                                    0x00fcf59f
                                    0x00fcf5a1
                                    0x00fcf5a4
                                    0x0100bcd3
                                    0x0100bcd9
                                    0x0100bce0
                                    0x00000000
                                    0x00000000
                                    0x0100bceb
                                    0x0100bced
                                    0x0100bcf8
                                    0x0100bcf8
                                    0x0100bcf8
                                    0x0100bd11
                                    0x0100bd20
                                    0x00000000
                                    0x00fcf5aa
                                    0x00fcf5aa
                                    0x00fcf5ad
                                    0x00fcf5af
                                    0x00000000
                                    0x00fcf5af
                                    0x00fcf5a4
                                    0x00fcf543
                                    0x00fcf546
                                    0x00fcf54b
                                    0x00fcf54e
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                                    • Instruction ID: db0d931e211707fa5f396d7e708f2969764f905c645b08e9afa9be146f820e83
                                    • Opcode Fuzzy Hash: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                                    • Instruction Fuzzy Hash: 40319C31600649EFD721CF68C981F6AB7F9EF44350F2449A9E9558B291E770EE01DB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FB8D76 Relevance: .1, Instructions: 82COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 97%
                                    			E00FB8D76(intOrPtr* __ecx, void* __edx) {
				void* __ebx;
				signed int _t24;
				intOrPtr* _t26;
				char* _t27;
				intOrPtr* _t32;
				char* _t33;
				signed char _t43;
				signed char _t44;
				signed char _t52;
				void* _t56;
				intOrPtr* _t57;

				_t56 = __edx;
				_t57 = __ecx;
				if(( *(__edx + 0x10) & 0x0000ffff) == 0) {
					L14:
					_t52 = 0;
				} else {
					_t52 = 1;
					if(( *0x10884b4 & 0x00000004) == 0) {
						_t24 =  *(__ecx + 0x5c) & 0x0000ffff;
						if(_t24 > 0x70 ||  *((intOrPtr*)(__ecx + 0x50)) < ( *(0xf7ade8 + _t24 * 2) & 0x0000ffff) << 4) {
							goto L2;
						} else {
							asm("sbb bl, bl");
							_t44 = _t43 & 1;
							goto L3;
						}
						goto L10;
					} else {
						L2:
						_t44 = 0;
					}
					L3:
					_t26 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
					if(_t26 != 0) {
						if( *_t26 == 0) {
							goto L4;
						} else {
							_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							goto L5;
						}
						L23:
					} else {
						L4:
						_t27 = 0x7ffe038a;
					}
					L5:
					if( *_t27 != 0) {
						L21:
						if(_t44 != 0) {
							E01051751(_t44,  *((intOrPtr*)( *((intOrPtr*)( *_t57 + 0xc)) + 0xc)),  *((intOrPtr*)(_t56 + 4)),  *(_t57 + 0x5c) & 0x0000ffff);
							_t52 = 1;
							goto L9;
						}
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
						if(_t32 != 0) {
							if( *_t32 == 0) {
								goto L7;
							} else {
								_t33 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								goto L8;
							}
							goto L23;
						} else {
							L7:
							_t33 = 0x7ffe0380;
						}
						L8:
						if( *_t33 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000001) == 0) {
								goto L9;
							} else {
								goto L21;
							}
						} else {
							L9:
							if(_t44 != 0) {
								goto L14;
							}
						}
					}
				}
				L10:
				return _t52;
				goto L23;
			}














                                    0x00fb8d7b
                                    0x00fb8d7d
                                    0x00fb8d89
                                    0x00fb8e01
                                    0x00fb8e01
                                    0x00fb8d8b
                                    0x00fb8d8d
                                    0x00fb8d95
                                    0x00fb8de1
                                    0x00fb8de8
                                    0x00000000
                                    0x00fb8dfc
                                    0x01000592
                                    0x01000594
                                    0x00000000
                                    0x01000594
                                    0x00000000
                                    0x00fb8d97
                                    0x00fb8d97
                                    0x00fb8d97
                                    0x00fb8d97
                                    0x00fb8d99
                                    0x00fb8d9f
                                    0x00fb8da4
                                    0x0100059e
                                    0x00000000
                                    0x010005a4
                                    0x010005ad
                                    0x00000000
                                    0x010005ad
                                    0x00000000
                                    0x00fb8daa
                                    0x00fb8daa
                                    0x00fb8daa
                                    0x00fb8daa
                                    0x00fb8daf
                                    0x00fb8db2
                                    0x010005e6
                                    0x010005e8
                                    0x010005fe
                                    0x01000605
                                    0x00000000
                                    0x01000605
                                    0x00fb8db8
                                    0x00fb8dbe
                                    0x00fb8dc3
                                    0x010005ba
                                    0x00000000
                                    0x010005c0
                                    0x010005c9
                                    0x00000000
                                    0x010005c9
                                    0x00000000
                                    0x00fb8dc9
                                    0x00fb8dc9
                                    0x00fb8dc9
                                    0x00fb8dc9
                                    0x00fb8dce
                                    0x00fb8dd1
                                    0x010005e0
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fb8dd7
                                    0x00fb8dd7
                                    0x00fb8dd9
                                    0x00000000
                                    0x00000000
                                    0x00fb8dd9
                                    0x00fb8dd1
                                    0x00fb8db2
                                    0x00fb8ddd
                                    0x00fb8de0
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6e65494785d3c2617f09f9b85fde91fc44cd93041adb06d4a11945154cd650b8
                                    • Instruction ID: 67f0b394726de2ce1ae0b021c3a075094357804cf110d7b223b6c36c8c748c6a
                                    • Opcode Fuzzy Hash: 6e65494785d3c2617f09f9b85fde91fc44cd93041adb06d4a11945154cd650b8
                                    • Instruction Fuzzy Hash: B321D539201680CFE7668B1EC094BB673E8FB95795F184497E882876D1DB39DC82EB10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01016C0A Relevance: .1, Instructions: 79COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 77%
                                    			E01016C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E00FB7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x1087b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L00FB4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E00FDF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E00FB7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E00FD9AE0();
						_t23 = L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                    0x01016c0a
                                    0x01016c0f
                                    0x01016c10
                                    0x01016c13
                                    0x01016c15
                                    0x01016c19
                                    0x01016c1c
                                    0x01016c21
                                    0x01016c28
                                    0x01016c3a
                                    0x01016c2a
                                    0x01016c33
                                    0x01016c33
                                    0x01016c3f
                                    0x01016c48
                                    0x01016c4d
                                    0x01016c60
                                    0x01016c65
                                    0x01016c69
                                    0x01016c73
                                    0x01016c79
                                    0x01016c7f
                                    0x01016c86
                                    0x01016c90
                                    0x01016c94
                                    0x01016ca6
                                    0x01016cb2
                                    0x01016cbd
                                    0x01016cbd
                                    0x01016cc3
                                    0x01016cc7
                                    0x01016ccb
                                    0x01016cd0
                                    0x01016cd1
                                    0x01016ce2
                                    0x01016ce2
                                    0x01016c69
                                    0x01016ced

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b6c5b8d7ce09fc056e10d87eb4c242f80d3c3a678bd9c5158b12eb44d700d130
                                    • Instruction ID: 5439c0e3227f2fbacc9cf591f58154375da3fc29704f6089c6a641d846cf7171
                                    • Opcode Fuzzy Hash: b6c5b8d7ce09fc056e10d87eb4c242f80d3c3a678bd9c5158b12eb44d700d130
                                    • Instruction Fuzzy Hash: 7D219C71A00644ABD711DB69DC40F6AB7A8FF48740F1440A9F945C7791D63AED10CBA4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD90AF Relevance: .1, Instructions: 76COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 82%
                                    			E00FD90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E00FED4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E00FCE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L00FB4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E00FDF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E00FCA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                    0x00fd90af
                                    0x00fd90b8
                                    0x00fd90bb
                                    0x00fd90bf
                                    0x00fd90c2
                                    0x00fd90c2
                                    0x00fd90c8
                                    0x00fd90cb
                                    0x00fd90cd
                                    0x010114d7
                                    0x010114eb
                                    0x010114eb
                                    0x00000000
                                    0x010114eb
                                    0x010114db
                                    0x010114e6
                                    0x00000000
                                    0x010114f2
                                    0x010114e8
                                    0x00000000
                                    0x010114e8
                                    0x00fd90d8
                                    0x00fd90da
                                    0x00fd90dd
                                    0x00fd90e5
                                    0x00000000
                                    0x00fd9139
                                    0x00fd90fa
                                    0x00fd90fe
                                    0x00fd9142
                                    0x00000000
                                    0x00fd9142
                                    0x00fd9104
                                    0x00fd9107
                                    0x00fd910b
                                    0x00fd9110
                                    0x00fd9118
                                    0x00fd9147
                                    0x00fd9148
                                    0x00fd914f
                                    0x00fd9150
                                    0x00fd9151
                                    0x00fd9152
                                    0x00fd9156
                                    0x00fd915d
                                    0x00fd9160
                                    0x00fd9168
                                    0x00fd916c
                                    0x00fd91bc
                                    0x00fd91be
                                    0x00000000
                                    0x00fd91be
                                    0x00fd916e
                                    0x00fd9173
                                    0x00fd9176
                                    0x00000000
                                    0x00000000
                                    0x00fd917c
                                    0x00fd9180
                                    0x00fd91b5
                                    0x00000000
                                    0x00fd91b5
                                    0x00fd9182
                                    0x00fd9185
                                    0x00fd9189
                                    0x00000000
                                    0x00000000
                                    0x00fd918e
                                    0x00fd9190
                                    0x00fd9198
                                    0x00000000
                                    0x00000000
                                    0x00fd91a0
                                    0x00000000
                                    0x00fd91ad
                                    0x00fd91ad
                                    0x00fd91b0
                                    0x00fd91b1
                                    0x00000000
                                    0x00fd9185
                                    0x00fd911a
                                    0x00fd911c
                                    0x00fd911f
                                    0x00fd9125
                                    0x00fd9127
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                    • Instruction ID: 648a5423823ff5139c37ef6cb608d1ab987dee926694d6c5c47cac73cfb2fd72
                                    • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                    • Instruction Fuzzy Hash: 0A21B072A00206EFDB21DF99C944EAAF7F9EB44710F18886BE985A7301D374ED00DB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC3B7A Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 59%
                                    			E00FC3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x10884c4; // 0x0
				_v12 = 1;
				_v8 =  *0x10884c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L00FB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x10884c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E00FDAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E00FDFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x10884c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x10884c4; // 0x0
					L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                    0x00fc3b89
                                    0x00fc3b96
                                    0x00fc3ba1
                                    0x00fc3bab
                                    0x00fc3bb5
                                    0x00fc3bb9
                                    0x01006298
                                    0x00fc3bbf
                                    0x00fc3bc2
                                    0x00fc3bc3
                                    0x00fc3bc9
                                    0x00fc3bca
                                    0x00fc3bcc
                                    0x00fc3bcd
                                    0x00fc3bd4
                                    0x00fc3bd6
                                    0x00fc3bdb
                                    0x00fc3bea
                                    0x00fc3bf7
                                    0x00fc3bfb
                                    0x00fc3bff
                                    0x00fc3c09
                                    0x00fc3c0a
                                    0x00fc3c0b
                                    0x00fc3c0f
                                    0x00fc3c14
                                    0x00fc3c18
                                    0x00fc3c18
                                    0x00fc3bfb
                                    0x00fc3c1b
                                    0x00fc3c30
                                    0x00fc3c30
                                    0x00fc3c3d

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 65a3300d01fe26f351faf52aaabcd49de72b78f30cf88ebb53359a5c129e1254
                                    • Instruction ID: 6ebe0c0be50d3514acc4c8dac8076b3973ebabda6539ac7cdcb5ddbb1f9e3f67
                                    • Opcode Fuzzy Hash: 65a3300d01fe26f351faf52aaabcd49de72b78f30cf88ebb53359a5c129e1254
                                    • Instruction Fuzzy Hash: 4A21C272A00115AFC710DF58CE82F5EB7BEFB44748F254069E508AB252C776EE01DB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01016CF0 Relevance: .1, Instructions: 74COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 80%
                                    			E01016CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E00FB7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E00FB7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0xf75c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E00FCF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E00FCF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E01017016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L00FB2400( &_v52);
								}
								_t21 = L00FB2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                    0x01016cfb
                                    0x01016d00
                                    0x01016d02
                                    0x01016d06
                                    0x01016d0a
                                    0x01016d0e
                                    0x01016d19
                                    0x01016d2b
                                    0x01016d1b
                                    0x01016d24
                                    0x01016d24
                                    0x01016d33
                                    0x01016d39
                                    0x01016d46
                                    0x01016d4f
                                    0x01016d61
                                    0x01016d51
                                    0x01016d5a
                                    0x01016d5a
                                    0x01016d69
                                    0x01016d6b
                                    0x01016d6d
                                    0x01016d6f
                                    0x01016d6f
                                    0x01016d74
                                    0x01016d79
                                    0x01016d7a
                                    0x01016d7f
                                    0x01016d82
                                    0x01016d88
                                    0x01016d89
                                    0x01016d90
                                    0x01016d94
                                    0x01016da7
                                    0x01016db1
                                    0x01016db1
                                    0x01016dbb
                                    0x01016dbb
                                    0x01016d90
                                    0x01016d69
                                    0x01016d46
                                    0x01016dc6

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e915c3c56435a2e802b0bc361372e772e6b8e74b45ccc3e2c2b9c5072d93f7af
                                    • Instruction ID: b3f5e7f22eaa0234aa4bea2adc0d9345fc1fd21ee1467a7a58dba8960e8f77b0
                                    • Opcode Fuzzy Hash: e915c3c56435a2e802b0bc361372e772e6b8e74b45ccc3e2c2b9c5072d93f7af
                                    • Instruction Fuzzy Hash: B321F5729043459BD311EF29CD44FABBBECAF81740F4404AAF980C7256D779D548C6A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0106070D Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 67%
                                    			E0106070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E010607DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0105AFDE( &_v8,  &_v12);
					E01061293(_t38, _v28, _t60);
					if(E00FB7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E010514FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                    0x0106071b
                                    0x01060724
                                    0x01060734
                                    0x01060738
                                    0x0106074b
                                    0x0106074b
                                    0x01060753
                                    0x01060753
                                    0x01060759
                                    0x0106075d
                                    0x01060774
                                    0x01060779
                                    0x0106077d
                                    0x01060789
                                    0x01060795
                                    0x010607a7
                                    0x01060797
                                    0x010607a0
                                    0x010607a0
                                    0x010607af
                                    0x010607c4
                                    0x010607cd
                                    0x010607cd
                                    0x010607af
                                    0x010607dc

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                    • Instruction ID: a43bc92e36408263f82490eb217681b1470febb11785d5fbffcac340415810d8
                                    • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                    • Instruction Fuzzy Hash: F421FF36704200AFD705DF28C880BAABBE9FFD4350F048669F9958B389DA34DD09CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FBAE73 Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 96%
                                    			E00FBAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E00FB7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E00FB7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E00FB7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E00FB7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E01017794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                    0x00fbae78
                                    0x00fbae7c
                                    0x00fbae7e
                                    0x00fbae81
                                    0x00fbae86
                                    0x00fbae8d
                                    0x01002691
                                    0x00fbae93
                                    0x00fbae93
                                    0x00fbae93
                                    0x00fbae98
                                    0x00fbae9d
                                    0x010026a2
                                    0x010026b4
                                    0x010026a4
                                    0x010026ad
                                    0x010026ad
                                    0x010026b9
                                    0x00000000
                                    0x010026bb
                                    0x00000000
                                    0x010026bb
                                    0x00fbaea3
                                    0x00fbaea3
                                    0x00fbaea3
                                    0x00fbaeaa
                                    0x010026c0
                                    0x010026c9
                                    0x010026c9
                                    0x00fbaeb3
                                    0x010026d4
                                    0x010026e1
                                    0x00000000
                                    0x00000000
                                    0x010026e7
                                    0x010026ee
                                    0x010026f0
                                    0x010026f9
                                    0x010026f9
                                    0x01002702
                                    0x01002708
                                    0x01002708
                                    0x0100270b
                                    0x0100270f
                                    0x01002711
                                    0x01002711
                                    0x01002725
                                    0x01002725
                                    0x00000000
                                    0x00fbaeb9
                                    0x00fbaeb9
                                    0x00fbaebf
                                    0x00fbaebf
                                    0x00fbaeb3

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                    • Instruction ID: 9019c0aebcc537057b9e661eda9e0b5e1a31c2fece40acfe31b1135fbebbaabc
                                    • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                    • Instruction Fuzzy Hash: AA21C372605681DFE7279B6ACD88B6577E8EF48750F1900E0ED448B7A3E738DC40DAA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01017794 Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 82%
                                    			E01017794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x1087b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L00FB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E00FDF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E00FB7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E00FD9AE0();
					_t24 = L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                    0x01017799
                                    0x0101779a
                                    0x0101779b
                                    0x010177a3
                                    0x010177ab
                                    0x010177ae
                                    0x010177b1
                                    0x010177b1
                                    0x010177bf
                                    0x010177c4
                                    0x010177c8
                                    0x010177ce
                                    0x010177d4
                                    0x010177e0
                                    0x010177e0
                                    0x010177d6
                                    0x010177d6
                                    0x010177de
                                    0x00000000
                                    0x00000000
                                    0x010177de
                                    0x010177e5
                                    0x010177f0
                                    0x010177f3
                                    0x010177f6
                                    0x010177fd
                                    0x01017800
                                    0x0101780c
                                    0x01017818
                                    0x0101782b
                                    0x0101781a
                                    0x01017823
                                    0x01017823
                                    0x01017830
                                    0x01017831
                                    0x01017838
                                    0x0101783d
                                    0x0101783e
                                    0x0101784f
                                    0x0101784f
                                    0x0101785a

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e7d9420c21d75103310858a06766adb51bb483c9aa47bf64d886006464ecab33
                                    • Instruction ID: 9209344867eabe9ef9d0e4eaae9fd0822bb9f9b7b2f61ba19808c84ecee35aa3
                                    • Opcode Fuzzy Hash: e7d9420c21d75103310858a06766adb51bb483c9aa47bf64d886006464ecab33
                                    • Instruction Fuzzy Hash: 7C21A172900644ABC725DF69DC80EABBBE9FF48740F14056DFA4AC7751E638E900CB94
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FCFD9B Relevance: .1, Instructions: 69COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 93%
                                    			E00FCFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E00FA76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L00FB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                    0x00fcfd9b
                                    0x00fcfda0
                                    0x00fcfda1
                                    0x00fcfdab
                                    0x00fcfdad
                                    0x00fcfdb0
                                    0x00fcfdb8
                                    0x00fcfe0f
                                    0x00fcfde6
                                    0x00fcfde9
                                    0x00fcfdec
                                    0x0100c0c0
                                    0x00fcfdfe
                                    0x00fcfe06
                                    0x00fcfe06
                                    0x0100c0c8
                                    0x00fcfe2d
                                    0x00fcfe2d
                                    0x00000000
                                    0x00fcfe2d
                                    0x0100c0d1
                                    0x0100c0e0
                                    0x0100c0e5
                                    0x0100c0e5
                                    0x0100c0e8
                                    0x00000000
                                    0x0100c0e8
                                    0x00fcfdf4
                                    0x00000000
                                    0x00000000
                                    0x00fcfdf6
                                    0x00fcfdfa
                                    0x00fcfe1a
                                    0x00fcfe1f
                                    0x00fcfe1f
                                    0x00fcfdfc
                                    0x00000000
                                    0x00fcfdfc
                                    0x00fcfdcc
                                    0x00fcfdd0
                                    0x00fcfe26
                                    0x00000000
                                    0x00fcfe26
                                    0x00fcfdd8
                                    0x00fcfddb
                                    0x00fcfddd
                                    0x00fcfde0
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                    • Instruction ID: 267dfa270e9124230cb654e4609cdc1cd526cb34e16bdfb4de76db15d9194494
                                    • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                    • Instruction Fuzzy Hash: 54218E72A00A42DFD731CF0AC641F66F7E6EB94B20F24857EE94687621D734AC04EB80
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F99240 Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 77%
                                    			E00F99240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x106f708);
				E00FED08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E00FD95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E00FD95D0();
				_t33 =  *0x10884c4; // 0x0
				L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x10884c4; // 0x0
				L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x10884c4; // 0x0
				E00FB2280(L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x10886b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E00FD95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E00FD95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E00F99325();
					_t50 =  *0x10884c4; // 0x0
					return E00FED0D1(L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                    0x00f99240
                                    0x00f99242
                                    0x00f99247
                                    0x00f9924c
                                    0x00f9924e
                                    0x00f99255
                                    0x00f99257
                                    0x00f9925a
                                    0x00f9925f
                                    0x00f9925f
                                    0x00f99266
                                    0x00f99271
                                    0x00f99276
                                    0x00f99279
                                    0x00f9927e
                                    0x00f99295
                                    0x00f9929a
                                    0x00f992b1
                                    0x00f992b6
                                    0x00f992d7
                                    0x00f992dc
                                    0x00f992e0
                                    0x00f992e6
                                    0x00f992e8
                                    0x00f992ee
                                    0x00f99332
                                    0x00f99333
                                    0x00f99337
                                    0x00f99338
                                    0x00f9933a
                                    0x00f9933a
                                    0x00f9933d
                                    0x00f99342
                                    0x00f99342
                                    0x00f99345
                                    0x00f99349
                                    0x00f9934e
                                    0x00f99352
                                    0x00f99357
                                    0x00f992f4
                                    0x00f992f4
                                    0x00f992f6
                                    0x00f992f9
                                    0x00f99300
                                    0x00f99306
                                    0x00f99324
                                    0x00f99324

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 698de75f877ed4a65fcbec1c1c72d5aa18e9125fd717e66f16fe17d24182e256
                                    • Instruction ID: 424f9b7ef1f98e741dbe0cb6a1a476f0485e73997511f0045cb91c8ef5b11af1
                                    • Opcode Fuzzy Hash: 698de75f877ed4a65fcbec1c1c72d5aa18e9125fd717e66f16fe17d24182e256
                                    • Instruction Fuzzy Hash: 3E218932045640EFC722EF28CE02F59B7F9BF08304F55456DE0898BAA2CB79E941EB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FCB390 Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 54%
                                    			E00FCB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E00FB2280(_t12, 0x1088608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E00FD00C2(0x1088608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                    0x00fcb395
                                    0x00fcb3a2
                                    0x00fcb3a5
                                    0x00fcb3aa
                                    0x00fcb3b2
                                    0x00fcb3ba
                                    0x00fcb3bd
                                    0x00fcb3c0
                                    0x00fcb3c4
                                    0x00fcb3c9
                                    0x0100a3e9
                                    0x0100a3ed
                                    0x0100a3f0
                                    0x0100a3ff
                                    0x0100a403
                                    0x0100a409
                                    0x00000000
                                    0x00000000
                                    0x0100a40b
                                    0x0100a40b
                                    0x0100a40f
                                    0x0100a415
                                    0x0100a423
                                    0x0100a423
                                    0x0100a415
                                    0x00fcb3d1
                                    0x00fcb3e8
                                    0x00fcb3e8
                                    0x00fcb3d9

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8a7c1cdca6cc7dd4ec7dd75840474f378ee1188603985e417d3aea72985d6a2a
                                    • Instruction ID: 34fefab40de0d806ededb9e628be1a5bf0ca71cabfddf80548c2049a666ca2e3
                                    • Opcode Fuzzy Hash: 8a7c1cdca6cc7dd4ec7dd75840474f378ee1188603985e417d3aea72985d6a2a
                                    • Instruction Fuzzy Hash: 0B1148377152109BCB29DA658E82B6B7396EBC9330F29412EE956DB3C0CE359C02D694
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01024257 Relevance: .1, Instructions: 60COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 90%
                                    			E01024257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x10708d0);
				E00FED08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E010241E8(__ebx, __edi, __ecx, _t39);
				E00FAEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x10887e4;
					_t18 =  *0x10887e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1085cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x10887e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x10887e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L00F97055(_t31 + 0xfffffff8);
								_t24 =  *0x10887e0; // 0x0
								_t18 = _t24 - 1;
								 *0x10887e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1085cd0;
				if( *0x1085cd0 <= 0) {
					L00F97055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x10887e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x10887e8 = _t30;
						 *0x10887e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E00FED0D1(L01024320());
			}















                                    0x01024257
                                    0x01024257
                                    0x01024257
                                    0x01024259
                                    0x0102425e
                                    0x01024263
                                    0x01024265
                                    0x01024273
                                    0x01024278
                                    0x0102427c
                                    0x0102427f
                                    0x01024281
                                    0x01024287
                                    0x010242d7
                                    0x010242d7
                                    0x010242da
                                    0x0102428d
                                    0x0102428d
                                    0x0102428f
                                    0x01024292
                                    0x01024297
                                    0x0102429c
                                    0x010242a0
                                    0x010242a6
                                    0x010242a8
                                    0x010242ae
                                    0x010242b3
                                    0x00000000
                                    0x010242ba
                                    0x010242ba
                                    0x010242bf
                                    0x010242c5
                                    0x010242ca
                                    0x010242cf
                                    0x010242d0
                                    0x00000000
                                    0x010242d0
                                    0x010242b3
                                    0x00000000
                                    0x010242a6
                                    0x0102429c
                                    0x010242dc
                                    0x010242dc
                                    0x010242e3
                                    0x01024309
                                    0x010242e5
                                    0x010242e5
                                    0x010242e8
                                    0x010242ee
                                    0x010242f0
                                    0x00000000
                                    0x010242f2
                                    0x010242f2
                                    0x010242f4
                                    0x010242f7
                                    0x010242f9
                                    0x01024300
                                    0x01024300
                                    0x010242f0
                                    0x0102430e
                                    0x0102431f

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d74b86af5ff54072f9973ed8fa319dfab56da3107dd943342c3a12e4008a0b37
                                    • Instruction ID: e158d79fbeb7e473f0b98a771f435a6daf81ea2fc7472bc94e5f079f4c371eed
                                    • Opcode Fuzzy Hash: d74b86af5ff54072f9973ed8fa319dfab56da3107dd943342c3a12e4008a0b37
                                    • Instruction Fuzzy Hash: 1F215870A04B11CFC765EF2AD400A58BBF1FB86714BA4C2AAD1D5CB299DB3AD491CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC2397 Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 29%
                                    			E00FC2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x108848c != 0) {
					L00FBFAD0(0x1088610);
					if( *0x108848c == 0) {
						E00FBFA00(0x1088610, _t19, _t27, 0x1088610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E00FC2581(0x1088610, 0xf750a0, _t26, _t27, _t28);
						E00FBFA00(0x1088610, 0xf750a0, _t27, 0x1088610);
					}
				} else {
					L1:
					_t11 =  *0x1088614; // 0x0
					if(_t11 == 0) {
						_t11 = E00FD4886(0xf71088, 1, 0x1088614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E00FC2581(0x1088610, (_t11 << 4) + 0xf75070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                    0x00fc23b0
                                    0x00fc23b6
                                    0x00fc2409
                                    0x00fc2415
                                    0x01005ae9
                                    0x00000000
                                    0x00fc241b
                                    0x00fc241b
                                    0x00fc241d
                                    0x00fc2427
                                    0x00fc242e
                                    0x00fc2430
                                    0x00fc2430
                                    0x00fc23b8
                                    0x00fc23b8
                                    0x00fc23b8
                                    0x00fc23bf
                                    0x00fc23fc
                                    0x00fc23fc
                                    0x00fc23c1
                                    0x00fc23c3
                                    0x00fc23d0
                                    0x00fc23d8
                                    0x00fc23d8
                                    0x00fc23dc
                                    0x00fc23de
                                    0x00fc23e1
                                    0x00fc23e1
                                    0x00fc23ec

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3f6f418c72253483049cb64c18abc9b58de4ffdabaab49576040fcbd86f27d79
                                    • Instruction ID: 1c8e88ddc4f954716be944810627a3c90ce3ca0af6093dc54fb335ab23819dd0
                                    • Opcode Fuzzy Hash: 3f6f418c72253483049cb64c18abc9b58de4ffdabaab49576040fcbd86f27d79
                                    • Instruction Fuzzy Hash: 6811483264434267D374A62E9D82F19B28DFB50720F58843FF686A7282C9BCE844B754
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 010146A7 Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 93%
                                    			E010146A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L00FB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E00FDF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E00FCD268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L00FB77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                    0x010146b7
                                    0x010146ba
                                    0x010146c5
                                    0x010146c8
                                    0x010146d0
                                    0x010146d4
                                    0x010146e6
                                    0x010146e9
                                    0x010146f4
                                    0x010146ff
                                    0x01014705
                                    0x01014706
                                    0x0101470c
                                    0x01014713
                                    0x0101471b
                                    0x01014723
                                    0x01014725
                                    0x010146d6
                                    0x010146d9
                                    0x010146db
                                    0x010146db
                                    0x01014732

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                    • Instruction ID: 28557e56f90a3e35e3388e09569ac0e1595b99c56a7701e3b876edce5227ef0b
                                    • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                    • Instruction Fuzzy Hash: E7110272904208BBC7019F5D9881CBEB7B9EF85300F1080AAF984CB351DA368D55D7A4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD37F5 Relevance: .1, Instructions: 57COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 87%
                                    			E00FD37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E00FB2280(_t6, 0x1088550);
				}
				_t29 = E00FD387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E00FAFFB0(0x1088550, _t27, 0x1088550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                    0x00fd37fa
                                    0x00fd37fc
                                    0x00fd3805
                                    0x00fd3808
                                    0x00fd3808
                                    0x00fd3814
                                    0x00fd3818
                                    0x00fd3846
                                    0x00fd3848
                                    0x00fd384b
                                    0x00fd384b
                                    0x00fd3852
                                    0x00000000
                                    0x00fd3854
                                    0x00fd3856
                                    0x00000000
                                    0x00000000
                                    0x00fd3863
                                    0x00000000
                                    0x00fd3863
                                    0x00fd381a
                                    0x00fd381a
                                    0x00fd381f
                                    0x00fd386e
                                    0x00fd386e
                                    0x00fd3871
                                    0x00fd3873
                                    0x00fd3873
                                    0x00fd3868
                                    0x00000000
                                    0x00fd3868
                                    0x00fd3821
                                    0x00fd3826
                                    0x00000000
                                    0x00000000
                                    0x00fd3828
                                    0x00fd382a
                                    0x00fd3841
                                    0x00000000
                                    0x00fd3841

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 82b5e882805f6ecb945b34d2b4ef0da6bc3b5a64a2af63cb71fb0f9a939ed8a5
                                    • Instruction ID: b660baa7c11fb03346c45c764fef1e5e74b66a9aca68ca2d751ae24296cfbf47
                                    • Opcode Fuzzy Hash: 82b5e882805f6ecb945b34d2b4ef0da6bc3b5a64a2af63cb71fb0f9a939ed8a5
                                    • Instruction Fuzzy Hash: E30104B3D456209BC3378B1AD900A26BBA7DF81B6072D406BFA458B305CB34DE00F791
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC002D Relevance: .1, Instructions: 55COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FC002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E00FB7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E00FB7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E00FB7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E00FB7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                    0x00fc0032
                                    0x00fc0037
                                    0x00fc0043
                                    0x01004b3a
                                    0x00fc0049
                                    0x00fc0049
                                    0x00fc0049
                                    0x00fc004e
                                    0x00fc0053
                                    0x01004b48
                                    0x01004b5a
                                    0x01004b4a
                                    0x01004b53
                                    0x01004b53
                                    0x01004b5f
                                    0x00000000
                                    0x01004b61
                                    0x00000000
                                    0x01004b61
                                    0x00fc0059
                                    0x00fc0059
                                    0x00fc0060
                                    0x01004b6f
                                    0x01004b6f
                                    0x00fc0069
                                    0x01004b83
                                    0x00000000
                                    0x00000000
                                    0x01004b90
                                    0x01004b9b
                                    0x01004b9b
                                    0x01004ba4
                                    0x00000000
                                    0x00000000
                                    0x01004baa
                                    0x00000000
                                    0x00fc006f
                                    0x00fc006f
                                    0x00000000
                                    0x00fc006f
                                    0x00fc0069

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                    • Instruction ID: ece55a2cafb657302648ad61fdece50bc66dee178abef6dbf736d960ab959e19
                                    • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                    • Instruction Fuzzy Hash: A811C232605A81CFE723972DCA45B2537D4AF84794F1A00E4EE44C76D3D729C842E658
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FA766D Relevance: .1, Instructions: 54COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 94%
                                    			E00FA766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E00FCF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E00FCF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L00FB4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                    0x00fa7672
                                    0x00fa767f
                                    0x00fa7689
                                    0x00fa76de
                                    0x00fa76de
                                    0x00fa768b
                                    0x00fa7691
                                    0x00fa7693
                                    0x00fa7697
                                    0x00000000
                                    0x00fa7699
                                    0x00fa76a8
                                    0x00000000
                                    0x00fa76aa
                                    0x00fa76ad
                                    0x00fa76b1
                                    0x00000000
                                    0x00fa76b3
                                    0x00fa76b3
                                    0x00fa76b5
                                    0x00fa76ba
                                    0x00fa76bc
                                    0x00fa76bc
                                    0x00fa76c0
                                    0x00000000
                                    0x00fa76c2
                                    0x00fa76ce
                                    0x00fa76ce
                                    0x00fa76c0
                                    0x00fa76b1
                                    0x00fa76a8
                                    0x00fa7697
                                    0x00fa76d9

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                    • Instruction ID: f7b69a11455ce2b771dac24aaeb43d239854d94cb725390e06801935f79299a5
                                    • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                    • Instruction Fuzzy Hash: BB0184B2718A19ABC720AE5ECD41F5BB7ADEB86760B240534B908CB351DA30DD01A7A0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F99080 Relevance: .1, Instructions: 53COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 69%
                                    			E00F99080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x10885ec;
				E00FB2280(_t48, 0x10885ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E00FAFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x108538c; // 0x77576828
					if( *_t84 != 0x1085388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x106f6e8);
						E00FED0E8(0x10885ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E010688F5(_t80, _t85, 0x1085388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x10886c0; // 0xb307b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x10886b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E00FB2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E010688F5(0x10885ec, _t85, 0x1085388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E00FDAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x108b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x10884c0;
																			if(_t82 >=  *0x10884c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01069063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E00F9922A(_t99);
										_t64 = E00FB7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01068B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x10886c0; // 0xb307b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x10886b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x10886bc;
													_t87 = 0x10886b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E00F99240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x10886c4;
												_t87 = 0x10886c0;
												L27:
												E00FC9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E00FED130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1085388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x108538c = _t51;
						goto L6;
					}
				}
			}




















                                    0x00f99082
                                    0x00f99083
                                    0x00f99084
                                    0x00f99085
                                    0x00f99087
                                    0x00f99096
                                    0x00f99098
                                    0x00f99098
                                    0x00f9909e
                                    0x00f990a8
                                    0x00f990e7
                                    0x00f990e7
                                    0x00f990aa
                                    0x00f990b0
                                    0x00f990b7
                                    0x00f990bd
                                    0x00f990dd
                                    0x00f990e6
                                    0x00f990bf
                                    0x00f990bf
                                    0x00f990c7
                                    0x00f990cf
                                    0x00f990f1
                                    0x00f990f2
                                    0x00f990f4
                                    0x00f990f5
                                    0x00f990f6
                                    0x00f990f7
                                    0x00f990f8
                                    0x00f990f9
                                    0x00f990fa
                                    0x00f990fb
                                    0x00f990fc
                                    0x00f990fd
                                    0x00f990fe
                                    0x00f990ff
                                    0x00f99100
                                    0x00f99102
                                    0x00f99107
                                    0x00f9910c
                                    0x00f99110
                                    0x00f99113
                                    0x00f99115
                                    0x00f99136
                                    0x00f9913f
                                    0x00f99143
                                    0x00ff37e4
                                    0x00ff37e4
                                    0x00f99117
                                    0x00f99117
                                    0x00f9911d
                                    0x00000000
                                    0x00f9911f
                                    0x00f9911f
                                    0x00f99125
                                    0x00000000
                                    0x00f99127
                                    0x00f9912d
                                    0x00f99130
                                    0x00f99134
                                    0x00f99158
                                    0x00f9915d
                                    0x00f99161
                                    0x00f99168
                                    0x00ff3715
                                    0x00f9916e
                                    0x00f9916e
                                    0x00f99175
                                    0x00f99177
                                    0x00f9917e
                                    0x00f9917f
                                    0x00f99182
                                    0x00f99182
                                    0x00f99187
                                    0x00f99187
                                    0x00f9918a
                                    0x00f9918d
                                    0x00f9918f
                                    0x00f99192
                                    0x00f99195
                                    0x00f99198
                                    0x00f99198
                                    0x00f99198
                                    0x00f9919a
                                    0x00000000
                                    0x00000000
                                    0x00ff371f
                                    0x00ff3721
                                    0x00ff3727
                                    0x00ff372f
                                    0x00ff3733
                                    0x00ff3735
                                    0x00ff3738
                                    0x00ff373b
                                    0x00ff373d
                                    0x00ff3740
                                    0x00000000
                                    0x00ff3746
                                    0x00ff3746
                                    0x00ff3749
                                    0x00000000
                                    0x00ff374f
                                    0x00ff374f
                                    0x00ff3751
                                    0x00ff3757
                                    0x00ff3759
                                    0x00ff375c
                                    0x00ff375c
                                    0x00ff375e
                                    0x00ff375e
                                    0x00ff3761
                                    0x00ff3764
                                    0x00000000
                                    0x00000000
                                    0x00ff3766
                                    0x00ff3768
                                    0x00ff37a3
                                    0x00ff37a3
                                    0x00ff37a5
                                    0x00ff37a7
                                    0x00ff37ad
                                    0x00ff37b0
                                    0x00ff37b2
                                    0x00ff37bc
                                    0x00ff37c2
                                    0x00ff37c2
                                    0x00ff37b2
                                    0x00f99187
                                    0x00f99187
                                    0x00f9918a
                                    0x00f9918d
                                    0x00f9918f
                                    0x00f99192
                                    0x00f99195
                                    0x00000000
                                    0x00f99195
                                    0x00000000
                                    0x00ff376a
                                    0x00ff376a
                                    0x00ff376a
                                    0x00ff376c
                                    0x00ff376c
                                    0x00ff376f
                                    0x00ff3775
                                    0x00000000
                                    0x00000000
                                    0x00ff3777
                                    0x00ff3779
                                    0x00ff3782
                                    0x00ff3787
                                    0x00ff3789
                                    0x00ff3790
                                    0x00ff3790
                                    0x00ff378b
                                    0x00ff378b
                                    0x00ff378b
                                    0x00ff3792
                                    0x00ff3795
                                    0x00000000
                                    0x00ff3795
                                    0x00000000
                                    0x00ff3779
                                    0x00ff3798
                                    0x00000000
                                    0x00ff3798
                                    0x00000000
                                    0x00ff3768
                                    0x00ff379b
                                    0x00ff379b
                                    0x00ff3751
                                    0x00ff3749
                                    0x00000000
                                    0x00ff3740
                                    0x00f991a0
                                    0x00f991a3
                                    0x00f991a9
                                    0x00f991b0
                                    0x00000000
                                    0x00f991b0
                                    0x00f99187
                                    0x00f991b4
                                    0x00f991b4
                                    0x00f991bb
                                    0x00f991c0
                                    0x00f991c5
                                    0x00f991c7
                                    0x00ff37da
                                    0x00f991cd
                                    0x00f991cd
                                    0x00f991cd
                                    0x00f991d2
                                    0x00f991d5
                                    0x00f99239
                                    0x00f99239
                                    0x00f991d7
                                    0x00f991db
                                    0x00f991e1
                                    0x00f991e7
                                    0x00f991fd
                                    0x00f99203
                                    0x00f9921e
                                    0x00f99223
                                    0x00000000
                                    0x00f99205
                                    0x00f99205
                                    0x00f99208
                                    0x00f9920c
                                    0x00f99214
                                    0x00f99214
                                    0x00f9920c
                                    0x00f991e9
                                    0x00f991e9
                                    0x00f991ee
                                    0x00f991f3
                                    0x00f991f3
                                    0x00f991f3
                                    0x00f991e7
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00f99134
                                    0x00f99125
                                    0x00f9911d
                                    0x00f9914e
                                    0x00f990d1
                                    0x00f990d1
                                    0x00f990d3
                                    0x00f990d6
                                    0x00f990d8
                                    0x00000000
                                    0x00f990d8
                                    0x00f990cf

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0abd061d21c501a136f667d8514c627217679da87c0e58011d5c70aa1a07abc5
                                    • Instruction ID: b3521a515d036c6e5a6bccf0fb5092b5381d5b5e59367c4a481ae477f770d946
                                    • Opcode Fuzzy Hash: 0abd061d21c501a136f667d8514c627217679da87c0e58011d5c70aa1a07abc5
                                    • Instruction Fuzzy Hash: B501A4729096048FE7259F28DC40B157BA9FF45320F26807AE5558F6A1C3B5DC41DB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0102C450 Relevance: .1, Instructions: 53COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 46%
                                    			E0102C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E00FD9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E00FD95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E00FD95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E00FD95D0();
				return L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                    0x0102c458
                                    0x0102c45d
                                    0x0102c466
                                    0x0102c468
                                    0x0102c469
                                    0x0102c46a
                                    0x0102c46b
                                    0x0102c46e
                                    0x0102c46f
                                    0x0102c471
                                    0x0102c476
                                    0x0102c476
                                    0x0102c47c
                                    0x0102c47e
                                    0x0102c480
                                    0x0102c480
                                    0x0102c483
                                    0x0102c484
                                    0x0102c486
                                    0x0102c488
                                    0x0102c48f
                                    0x0102c491
                                    0x0102c493
                                    0x0102c493
                                    0x0102c48f
                                    0x0102c498
                                    0x0102c49e
                                    0x0102c4ad
                                    0x0102c4ad
                                    0x0102c4b2
                                    0x0102c4b4
                                    0x0102c4cd

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                    • Instruction ID: 005773d1b155ba41a67765be3c0cbdef1a84fe12c430a90c66de32ed4da48731
                                    • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                    • Instruction Fuzzy Hash: 6C01F572140605BFE721AF69CD81EA7FBAEFF44390F144125F24447660CB35ECA0DAA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01064015 Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 86%
                                    			E01064015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E00FB2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E00FB2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x10886ac);
					E00F9F900(0x10886d4, _t28);
					E00FAFFB0(0x10886ac, _t28, 0x10886ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E00FAFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                    0x0106401a
                                    0x0106401e
                                    0x01064023
                                    0x01064028
                                    0x01064029
                                    0x0106402b
                                    0x0106402f
                                    0x01064043
                                    0x01064046
                                    0x01064051
                                    0x01064057
                                    0x0106405f
                                    0x01064062
                                    0x01064067
                                    0x0106406f
                                    0x0106407c
                                    0x0106407c
                                    0x0106408c
                                    0x0106408c
                                    0x01064097

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 70c2d3b58cc8730c561cc3e1d5e9dbf2e7807dc4d6348f186f081de139d5c5aa
                                    • Instruction ID: e3a5005e8357aa74f3fa13974d1658bd68b1d6e12eef78dc22b46d87e67be67f
                                    • Opcode Fuzzy Hash: 70c2d3b58cc8730c561cc3e1d5e9dbf2e7807dc4d6348f186f081de139d5c5aa
                                    • Instruction Fuzzy Hash: 010184712416457FD655BB6ACD81E53B7ACFF49750B000225B548CBA12CB38EC11DAE4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0105138A Relevance: .0, Instructions: 48COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 61%
                                    			E0105138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x108d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E00FDFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E00FB7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E00FDB640(E00FD9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                    0x0105138a
                                    0x0105138a
                                    0x01051399
                                    0x010513a3
                                    0x010513a8
                                    0x010513aa
                                    0x010513b5
                                    0x010513bb
                                    0x010513c3
                                    0x010513c6
                                    0x010513c9
                                    0x010513d4
                                    0x010513e6
                                    0x010513d6
                                    0x010513df
                                    0x010513df
                                    0x010513f1
                                    0x010513f2
                                    0x010513f4
                                    0x010513f9
                                    0x0105140e

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5f05ad9e0108aab16acb64c35366380713f66b19a3a2be9f38c21c2664c7d4fb
                                    • Instruction ID: 806e60232f169fa73c7b0999cf2a01cd90f154378b6ae031b8a4c0e8cfe7925b
                                    • Opcode Fuzzy Hash: 5f05ad9e0108aab16acb64c35366380713f66b19a3a2be9f38c21c2664c7d4fb
                                    • Instruction Fuzzy Hash: 24019271A04218AFCB10EFA9D842FAEBBB8EF44700F044066B904EB381D678DA00DB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 010514FB Relevance: .0, Instructions: 48COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 61%
                                    			E010514FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x108d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E00FDFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E00FB7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E00FDB640(E00FD9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                    0x010514fb
                                    0x010514fb
                                    0x0105150a
                                    0x01051514
                                    0x01051519
                                    0x0105151b
                                    0x01051526
                                    0x0105152c
                                    0x01051534
                                    0x01051537
                                    0x0105153a
                                    0x01051545
                                    0x01051557
                                    0x01051547
                                    0x01051550
                                    0x01051550
                                    0x01051562
                                    0x01051563
                                    0x01051565
                                    0x0105156a
                                    0x0105157f

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 36a625ef33d01f8c7971cf756b4e919f1f9c9b78f72f4d96eee39303413355cb
                                    • Instruction ID: 0ef7842f67fe717971c364ad3117dc8bc970812b47f442284510d59edd2e6ea8
                                    • Opcode Fuzzy Hash: 36a625ef33d01f8c7971cf756b4e919f1f9c9b78f72f4d96eee39303413355cb
                                    • Instruction Fuzzy Hash: B0019271A01258EFCB10EFA9D842FAEBBB8EF44700F044066F905EB381D678DA00DB94
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F958EC Relevance: .0, Instructions: 47COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 91%
                                    			E00F958EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x108d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0xf75c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E00F95943() != 0 &&  *0x1085320 > 5) {
					E01017B5E( &_v44, _t27);
					_t22 =  &_v28;
					E01017B5E( &_v28, _t28);
					_t11 = E01017B9C(0x1085320, 0xf7bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E00FDB640(_t11, _t17, _v8 ^ _t29, 0xf7bf15, _t27, _t28);
			}















                                    0x00f958fb
                                    0x00f958fe
                                    0x00f95906
                                    0x00f9590a
                                    0x00f9593c
                                    0x00f9593c
                                    0x00f9590c
                                    0x00f9590c
                                    0x00f95911
                                    0x00000000
                                    0x00f95913
                                    0x00f95913
                                    0x00f95913
                                    0x00f95911
                                    0x00f9591d
                                    0x00ff1035
                                    0x00ff103c
                                    0x00ff103f
                                    0x00ff1056
                                    0x00ff1056
                                    0x00f9593b

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: be3ad2529a84696fb479c029983af76eab54c059a40809a905c698e58c201bc5
                                    • Instruction ID: 874af599c2f27d6a6808b9068c7de0ca4ddb2449b7e2f5e90a6691e750ff6153
                                    • Opcode Fuzzy Hash: be3ad2529a84696fb479c029983af76eab54c059a40809a905c698e58c201bc5
                                    • Instruction Fuzzy Hash: 4101F232A00908DBEB15EF68DC00AAE73A8FF84B30F54806AE945AB244DF30DD01E790
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FAB02A Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FAB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E00FB7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E01017016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                    0x00fab037
                                    0x00fab039
                                    0x00fab03b
                                    0x00fab040
                                    0x00ffa60e
                                    0x00000000
                                    0x00000000
                                    0x00ffa61d
                                    0x00fab04b
                                    0x00fab04e
                                    0x00ffa627
                                    0x00ffa634
                                    0x00000000
                                    0x00000000
                                    0x00ffa641
                                    0x00ffa653
                                    0x00ffa643
                                    0x00ffa64c
                                    0x00ffa64c
                                    0x00ffa65b
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00ffa66c
                                    0x00fab057
                                    0x00fab057
                                    0x00fab057
                                    0x00fab046
                                    0x00fab046
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                    • Instruction ID: fd9d7464e4d38e2781ea2a0043e7aecf01245c00595908cca75cadd62e254d10
                                    • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                    • Instruction Fuzzy Hash: D10184B2604684DFD322871DC944F7777DCEF46B60F0980A1FA19CB662D768DC40E621
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01061074 Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E01061074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0106165E(__ebx, 0x1088ae4, (__edx -  *0x1088b04 >> 0x14) + (__edx -  *0x1088b04 >> 0x14), __edi, __ecx, (__edx -  *0x1088b04 >> 0x14) + (__edx -  *0x1088b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0105AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E00FB7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0104FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                    0x01061074
                                    0x01061080
                                    0x01061082
                                    0x0106108a
                                    0x0106108f
                                    0x01061093
                                    0x010610ab
                                    0x010610ab
                                    0x010610c3
                                    0x010610cf
                                    0x010610e1
                                    0x010610d1
                                    0x010610da
                                    0x010610da
                                    0x010610e9
                                    0x010610f5
                                    0x010610f5
                                    0x010610fe

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fcc7d3a579dedcad17e7056a1a007de805c87d97beb4e18e55b93f5f979ca38d
                                    • Instruction ID: bada2da7e99298b599f02594fe3010017fec459af2ead31bdc80768fe674e9a4
                                    • Opcode Fuzzy Hash: fcc7d3a579dedcad17e7056a1a007de805c87d97beb4e18e55b93f5f979ca38d
                                    • Instruction Fuzzy Hash: 56014C726087429FD750EF69C940B5B7BE9ABC4310F04CA29FDC583290DE75D840CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01051751 Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 63%
                                    			E01051751(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				void* __edi;
				void* __esi;
				void* _t17;
				signed char* _t18;
				intOrPtr _t24;
				void* _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				void* _t33;
				intOrPtr _t34;
				intOrPtr _t35;
				signed int _t36;

				_t29 = __edx;
				_t24 = __ebx;
				_v8 =  *0x108d360 ^ _t36;
				_t31 = __edx;
				_t34 = __ecx;
				E00FDFA60( &_v52, 0, 0x2c);
				_v20 = _t34;
				_v46 = 0x103a;
				_v16 = _t31;
				_v12 = _a4;
				_t17 = E00FB7D50();
				_t32 = _t30;
				_t35 = _t33;
				if(_t17 == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E00FDB640(E00FD9AE0(), _t24, _v8 ^ _t36, _t29, _t32, _t35);
			}





















                                    0x01051751
                                    0x01051751
                                    0x01051760
                                    0x0105176a
                                    0x0105176f
                                    0x01051771
                                    0x0105177b
                                    0x01051781
                                    0x01051788
                                    0x0105178b
                                    0x0105178e
                                    0x01051793
                                    0x01051794
                                    0x01051797
                                    0x010517a9
                                    0x01051799
                                    0x010517a2
                                    0x010517a2
                                    0x010517b4
                                    0x010517b5
                                    0x010517b7
                                    0x010517bc
                                    0x010517cf

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 51678700f41424295c1b83d62ba62598dea4599f50e9609ddb7957e81f0da878
                                    • Instruction ID: 157851f9e0bb755180d5e6a78ed6e5f64ac20a8bc47a4aad75fcb65148a34127
                                    • Opcode Fuzzy Hash: 51678700f41424295c1b83d62ba62598dea4599f50e9609ddb7957e81f0da878
                                    • Instruction Fuzzy Hash: 3F017171A04218ABD710EBA9D806FAFBBB8EF84700F04406AF945EB381DA78D900C794
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0104FE3F Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 59%
                                    			E0104FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x108d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E00FDFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E00FB7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E00FDB640(E00FD9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                    0x0104fe3f
                                    0x0104fe3f
                                    0x0104fe4e
                                    0x0104fe58
                                    0x0104fe5d
                                    0x0104fe5f
                                    0x0104fe6a
                                    0x0104fe72
                                    0x0104fe75
                                    0x0104fe78
                                    0x0104fe83
                                    0x0104fe95
                                    0x0104fe85
                                    0x0104fe8e
                                    0x0104fe8e
                                    0x0104fea0
                                    0x0104fea1
                                    0x0104fea3
                                    0x0104fea8
                                    0x0104febd

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0ab38a7d29750b2ba99dd5d06fd74819df7e910fc8444a19549dbdb6918715e4
                                    • Instruction ID: ba8b41d20db9a2b7faa5b5ec705eff3900dfbfa8b4374ed76162facd0ca14100
                                    • Opcode Fuzzy Hash: 0ab38a7d29750b2ba99dd5d06fd74819df7e910fc8444a19549dbdb6918715e4
                                    • Instruction Fuzzy Hash: 9C01A771E04218AFDB14EFA9D846FAEBBB8EF44B00F044066F900EB381DA79D901D795
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0104FEC0 Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 59%
                                    			E0104FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x108d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E00FDFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E00FB7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E00FDB640(E00FD9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                    0x0104fec0
                                    0x0104fec0
                                    0x0104fecf
                                    0x0104fed9
                                    0x0104fede
                                    0x0104fee0
                                    0x0104feeb
                                    0x0104fef3
                                    0x0104fef6
                                    0x0104fef9
                                    0x0104ff04
                                    0x0104ff16
                                    0x0104ff06
                                    0x0104ff0f
                                    0x0104ff0f
                                    0x0104ff21
                                    0x0104ff22
                                    0x0104ff24
                                    0x0104ff29
                                    0x0104ff3e

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 635323d9a7c89a3dec1359b1107aabb4c3f8a0053ee72ec2306efb73428ee0d7
                                    • Instruction ID: b00771043715d36557b49765e4e500f0eaf16c69606e002d7d751e265d01f9c8
                                    • Opcode Fuzzy Hash: 635323d9a7c89a3dec1359b1107aabb4c3f8a0053ee72ec2306efb73428ee0d7
                                    • Instruction Fuzzy Hash: 91018471A04218ABDB14EFA9D846FAEBBB8EF45700F044066B901AB381DA79DA01C794
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01068A62 Relevance: .0, Instructions: 44COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 54%
                                    			E01068A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x108d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E00FB7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E00FDB640(E00FD9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                    0x01068a62
                                    0x01068a71
                                    0x01068a79
                                    0x01068a82
                                    0x01068a85
                                    0x01068a89
                                    0x01068a8c
                                    0x01068a8f
                                    0x01068a92
                                    0x01068a95
                                    0x01068a9f
                                    0x01068ab1
                                    0x01068aa1
                                    0x01068aaa
                                    0x01068aaa
                                    0x01068abc
                                    0x01068abd
                                    0x01068abf
                                    0x01068ac4
                                    0x01068ada

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2cfbf9b2e8f682765022098f52bf2abb8da069f7f1b40dd5a61876e2a22acbd2
                                    • Instruction ID: 8c08a07350a0bc3bdcf3d4c686cd636afc2345c487825e38c46413731d6db850
                                    • Opcode Fuzzy Hash: 2cfbf9b2e8f682765022098f52bf2abb8da069f7f1b40dd5a61876e2a22acbd2
                                    • Instruction Fuzzy Hash: 43012C71A0431CAFDB00DFA9D9419EEBBB8EF48310F14405AFA04E7341D638A900CBA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01068ED6 Relevance: .0, Instructions: 44COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 54%
                                    			E01068ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x108d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E00FB7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E00FDB640(E00FD9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                    0x01068ed6
                                    0x01068ee5
                                    0x01068eed
                                    0x01068ef0
                                    0x01068efa
                                    0x01068f03
                                    0x01068f0c
                                    0x01068f15
                                    0x01068f24
                                    0x01068f27
                                    0x01068f31
                                    0x01068f43
                                    0x01068f33
                                    0x01068f3c
                                    0x01068f3c
                                    0x01068f4e
                                    0x01068f4f
                                    0x01068f51
                                    0x01068f56
                                    0x01068f69

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 07ae0c6b0026a51438dd02f501c28349953a4c92bed7f737779e45977ce20d43
                                    • Instruction ID: 56ada5a09b671f8757bbdaf152c8b42967bfb500e51c4dc269b85410f43283b6
                                    • Opcode Fuzzy Hash: 07ae0c6b0026a51438dd02f501c28349953a4c92bed7f737779e45977ce20d43
                                    • Instruction Fuzzy Hash: 7E111270A042199FD704DFA9D441BAEB7F4FF08300F0442AAE558EB382D638D940DB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F9DB60 Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00F9DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E00F9DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E00F9E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L00F9E8B0(__ecx, _t14, 0xfff);
							L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                    0x00f9db64
                                    0x00f9db66
                                    0x00f9db6b
                                    0x00f9dbaa
                                    0x00f9db71
                                    0x00f9db76
                                    0x00f9db7a
                                    0x00f9dba3
                                    0x00f9db7c
                                    0x00f9db87
                                    0x00f9db8b
                                    0x00ff4fa1
                                    0x00ff4fb3
                                    0x00ff4fb8
                                    0x00f9db91
                                    0x00f9db96
                                    0x00f9db98
                                    0x00f9db98
                                    0x00f9db8b
                                    0x00f9db7a
                                    0x00f9db9d
                                    0x00f9dba2

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                    • Instruction ID: 6a7cdf112b29aa4596f74c00354eaabc6bac5177704a27766b445e00e23bef4d
                                    • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                    • Instruction Fuzzy Hash: 86F09C336456629BFB326E954C91F67B6959FC1B64F370035F2059B344CF648C02B6D1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F9B1E1 Relevance: .0, Instructions: 42COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00F9B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E00FB7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E00FB7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E01017016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                    0x00f9b1e8
                                    0x00f9b1ea
                                    0x00f9b1f3
                                    0x00ff4a17
                                    0x00f9b1f9
                                    0x00f9b1f9
                                    0x00f9b1f9
                                    0x00f9b201
                                    0x00ff4a21
                                    0x00ff4a2e
                                    0x00000000
                                    0x00000000
                                    0x00ff4a3b
                                    0x00ff4a4d
                                    0x00ff4a3d
                                    0x00ff4a46
                                    0x00ff4a46
                                    0x00ff4a55
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00f9b20a
                                    0x00f9b20a
                                    0x00f9b20a
                                    0x00f9b20a

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                    • Instruction ID: b981f084b4079dc44c1eae6d6e9853346a19a151359e936c7f809a421aebc920
                                    • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                    • Instruction Fuzzy Hash: B201D1326406849BE7239B5ED904FAA7B98EF91760F0800A1FA148B6B2D77CDC00E614
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0102FE87 Relevance: .0, Instructions: 38COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 46%
                                    			E0102FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x108d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E00FB7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E00FDB640(E00FD9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                    0x0102fe96
                                    0x0102fe9e
                                    0x0102fea1
                                    0x0102fead
                                    0x0102feb3
                                    0x0102feb9
                                    0x0102fec3
                                    0x0102fed5
                                    0x0102fec5
                                    0x0102fece
                                    0x0102fece
                                    0x0102fee0
                                    0x0102fee1
                                    0x0102fee3
                                    0x0102fee8
                                    0x0102fefb

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 144de7ece02b58290f2132f44479f180b148c79eb6895daff3ef228819420c48
                                    • Instruction ID: bf43c75170c6c7ff80c3b943ff9a77714130123ee052b9ead3b2b656f78a537a
                                    • Opcode Fuzzy Hash: 144de7ece02b58290f2132f44479f180b148c79eb6895daff3ef228819420c48
                                    • Instruction Fuzzy Hash: 69016270A04219EFCB14DFA8D942A6EB7F4EF08700F144199F944DB382D639D901DB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0105131B Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 48%
                                    			E0105131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x108d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E00FB7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E00FDB640(E00FD9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                    0x0105131b
                                    0x0105132a
                                    0x01051330
                                    0x01051336
                                    0x0105133e
                                    0x01051341
                                    0x01051344
                                    0x0105134f
                                    0x01051361
                                    0x01051351
                                    0x0105135a
                                    0x0105135a
                                    0x0105136c
                                    0x0105136d
                                    0x0105136f
                                    0x01051374
                                    0x01051387

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ec5b67dc55ea742995fcb5c80607b8ea1a9cc977005cb6842a40cb6178119c4b
                                    • Instruction ID: 2e885b0f740935cddc3f58952fd9a5b0689a2b3514e4a97e5cbf62fd4c8488f1
                                    • Opcode Fuzzy Hash: ec5b67dc55ea742995fcb5c80607b8ea1a9cc977005cb6842a40cb6178119c4b
                                    • Instruction Fuzzy Hash: 61013171A05208AFCB44EFA9D945AAEB7F4FF48700F00805ABD45EB382E674DA00DB54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01068F6A Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 48%
                                    			E01068F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x108d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E00FB7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E00FDB640(E00FD9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                    0x01068f6a
                                    0x01068f79
                                    0x01068f81
                                    0x01068f84
                                    0x01068f8b
                                    0x01068f91
                                    0x01068f94
                                    0x01068f9e
                                    0x01068fb0
                                    0x01068fa0
                                    0x01068fa9
                                    0x01068fa9
                                    0x01068fbb
                                    0x01068fbc
                                    0x01068fbe
                                    0x01068fc3
                                    0x01068fd6

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 411b0f186ab4abee1483e99b1619c6f1fded625609e9b9ca08c3125ffc3c522b
                                    • Instruction ID: d3cba581bc4067783fec3c2005d944bd1280f60eabdfa70c78b5646003149f07
                                    • Opcode Fuzzy Hash: 411b0f186ab4abee1483e99b1619c6f1fded625609e9b9ca08c3125ffc3c522b
                                    • Instruction Fuzzy Hash: 40014474A0420CAFDB00EFA8D945AAEB7F4EF48300F10845AB945EB381DA78DA00DB94
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01051608 Relevance: .0, Instructions: 34COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 46%
                                    			E01051608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x108d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E00FB7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E00FDB640(E00FD9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                    0x01051608
                                    0x01051617
                                    0x0105161d
                                    0x01051625
                                    0x01051628
                                    0x0105162b
                                    0x01051636
                                    0x01051648
                                    0x01051638
                                    0x01051641
                                    0x01051641
                                    0x01051653
                                    0x01051654
                                    0x01051656
                                    0x0105165b
                                    0x0105166e

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e18921cedc1fd6fe90e5fa6448490ecbbf622d505b4e84f8e296c3c971ffd132
                                    • Instruction ID: 23060b0bdb7ab39eb843bb1ef9dab7226d35de01d3436b957e9c7e7607ff2cb1
                                    • Opcode Fuzzy Hash: e18921cedc1fd6fe90e5fa6448490ecbbf622d505b4e84f8e296c3c971ffd132
                                    • Instruction Fuzzy Hash: C8F04F71A04258EFDB14EFA9D846AAEB7F4AF18300F044099B945EB381E678D900DB54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FBC577 Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FBC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E00FBC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0xf711cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E010688F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                    0x00fbc577
                                    0x00fbc57d
                                    0x00fbc581
                                    0x00fbc5b5
                                    0x00fbc5b9
                                    0x00fbc5ce
                                    0x00fbc5ce
                                    0x00fbc5ca
                                    0x00000000
                                    0x00fbc5ca
                                    0x00fbc5c4
                                    0x00fbc5c8
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fbc5ad
                                    0x00000000
                                    0x00fbc5af

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f5d1980cb8fbd363af8206c84429318cb149576bbfa01540d41d1070d2dc89ca
                                    • Instruction ID: bf1501cd5ffe95b31e9e01dcec71c289fddec4829dffdfcc0c0eb0e6e2940d13
                                    • Opcode Fuzzy Hash: f5d1980cb8fbd363af8206c84429318cb149576bbfa01540d41d1070d2dc89ca
                                    • Instruction Fuzzy Hash: 24F09AB7D156909ED7318B2A8044BA37BE89B05770F5C8467E60A87601C6A4FC80EAD1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01052073 Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 94%
                                    			E01052073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0104FD22(__ecx);
				_t19 =  *0x108849c - _t3; // 0x275ea2a5
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1088748; // 0x0
					if(__eflags <= 0) {
						E01051C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1088724 & 0x00000004;
							if(( *0x1088724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1088724; // 0x0
					return E01048DF1(__ebx, 0xc0000374, 0x1085890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                    0x01052076
                                    0x01052078
                                    0x0105207d
                                    0x01052083
                                    0x010520a4
                                    0x010520aa
                                    0x010520ac
                                    0x010520b7
                                    0x010520ba
                                    0x010520bc
                                    0x010520c9
                                    0x010520c9
                                    0x010520d0
                                    0x010520d2
                                    0x00000000
                                    0x010520d2
                                    0x010520be
                                    0x010520c3
                                    0x010520c5
                                    0x010520c7
                                    0x00000000
                                    0x00000000
                                    0x010520c7
                                    0x010520bc
                                    0x010520d4
                                    0x01052085
                                    0x01052085
                                    0x010520a3
                                    0x010520a3

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 98cb868f34ea7e3874b6d89b082ebaced2726420634a8e1550085593592201ff
                                    • Instruction ID: f81b174807533457e8352fe38be5e308e16c8cc3f9b67d72b07c63c99b7ddf00
                                    • Opcode Fuzzy Hash: 98cb868f34ea7e3874b6d89b082ebaced2726420634a8e1550085593592201ff
                                    • Instruction Fuzzy Hash: EAF0E27641A1858BDFF67B6C64003E72FD2EB55110B4964C6E9D017206C53A8883CB10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD927A Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 54%
                                    			E00FD927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L00FB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E00FDFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E00FD92C6(_t11, _t14);
				}
				return _t11;
			}





                                    0x00fd9295
                                    0x00fd9299
                                    0x00fd929f
                                    0x00fd92aa
                                    0x00fd92ad
                                    0x00fd92ae
                                    0x00fd92af
                                    0x00fd92b0
                                    0x00fd92b4
                                    0x00fd92bb
                                    0x00fd92bb
                                    0x00fd92c5

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                    • Instruction ID: 64e7752851c2a890caf92086b6cbd5e8fc8edc5b9aa513d2aefc061dcafe5b89
                                    • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                    • Instruction Fuzzy Hash: C4E09B327405406BD7119E56DC85F57776EDF82721F084079B5045E343C6E9DD0997A0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01068D34 Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 43%
                                    			E01068D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x108d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E00FB7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E00FDB640(E00FD9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                    0x01068d34
                                    0x01068d43
                                    0x01068d4b
                                    0x01068d4e
                                    0x01068d52
                                    0x01068d5c
                                    0x01068d6e
                                    0x01068d5e
                                    0x01068d67
                                    0x01068d67
                                    0x01068d79
                                    0x01068d7a
                                    0x01068d7c
                                    0x01068d81
                                    0x01068d94

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c110733e1848e382ec9ab87e2f0612a69c62f984497d9529b180d509020612f4
                                    • Instruction ID: 721d7c13f0ba0a6e7f45e90d4a14a2d3536c50a8d16c79efc2000d89ae80bc18
                                    • Opcode Fuzzy Hash: c110733e1848e382ec9ab87e2f0612a69c62f984497d9529b180d509020612f4
                                    • Instruction Fuzzy Hash: D6F0B470A08708AFD714EFB8D842A6E77B8EF18300F10809AF945EB381EA38D900DB54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01068B58 Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 36%
                                    			E01068B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x108d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E00FB7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E00FDB640(E00FD9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                    0x01068b67
                                    0x01068b6f
                                    0x01068b72
                                    0x01068b7d
                                    0x01068b8f
                                    0x01068b7f
                                    0x01068b88
                                    0x01068b88
                                    0x01068b9a
                                    0x01068b9b
                                    0x01068b9d
                                    0x01068ba2
                                    0x01068bb5

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 858334b32d1b8bccbf19286c8d666219e5e2c13cc47faeeb43c58e8739b6f08f
                                    • Instruction ID: 7bea5599263819eaa95b8195926e6fadd90df257a01d47a188ea2d45fa0852cd
                                    • Opcode Fuzzy Hash: 858334b32d1b8bccbf19286c8d666219e5e2c13cc47faeeb43c58e8739b6f08f
                                    • Instruction Fuzzy Hash: 42F082B0A08258ABDB10EBA8D906E6E77B8EF04300F04449ABA45DB3C1EA78D900D794
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FB746D Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 88%
                                    			E00FB746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E00FAEB70(__ecx, 0x10879a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E00FD95D0();
							L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                    0x00fb746d
                                    0x00fb746d
                                    0x00fb746d
                                    0x00fb7471
                                    0x00fb7488
                                    0x00fff92d
                                    0x00fb748e
                                    0x00fb7491
                                    0x00fb7495
                                    0x00fff937
                                    0x00fff93a
                                    0x00fff94e
                                    0x00fff953
                                    0x00fff956
                                    0x00fff956
                                    0x00fb7495
                                    0x00000000
                                    0x00fb7488
                                    0x00fb7473
                                    0x00fb7478
                                    0x00fb747d
                                    0x00fb7481
                                    0x00000000
                                    0x00fb7481
                                    0x00fb747d
                                    0x00fb747a
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 33a24f1f6dc3775e83363d2730f7f061f09630779c2ba8d71e54589fe28e78ab
                                    • Instruction ID: 185dbc97e372b031ae304c95ec5ee75f9933685f36c44534589665e42c646ff6
                                    • Opcode Fuzzy Hash: 33a24f1f6dc3775e83363d2730f7f061f09630779c2ba8d71e54589fe28e78ab
                                    • Instruction Fuzzy Hash: A6F0E935A0C344EACF11F769CC40BF9BBB1AF84361F240265E491AB161E7A89C00FF85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01068CD6 Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 36%
                                    			E01068CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x108d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E00FB7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E00FDB640(E00FD9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                    0x01068ce5
                                    0x01068ced
                                    0x01068cf0
                                    0x01068cfb
                                    0x01068d0d
                                    0x01068cfd
                                    0x01068d06
                                    0x01068d06
                                    0x01068d18
                                    0x01068d19
                                    0x01068d1b
                                    0x01068d20
                                    0x01068d33

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a7c0276472e222abb6a9b35c12cd30b2dafc9010b5aa3c647170f8f2e41d869f
                                    • Instruction ID: cacff79bc0c4068183b10c6e44a470c0bb35dadcd28019e2aeb069f4e363c257
                                    • Opcode Fuzzy Hash: a7c0276472e222abb6a9b35c12cd30b2dafc9010b5aa3c647170f8f2e41d869f
                                    • Instruction Fuzzy Hash: E9F08970A08208ABDB04EFA9D946D6E77B8EF59300F14419AF955EB3C1DA38D900D754
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F94F2E Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00F94F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E010688F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E00FBC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0xf71030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                    0x00f94f2e
                                    0x00f94f34
                                    0x00f94f38
                                    0x00ff0b85
                                    0x00ff0b85
                                    0x00ff0b89
                                    0x00ff0b9a
                                    0x00ff0b9a
                                    0x00ff0b9f
                                    0x00000000
                                    0x00ff0b9f
                                    0x00ff0b94
                                    0x00ff0b98
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00ff0b98
                                    0x00f94f3e
                                    0x00f94f48
                                    0x00000000
                                    0x00f94f6e
                                    0x00000000
                                    0x00f94f70

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ca2a5d5e753741650203846d65fdb5d1df99d91075f4f211ee512be54e981a5f
                                    • Instruction ID: 758b90be3b3713d3ffdad834b661b799caf01200610e7f64d6ba2f62f3598ee2
                                    • Opcode Fuzzy Hash: ca2a5d5e753741650203846d65fdb5d1df99d91075f4f211ee512be54e981a5f
                                    • Instruction Fuzzy Hash: 22F0BE329296888FDB70CB18C140F32B7D8AF507B8F048465D605C7932CB24EC85E684
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FCA44B Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FCA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1087b9c; // 0x0
				_t15 = __ecx;
				_t16 = L00FB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E00FDFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                    0x00fca44b
                                    0x00fca453
                                    0x00fca472
                                    0x00fca476
                                    0x00000000
                                    0x00fca493
                                    0x00fca47a
                                    0x00fca47f
                                    0x00fca486
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1988300ce8c27a6566eae4a9026d6e06ba04de010cbc2470b37c8e2d499f74c0
                                    • Instruction ID: 609bb843fce5224e11424a043d0990282b6935fb2ad505b1afbb393c3aeb164f
                                    • Opcode Fuzzy Hash: 1988300ce8c27a6566eae4a9026d6e06ba04de010cbc2470b37c8e2d499f74c0
                                    • Instruction Fuzzy Hash: E0E02272A01421ABC2219E18AC01F66B39EDBD1B11F1D0039F604C7224D66CED01D7E0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F9F358 Relevance: .0, Instructions: 28COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 79%
                                    			E00F9F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E00FCF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L00FB4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                    0x00f9f35d
                                    0x00f9f361
                                    0x00f9f367
                                    0x00f9f372
                                    0x00f9f38c
                                    0x00f9f38c
                                    0x00f9f394

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                    • Instruction ID: 7ea74d25fa7b35b3bc39c87053cd39e9d934c5d62b768d5b70e7950f8d5a5de8
                                    • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                    • Instruction Fuzzy Hash: 35E0D832A50118BBDB25AAD99E06F9ABBADDB44B60F000165B904D7151D5699D00E6D0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC4710 Relevance: .0, Instructions: 28COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FC4710(intOrPtr* _a4) {
				void* _t5;
				intOrPtr _t12;
				intOrPtr* _t14;

				_t5 = E00FB7D50();
				if(_t5 != 0) {
					_t12 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x10));
					L3:
					 *_a4 = _t12;
					L4:
					return 1;
				}
				if( *0x7ffe0268 == _t5) {
					_t14 = _a4;
					if(E010464FB(_t14) >= 0) {
						goto L4;
					}
					 *_t14 = 1;
					return 0;
				}
				_t12 =  *0x7ffe0264;
				goto L3;
			}






                                    0x00fc4716
                                    0x00fc471d
                                    0x01006655
                                    0x00fc4735
                                    0x00fc4738
                                    0x00fc473a
                                    0x00000000
                                    0x00fc473a
                                    0x00fc4729
                                    0x0100662d
                                    0x01006639
                                    0x00000000
                                    0x00000000
                                    0x01006641
                                    0x00000000
                                    0x01006641
                                    0x00fc472f
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
                                    • Instruction ID: b06684d76f7a8fdda4a90192720297c1b9e6c9188faa58d6d9c2f947e41c7da1
                                    • Opcode Fuzzy Hash: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
                                    • Instruction Fuzzy Hash: CDF0E5762043019FDB06DF15D550FA53BE5AF8A360F100098EC818B351DB32F841DB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FAFF60 Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FAFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0xf711a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E010688F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E00FB0050(_t14);
				}
			}










                                    0x00faff66
                                    0x00faff6b
                                    0x00000000
                                    0x00faff8f
                                    0x00000000
                                    0x00faff8f

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a11b6163a01121302c8c442ab178d3abef0c81d5dabb6a4142da61d92526545c
                                    • Instruction ID: 16e2949b8d0c0afa2b2d654ecbf156f6c3fb46e321531b82128d75e4ca8365d1
                                    • Opcode Fuzzy Hash: a11b6163a01121302c8c442ab178d3abef0c81d5dabb6a4142da61d92526545c
                                    • Instruction Fuzzy Hash: 08E0DFF9A053049FD734DB96D0C0F25379CAB63731F19823EE0084F102C621DC88E646
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC3F33 Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FC3F33(void* __ecx, signed char _a4) {
				signed int _t12;

				if(( *(__ecx + 0x40) & 0x75010f63) != 2 || ( *( *[fs:0x30] + 0x68) & 0x00000800) != 0) {
					return 0;
				} else {
					if((_a4 & 0x00000001) != 0) {
						_t12 = 1;
					} else {
						_t12 =  *0x1086240; // 0x4
					}
					return 0x7d0 + _t12 * 0x3480;
				}
			}




                                    0x00fc3f43
                                    0x00000000
                                    0x00fc3f54
                                    0x00fc3f58
                                    0x00fc3f70
                                    0x00fc3f5a
                                    0x00fc3f5a
                                    0x00fc3f5a
                                    0x00000000
                                    0x00fc3f65

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e7fdef9d3692a52861ff42366fd6ea74c9d9ee9c957ef46b1bf862bbb227afb1
                                    • Instruction ID: a61a4c1c7382386e72011873c7a736432af2fac548fc981ede85767352b3ebe2
                                    • Opcode Fuzzy Hash: e7fdef9d3692a52861ff42366fd6ea74c9d9ee9c957ef46b1bf862bbb227afb1
                                    • Instruction Fuzzy Hash: 26E0D833D1424657D7259614C683F1537BCF7617A8F20C82DE445CE441D66AEA81E588
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 010241E8 Relevance: .0, Instructions: 21COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 82%
                                    			E010241E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x10708f0);
				_t5 = E00FED08C(__ebx, __edi, __esi);
				if( *0x10887ec == 0) {
					E00FAEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x10887ec == 0) {
						 *0x10887f0 = 0x10887ec;
						 *0x10887ec = 0x10887ec;
						 *0x10887e8 = 0x10887e4;
						 *0x10887e4 = 0x10887e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L01024248();
				}
				return E00FED0D1(_t5);
			}





                                    0x010241e8
                                    0x010241ea
                                    0x010241ef
                                    0x010241fb
                                    0x01024206
                                    0x0102420b
                                    0x01024216
                                    0x0102421d
                                    0x01024222
                                    0x0102422c
                                    0x01024231
                                    0x01024231
                                    0x01024236
                                    0x0102423d
                                    0x0102423d
                                    0x01024247

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6409b2637ba16fe972cb82f4c4047edb84a4021364053a2931c8e5ae2509cdeb
                                    • Instruction ID: 9df621dc28b8d2a51f971d5b0eec515d4001b09d118cd9b812206346fe1e97bd
                                    • Opcode Fuzzy Hash: 6409b2637ba16fe972cb82f4c4047edb84a4021364053a2931c8e5ae2509cdeb
                                    • Instruction Fuzzy Hash: 7AF0F2788587408ECBB0FFAAD90170836B4F745B10F80819BE1C086689C73984A4DF01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0104D380 Relevance: .0, Instructions: 21COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0104D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L00F9E8B0(__ecx, _a4, 0xfff);
					L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                    0x0104d38a
                                    0x0104d39b
                                    0x0104d3b1
                                    0x00000000
                                    0x0104d3b6
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                    • Instruction ID: d78e11c83ba69876bcb2ccddfcdeb92d16bfbc4647023b0694da63e30906ab90
                                    • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                    • Instruction Fuzzy Hash: 5EE0C271284244FBEF226E84CC01FA97B56DB507A1F208031FE485A6A2CA75AC91EBC4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FCA185 Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FCA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x10867e4 >= 0xa) {
					if(_t5 < 0x1086800 || _t5 >= 0x1086900) {
						return L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E00FB0010(0x10867e0, _t5);
				}
			}





                                    0x00fca190
                                    0x00fca1a6
                                    0x00fca1c2
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00fca192
                                    0x00fca192
                                    0x00fca19f
                                    0x00fca19f

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b7089f329ec631a104255b87dca2e65af633b3e54bddb7cdad5735e1f3fc61f1
                                    • Instruction ID: cf46fa561adc6b30ab23bf41f7ee72b6cb21864e5519e74073a91d828134fb5a
                                    • Opcode Fuzzy Hash: b7089f329ec631a104255b87dca2e65af633b3e54bddb7cdad5735e1f3fc61f1
                                    • Instruction Fuzzy Hash: 07D02EB11280445ACB2C3310DE16F263212F7C0B18F36088DF1C70A9A0EE6AECD4BA4A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC16E0 Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FC16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E00FC1710(0x10867e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L00FB4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                    0x00fc16e8
                                    0x00fc16ef
                                    0x00fc16f3
                                    0x00fc16fe
                                    0x00000000
                                    0x00fc1700
                                    0x00fc170d
                                    0x00fc170d
                                    0x00fc16f2
                                    0x00fc16f2
                                    0x00fc16f2
                                    0x00fc16f2

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b66e380fe8929f2c47682b8e8f05f45ac7841198990fb2e93e8ade935dc9f0af
                                    • Instruction ID: 8c93ffbec01e1367953b7f600f61e6de307f5fa5ebd40fb351434eb972d6d8f0
                                    • Opcode Fuzzy Hash: b66e380fe8929f2c47682b8e8f05f45ac7841198990fb2e93e8ade935dc9f0af
                                    • Instruction Fuzzy Hash: 6AD0A73110010152DA2D6B119E06F143252FB82B91F38005CF10B494C3CFB5DCB2F448
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 010153CA Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E010153CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E00FAEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                    0x010153ca
                                    0x010153ce
                                    0x010153d9
                                    0x010153de
                                    0x010153e1
                                    0x010153e1
                                    0x010153e6
                                    0x010153f3
                                    0x00000000
                                    0x010153f8
                                    0x010153fb

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                    • Instruction ID: 71693451cae7c2c9e1c8986e483a1c65d534db296b4db03f7d58724f0f6897d5
                                    • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                    • Instruction Fuzzy Hash: B0E08C719047C09BCF12EB49CA50F4EBBF5FB85B40F140044B0085F621C628AC00CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FAAAB0 Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FAAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                    0x00faaab6
                                    0x00faaabb
                                    0x00ffa442
                                    0x00000000
                                    0x00ffa448
                                    0x00ffa454
                                    0x00ffa454
                                    0x00faaac1
                                    0x00faaac1
                                    0x00faaac6
                                    0x00faaac6

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                    • Instruction ID: 72f0ec6627361abc4aa52338f84cd85e86a71b72b787a86f7b18fd5cb2fb78ca
                                    • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                    • Instruction Fuzzy Hash: 03D0C975352E80CFD616CF0CC554B1533A4BB04B40FC50490E500CB761E72CDD44DA00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC35A1 Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FC35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E00FAEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                    0x00fc35a1
                                    0x00fc35a1
                                    0x00fc35a5
                                    0x00fc35ab
                                    0x00fc35ab
                                    0x00fc35b5
                                    0x00000000
                                    0x00fc35c1
                                    0x00fc35b7

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                    • Instruction ID: c0e941fb79d0a46103ee1e6f7c20b8bbc7b54fcae65f3173bfd03fca4c298303
                                    • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                    • Instruction Fuzzy Hash: F9D0A7318011839DDB01AB10C719F683371BB0039CF5C685D900105452C3394F19F602
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F9DB40 Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00F9DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L00FB4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                    0x00f9db4d
                                    0x00f9db54
                                    0x00f9db5f
                                    0x00f9db56
                                    0x00f9db56
                                    0x00f9db5c
                                    0x00f9db5c

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                    • Instruction ID: 5a6b8ea92696c7e5650d454519147a411be930be5d2e76f8cf780f1d6e011541
                                    • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                    • Instruction Fuzzy Hash: 29C08C30290A00AAEB222F20CE02B4077A1BB41B01F4500A07300DA0F2DB7DEC01FA00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0101A537 Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0101A537(intOrPtr _a4, intOrPtr _a8) {

				return L00FB8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                    0x0101a553

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                    • Instruction ID: 32e5d937e325875223d62ca11f1884181fa9796c33df0ba7f0478f6d6a96c07f
                                    • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                    • Instruction Fuzzy Hash: 7CC01232080248BBCB126E82CC02F467F2AEB94BA0F008010BA080A5618A36E971EA84
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FB3A1C Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FB3A1C(intOrPtr _a4) {
				void* _t5;

				return L00FB4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                    0x00fb3a35

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                    • Instruction ID: 439d9b2b53fdc8f7ca93686c8394f786fa5fca7c514cf3d84fb4f5aa00ce31a5
                                    • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                    • Instruction Fuzzy Hash: 7DC04C32180648BBC7126E46DD01F55BB6AE795B60F154021B6040A5628576ED61E998
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00F9AD30 Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00F9AD30(intOrPtr _a4) {

				return L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                    0x00f9ad49

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                    • Instruction ID: 053232f74129dec210aebcd7a0fc2ecb4ae585beaed33093678aeb7d78e0360c
                                    • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                    • Instruction Fuzzy Hash: 53C08C32080288BBC7126A46CD01F017B29E790B60F100020B6040A6628936E860E988
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FA76E2 Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FA76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L00FB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                    0x00fa76e4
                                    0x00000000
                                    0x00fa76f8
                                    0x00fa76fd

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                    • Instruction ID: e90f34986194d609783c2e9b59acf7382f8024002f5ab08df937867b05d9227c
                                    • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                    • Instruction Fuzzy Hash: B4C08CB0549BC85AEB2A7708CE21F203650AB09718F58019CBA010D6A2C36CAC02E618
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC36CC Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FC36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L00FB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                    0x00fc36d2
                                    0x00fc36e8
                                    0x00fc36d4
                                    0x00fc36e5
                                    0x00fc36e5

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                    • Instruction ID: fa3825ff0195642a3bc4da4101070dbb67f52c2de070e535c3b97f1166117f82
                                    • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                    • Instruction Fuzzy Hash: 86C02B70150440BBD7153F30CF02F14B354F700B71F6403587220454F1D52CAC00F500
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC4190 Relevance: .0, Instructions: 9COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FC4190() {

				if(E00FB7D50() != 0) {
					return  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x14));
				} else {
					return  *0x7ffe02d0;
				}
			}



                                    0x00fc4197
                                    0x0100641c
                                    0x00fc419d
                                    0x00fc41a2
                                    0x00fc41a2

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                    • Instruction ID: fa7595411dd17de1aab1c3087503f3910847de44ca787a34b1dfc1d63ef1f5a4
                                    • Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                    • Instruction Fuzzy Hash: D6C04C357116408FDF16DB2AC684F5537E5BB44744F1508D0E805CB722DA24E850DA10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FB7D50 Relevance: .0, Instructions: 7COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FB7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                    0x00fb7d56
                                    0x00fb7d5b
                                    0x00fb7d60
                                    0x00fb7d5d
                                    0x00fb7d5d
                                    0x00fb7d5d

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                    • Instruction ID: e4003ec0d9a515ac027c35004e7d53f5ed488322192ea694c1a6c7bd46c0e101
                                    • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                    • Instruction Fuzzy Hash: E7B09234301A408FCF16EF19C080B5533E4BB88B80B8400D4E800CBA20D229E8009900
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC2ACB Relevance: .0, Instructions: 5COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00FC2ACB() {
				void* _t5;

				return E00FAEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                    0x00fc2adc

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                    • Instruction ID: 808b71c4e20a5c9a198d713fa99cd6740b4f6b0cac82ddb07190df27be69732c
                                    • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                    • Instruction Fuzzy Hash: 33B01232C11440CFCF02EF40CA20B197331FB40790F054490A00127931C22CAC11DB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD98A0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c0ba54019297adce92f91f3c04025fef1314b313c1e1aefbba5ccd503a5858ec
                                    • Instruction ID: b0018dbf9c7526eab62b6802b14ff3f789219ea1ba13b22d7d851faa7c950095
                                    • Opcode Fuzzy Hash: c0ba54019297adce92f91f3c04025fef1314b313c1e1aefbba5ccd503a5858ec
                                    • Instruction Fuzzy Hash: 9290026130104402D202615E48146161009D7D13C5FA1C022E5415595E86658953F172
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FDB040 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a4618ab7658c02114eaa01082b1e1091edff144d01566f7e41b010e71121e952
                                    • Instruction ID: 6f938144464ab62ae4b0d05646d1188c0570edbc47c5b0f294c9c84fec66db8b
                                    • Opcode Fuzzy Hash: a4618ab7658c02114eaa01082b1e1091edff144d01566f7e41b010e71121e952
                                    • Instruction Fuzzy Hash: EE9002A1601180434640B15E4C044166015A7E13813A1C131A44455A0D86A88855F2A5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9820 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 04fb8c36523aa5e1bd48464bfc0ed6cb0a85ff2ae19dc3a67d7174090c8cbb06
                                    • Instruction ID: cc66b6bf056c0f4e0b4cf42eb2ff064c46169b123f027fc6907aa6e36769d020
                                    • Opcode Fuzzy Hash: 04fb8c36523aa5e1bd48464bfc0ed6cb0a85ff2ae19dc3a67d7174090c8cbb06
                                    • Instruction Fuzzy Hash: 9890027124104402D241715E48046161009A7D03C1FA1C022A4415594F86958A56FAA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD99D0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a7da9b7ef74130435db284b6ecbf72fae1def7d417ecc43cafd7c92ba7a068df
                                    • Instruction ID: 73ba1398c9cd7c2a5ae0f4bce189700375f590b83b02703a8fef7583d960e917
                                    • Opcode Fuzzy Hash: a7da9b7ef74130435db284b6ecbf72fae1def7d417ecc43cafd7c92ba7a068df
                                    • Instruction Fuzzy Hash: 1E9002A121104042D204615E4804716104597E1381F61C022A6145594DC5698C61B165
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9950 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5c15632574cac575da3240e8febb420f6546efb9afe37acf4660c280fa7c403c
                                    • Instruction ID: 6df967a179d79780f24f056b209f99ffc31f3d9717d0fa800bdfe4c40e28a533
                                    • Opcode Fuzzy Hash: 5c15632574cac575da3240e8febb420f6546efb9afe37acf4660c280fa7c403c
                                    • Instruction Fuzzy Hash: C09002A120144403D240655E4C04617100597D0382F61C021A6055595F8A698C51B175
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9A80 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 120947fe6e1daf2f747f22339542a4db4102b70ca359162adbe5a50ff3a9aaa3
                                    • Instruction ID: d025ad58c6c64170eb9a9c947ac569d2994265e470e94ea98ad35124a9750b58
                                    • Opcode Fuzzy Hash: 120947fe6e1daf2f747f22339542a4db4102b70ca359162adbe5a50ff3a9aaa3
                                    • Instruction Fuzzy Hash: CD90026120148442D240625E4C04B1F510597E1382FA1C029A8147594DC9558855B761
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9A10 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: abfde7900737ab345b6d602aebbd30fb30cdf7309758cc6789cdae6bf63a911d
                                    • Instruction ID: 1091f24d2cbb30c2acf14c5e08bda5f55edb02fdd4e687ddae46d2c7980609d9
                                    • Opcode Fuzzy Hash: abfde7900737ab345b6d602aebbd30fb30cdf7309758cc6789cdae6bf63a911d
                                    • Instruction Fuzzy Hash: 3E90027120144402D200615E4C08757100597D0382F61C021A9155595F86A5C891B571
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FDA3B0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4bc31778156b9d15b84711a2c6976727e4b84ea4cbc49b248b27d9d3adf029a0
                                    • Instruction ID: c86f5f00926aec48440a4c40d32923fa8b2093ce70f9be3b17ff773a2960cb2d
                                    • Opcode Fuzzy Hash: 4bc31778156b9d15b84711a2c6976727e4b84ea4cbc49b248b27d9d3adf029a0
                                    • Instruction Fuzzy Hash: 3C90027120148002D240715E884461B6005A7E0381F61C421E4416594D86558856F261
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9B00 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 840badb2260af3d444c6eb5fb78ce57e248141f450a3dff689be3c0ef643d094
                                    • Instruction ID: 48ed1e6efccd5956d7bc57113682dfcb36122d87ab45678e869555a612c03271
                                    • Opcode Fuzzy Hash: 840badb2260af3d444c6eb5fb78ce57e248141f450a3dff689be3c0ef643d094
                                    • Instruction Fuzzy Hash: C790026124104802D240715E88147171006D7D0781F61C021A4015594E86568965B6F1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD95F0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f0c0caaba1bc2f2c99f8f320b96e783a655c3ad41ac5645cda3392d3cd4e5f55
                                    • Instruction ID: 64d8b434054cde0fb61235965e6ecd9c4ebe0c3faab9adfcfc783567a2993036
                                    • Opcode Fuzzy Hash: f0c0caaba1bc2f2c99f8f320b96e783a655c3ad41ac5645cda3392d3cd4e5f55
                                    • Instruction Fuzzy Hash: E790027120104802D204615E4C04696100597D0381F61C021AA015695F96A58891B171
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9560 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: db74798db491a334b71460439be839b84beba30e1739cb52c314c6b6339be4ed
                                    • Instruction ID: 8527bbe540bf0f354e0e3e086120983079ed9ebd40ed222baeb92b9a1e3e9a91
                                    • Opcode Fuzzy Hash: db74798db491a334b71460439be839b84beba30e1739cb52c314c6b6339be4ed
                                    • Instruction Fuzzy Hash: 58900265221040020245A55E0A0451B1445A7D63D13A1C025F54075D0DC6618865B361
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FDAD30 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 758999bdccd09bbba76c43509c11e10adf4372200e0ed0221096b2d1d05a315b
                                    • Instruction ID: 9ec1395f3c548ae19a4769386baa613bf5808d0335a4099c367aad3b14b754d7
                                    • Opcode Fuzzy Hash: 758999bdccd09bbba76c43509c11e10adf4372200e0ed0221096b2d1d05a315b
                                    • Instruction Fuzzy Hash: ED900271A05040129240715E4C146565006A7E07C1B65C021A4505594D89948A55B3E1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 11e55536ab958eac99067204dcde247c14e4572239aa315daba21b1620ad6d32
                                    • Instruction ID: c9122ecdeceaa1f4b57803a9d0a8a19cdf36d306d6dc3ec15a3f6b11a17985de
                                    • Opcode Fuzzy Hash: 11e55536ab958eac99067204dcde247c14e4572239aa315daba21b1620ad6d32
                                    • Instruction Fuzzy Hash: 479002E1201180924600A25E8804B1A550597E0381B61C026E50455A0DC5658851F175
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD96D0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 06efa1e9f50ccd4045c9b1c8a5e1a87484bc2fe06f7136aa6528b3daaba13af8
                                    • Instruction ID: 465bd378f2063505909f17b97e5406b986cc59514ad131a404557c1c99e1ebf7
                                    • Opcode Fuzzy Hash: 06efa1e9f50ccd4045c9b1c8a5e1a87484bc2fe06f7136aa6528b3daaba13af8
                                    • Instruction Fuzzy Hash: 4090027120104842D200615E4804B56100597E0381F61C026A4115694E8655C851B561
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9650 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e57e7e43c1c86eba5a9b06bfe7159147f5eb9ae6ec46349c1becb345e0a93923
                                    • Instruction ID: f283c6beb5e8dbaae0545cc03b66cc9e9d380ff814ca50ad9cdb2f5dd845c01e
                                    • Opcode Fuzzy Hash: e57e7e43c1c86eba5a9b06bfe7159147f5eb9ae6ec46349c1becb345e0a93923
                                    • Instruction Fuzzy Hash: 4990027120508842D240715E4804A56101597D0385F61C021A40556D4E96658D55F6A1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9610 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ba62fe552d0dd6882dc311f3dd4f5e89a62f80a0f9d4149974ed48fd892be486
                                    • Instruction ID: 8cb5c6e2adb0441dc61d3f14b1b8acf079db80628f2df1960ed371693407baa8
                                    • Opcode Fuzzy Hash: ba62fe552d0dd6882dc311f3dd4f5e89a62f80a0f9d4149974ed48fd892be486
                                    • Instruction Fuzzy Hash: 3C90027160504802D250715E4814756100597D0381F61C021A4015694E87958A55B6E1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9FE0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a40c0beeafd4b02a3e79497b3bcf718f5530d310a2037d916666a6f94983bd50
                                    • Instruction ID: 4cd42d21580cf2747f90f1fa05eebf82d8970535b3af33ab919bf948ba5f299b
                                    • Opcode Fuzzy Hash: a40c0beeafd4b02a3e79497b3bcf718f5530d310a2037d916666a6f94983bd50
                                    • Instruction Fuzzy Hash: 7690027131118402D210615E8804716100597D1381F61C421A4815598E86D58891B162
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FDA770 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8c28baed136f09d9ff9c3f6614e83a5940a1ab3a8a1eec946519cf455f2925df
                                    • Instruction ID: 11871170bb96b184170dd059e60bf9a6087f1871e837265c43c3c5705196fd03
                                    • Opcode Fuzzy Hash: 8c28baed136f09d9ff9c3f6614e83a5940a1ab3a8a1eec946519cf455f2925df
                                    • Instruction Fuzzy Hash: 7E90027520508442D600655E5C04A97100597D0385F61D421A44155DCE86948861F161
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9770 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d14592ce43bd345b4159360b28e6794ef58f8bf3f90a5fabbdc33c569f8de7df
                                    • Instruction ID: 80790dc660a4873cf888c17bffb348ab8be2d84f2c9275d0837d88023ec5240d
                                    • Opcode Fuzzy Hash: d14592ce43bd345b4159360b28e6794ef58f8bf3f90a5fabbdc33c569f8de7df
                                    • Instruction Fuzzy Hash: FB90026120508442D200655E5808A16100597D0385F61D021A50555D5EC6758851F171
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9760 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 16ee6be0f20989c19ec5caafcdf29b357f9517972ec713e3406e5b6d2e76bd60
                                    • Instruction ID: 3c4df0fc8cf08fb13feb223d6e7034753de5e828ec827680461ef9dc98d83a24
                                    • Opcode Fuzzy Hash: 16ee6be0f20989c19ec5caafcdf29b357f9517972ec713e3406e5b6d2e76bd60
                                    • Instruction Fuzzy Hash: 0090027120104403D200615E5908717100597D0381F61D421A4415598ED6968851B161
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9730 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3cd6022304562c3b3d647d0379dde2d7c8960429ff32f002a087ef54f99f9ae9
                                    • Instruction ID: daf6aa83b65a8180f869c2c761e36cf602de75e7fc3a179a1804ef52f6c55f6b
                                    • Opcode Fuzzy Hash: 3cd6022304562c3b3d647d0379dde2d7c8960429ff32f002a087ef54f99f9ae9
                                    • Instruction Fuzzy Hash: 7F90026160504402D240715E5818716101597D0381F61D021A4015594EC6998A55B6E1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FDA710 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7eb4fb16277c2a75d7872d9147737da21d6bf908a7c0377a838c273058708db9
                                    • Instruction ID: cca14f24623a0f236cfcc20f317bac619daf3b18443b379f5f9e12b98e6e460a
                                    • Opcode Fuzzy Hash: 7eb4fb16277c2a75d7872d9147737da21d6bf908a7c0377a838c273058708db9
                                    • Instruction Fuzzy Hash: D3900271301040529600A69E5C04A5A510597F0381B61D025A8005594D85948861B161
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FD9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                    • Instruction ID: ac980fb31183e4a53c5270d982c014187cd888e94050f86a7b2428e3786c95bb
                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                    • Instruction Fuzzy Hash:
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00FC645B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 26%
                                    			E00FC645B(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x108d360 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E00FDFA60( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							E00FB2280(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E00FAFFB0(_t72, _t82, _t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x108b1e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E00FDB640(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                                    0x00fc645b
                                    0x00fc6463
                                    0x00fc646d
                                    0x00fc6475
                                    0x00fc647a
                                    0x00fc647e
                                    0x00fc6480
                                    0x00fc648c
                                    0x00fc6490
                                    0x00fc6495
                                    0x00fc6498
                                    0x00fc649b
                                    0x00fc649f
                                    0x00fc64a1
                                    0x01007c07
                                    0x01007c09
                                    0x01007c0c
                                    0x00000000
                                    0x00fc64a7
                                    0x00fc64a7
                                    0x00fc64aa
                                    0x01007bf7
                                    0x01007c00
                                    0x00000000
                                    0x01007bf9
                                    0x01007bf9
                                    0x01007bf9
                                    0x00fc64b0
                                    0x00fc64b0
                                    0x00fc64b2
                                    0x00fc64b2
                                    0x00fc64b3
                                    0x00fc64ba
                                    0x00fc6553
                                    0x00fc655e
                                    0x00fc6566
                                    0x00fc656c
                                    0x00fc6575
                                    0x00fc657f
                                    0x00fc6585
                                    0x00fc6588
                                    0x00fc6588
                                    0x00fc64c7
                                    0x00fc64cb
                                    0x00fc64ce
                                    0x00fc64d3
                                    0x00fc64da
                                    0x00fc64e5
                                    0x00fc64ed
                                    0x00fc64f1
                                    0x00fc64f5
                                    0x00fc64f6
                                    0x00fc64fa
                                    0x00fc6502
                                    0x00fc6503
                                    0x00fc6504
                                    0x00fc6507
                                    0x00fc651a
                                    0x00fc6524
                                    0x00fc6524
                                    0x00fc6526
                                    0x00fc6526
                                    0x00fc64aa
                                    0x00fc652c
                                    0x00fc652d
                                    0x00fc652e
                                    0x00fc6539

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: DebugPrintTimes
                                    • String ID: 0$0
                                    • API String ID: 3446177414-203156872
                                    • Opcode ID: b828ec0cd0281b35a093f83816254b481b874eaf655219609f8b531cd7c986be
                                    • Instruction ID: 5a8b7368cf608b3ec5ad88c8f8e02234a9859f930d01a28a4302e370461defd5
                                    • Opcode Fuzzy Hash: b828ec0cd0281b35a093f83816254b481b874eaf655219609f8b531cd7c986be
                                    • Instruction Fuzzy Hash: 77416DB26087069FC311CF28C945A1ABBE4BB89714F144A6EF588DB341D735EA05DB86
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0102FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 53%
                                    			E0102FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00FDCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01025720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01025720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                    0x0102fdda
                                    0x0102fde2
                                    0x0102fde5
                                    0x0102fdec
                                    0x0102fdfa
                                    0x0102fdff
                                    0x0102fe0a
                                    0x0102fe0f
                                    0x0102fe17
                                    0x0102fe1e
                                    0x0102fe19
                                    0x0102fe19
                                    0x0102fe19
                                    0x0102fe20
                                    0x0102fe21
                                    0x0102fe22
                                    0x0102fe25
                                    0x0102fe40

                                    APIs
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0102FDFA
                                    Strings
                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0102FE01
                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0102FE2B
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.366873765.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: true
                                    • Associated: 00000005.00000002.368333542.000000000108B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    • Associated: 00000005.00000002.368365601.000000000108F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_f70000_o3pLoLD7cc.jbxd
                                    Similarity
                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                    • API String ID: 885266447-3903918235
                                    • Opcode ID: db07d6823972b71e6c73c1ab46911521d1ea3be26bb0dfdf05cc822aacb1d442
                                    • Instruction ID: ec28df64b135a19fbe35767731e5eac3a58f28f663f31db1a97ebadbd7f3aba8
                                    • Opcode Fuzzy Hash: db07d6823972b71e6c73c1ab46911521d1ea3be26bb0dfdf05cc822aacb1d442
                                    • Instruction Fuzzy Hash: 30F0F672240212BFEA212A45DC02FB3BF6AEB44B70F140315FA68561D1DA62FC20A7F5
                                    Uniqueness

                                    Uniqueness Score: -1.00%